Privacy Policy

The complete list, period:

• Your email address. Required for login (OTP code goes here) and transactional notifications (order updates, message alerts).
• Your store content(if you're a vendor): store name, slug, products, prices, photos, banners, theme settings. So we can render it to customers.
• Your orders: the items, delivery address, contact phone (optional), notes you write at checkout. So the vendor can fulfill them.
• Your messages: conversations between customers, vendors, and platform support.
• Your payout wallet address (vendors): so digital customer payments route to it. Only the public address — we never receive or store private keys.
• Transient server logs: IP address + user-agent for the request you're currently making, for up to 7 days for abuse detection + debugging. Then deleted.

• Government IDs, passports, driver's licenses
• Social Security Numbers, tax IDs
• Real names (unless you choose to add one to an order)
• Date of birth (except an age-gate yes/no for restricted verticals)
• Browsing history beyond your active cart session
• Precise location (we use the ZIP code you enter, nothing more)
• Third-party tracking pixels, advertising cookies, fingerprinting scripts
• Analytics that tie to your identity
• Cross-site profiles, retargeting lists, lookalike audiences

Strictly to operate the platform — render your store, route your orders, deliver your messages, charge your subscription (vendors only).

We never:

• Sell your data to anyone, for any reason
• Share it commercially with brokers, networks, or marketers
• Use it to advertise to you
• Build behavioral profiles or train AI on it

Operating a platform requires a few service providers. Here is exactly who and exactly what they see:

• Supabase (database + auth provider) — sees everything stored in our database. We plan to migrate to a self-hosted Postgres on our own infrastructure before public launch.
• Resend (transactional email) — sees the email addresses we send to and the contents of those emails (order confirmations, message notifications). Resend does not retain or process the data for any other purpose.
• Our payment processor— sees the transaction amount and the destination wallet address for the digital payments you authorize. They do not see your store's other data.
• OpenStreetMap Nominatim (geocoding) — sees the ZIP codes we look up to estimate delivery distance. No account, no identifier.
• Our hosting provider (FlokiNET, post-launch) — physically hosts the server. They do not have application access to your data.

That is the complete list. We do not run third-party analytics, tracking pixels, advertising networks, or identity-graph profilers.

• Active accounts: for as long as you keep using the platform.
• Deleted accounts:scrubbed within 30 days of your deletion request. Orders that name you are anonymized (your customer record removed, the order line items kept for the vendor's books).
• Server logs: 7 days, then automatically deleted.

From your portal Settings (vendors) or account page (customers) you can:

• Download a full copy of your store, customers, and orders from your portal Settings → Download everything. Vendors get CSV exports of products, customers, and orders; customers get their order history. (For full deletion / right to erasure, see below.)
• Delete your account by clicking the DELETE ACCOUNT button. Disables your store and locks the account. Historical records are retained for legal, accounting, and audit purposes; personal data is not exposed once the account is disabled.
• Correct something wrong in your profile directly from your account page.

Right to erasure (full deletion). Privacy laws in some jurisdictions (GDPR, CCPA, others) give you the right to require us to fully erase your data, not just disable the account. Email support@plug.delivery from the address on file. We honor within 30 days, retaining only what is required by law.

• All data encrypted in transit (HTTPS/TLS).
• All data encrypted at rest (Postgres encryption).
• Wallet addresses stored only as public strings — private keys never reach our servers (they live in your wallet software).
• Service-role database access restricted to our application servers; no human reads your data routinely.
• Self-hosted, no US-based cloud-provider dependencies post-launch.

We have not received any government data requests to date. If we do receive one we will:

• Notify the affected user(s) unless legally gagged.
• Provide only the specific data the order legally compels — never broader access, never bulk.
• Publish an annual transparency report of requests received, requests complied with, and requests refused.

plug.delivery sets only strictly-necessary cookies and a few browser-local preferences. No tracking pixels, no third-party analytics, no advertising cookies, no fingerprinting.Here's the full list:

You can clear all of these any time from your browser settings. The site keeps working — you'll just be signed out, lose your cart, and re-see the various banners.

Material privacy changes bump the version number (currently v2026-05-26) and trigger a re-acceptance prompt at next login.