Privacy Policy

Last updated: March 14, 2026

This policy explains how Downtown+ collects, uses, and protects your personal information. Use of the platform is subject to our Terms of Service.

1. Information We Collect

Account Information

When you create an account, we collect your email address and name. You can sign up with email and password or through Google OAuth, both handled by Supabase Auth.

Profile Information

If you create a business or individual profile, you provide details such as your business name, description, address, phone number, hours of operation, and photos. This information is user-provided and displayed publicly on your profile page.

Transaction Data

When you make purchases or sell products through the marketplace, we process order details, payment amounts, and shipping information. Payment processing is handled by Stripe — we do not store your credit card numbers.

Usage Data

We collect standard analytics data including page views, interactions with the platform, and general usage patterns. This helps us understand how the platform is used and where we can improve.

Device & Browser Information

Like most web applications, we automatically collect standard technical information such as browser type, operating system, and screen resolution through standard web analytics.

2. How We Use Your Information

We use the information we collect to:

  • Provide the platform — Display profiles, events, deals, news, and marketplace listings in your downtown community
  • Process transactions — Handle Stripe payments, vendor payouts, shipping label purchases, and commission calculations
  • Send notifications — Order updates, refund status changes, shipping confirmations, and account-related messages sent via Resend
  • Improve the platform — Analyze anonymous usage data to identify issues and improve features
  • Communicate with you — Respond to support requests, send account-related emails, and notify you of important platform changes

3. Information Sharing

We share your information only when necessary to provide the service:

Vendors

When you place an order for a physical product, the vendor receives your shipping name and address to fulfill the order. Vendors do not receive your email address or payment details.

Stripe

Payment processing is handled by Stripe. When you make a purchase or set up a vendor account, Stripe collects and processes payment information under their own privacy policy.

Shipping Carriers

For physical orders, your shipping address is shared with the selected carrier (USPS, UPS, or FedEx) for label generation and package tracking.

Resend

We use Resend for email delivery. Your email address and name are shared with Resend to send transactional emails (order confirmations, shipping updates, etc.) under their privacy policy.

What We Do Not Do

  • We do not sell your personal data to anyone
  • We do not share your data with advertisers
  • We do not use your data for targeted advertising

4. Data Storage & Security

  • Database — Your data is stored in a PostgreSQL database hosted on Supabase, protected by Row Level Security (RLS) policies that restrict data access based on user roles
  • File storage — Profile images are stored in public Supabase Storage buckets. Digital products are stored in private buckets accessible only to purchasers
  • Authentication — Passwords are hashed using bcrypt via Supabase Auth. Sessions use secure JWT tokens
  • Transport — All data is transmitted over HTTPS

5. Your Rights

You have the right to:

  • Access your data — Your profile information, orders, and submissions are visible in your dashboard
  • Update your information — Edit your profiles, account settings, and preferences at any time
  • Delete your account — Contact support to request account deletion. We will remove your personal data, though some transaction records may be retained as required by law
  • Opt out of non-essential emails — Manage notification preferences in your account settings. Note that transactional emails (order confirmations, security alerts) cannot be opted out of

6. Cookies & Local Storage

  • Authentication tokens — Supabase Auth stores session tokens in cookies to keep you signed in
  • Cart state — Your shopping cart contents are stored in local storage so they persist between visits
  • No third-party tracking cookies — We do not use cookies from advertising networks or third-party trackers

7. Third-Party Services

Downtown+ integrates with the following third-party services, each with their own privacy policies:

  • Stripe — Payment processing, vendor payouts, subscription billing
  • Supabase — Database hosting, authentication, file storage
  • Resend — Transactional email delivery
  • Vercel — Application hosting and deployment
  • OpenAI — AI-powered features (content suggestions)

8. Children's Privacy

Downtown+ is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete it promptly.

Business accounts and vendor features require users to be at least 18 years old.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the platform or by email. Your continued use of Downtown+ after changes are posted constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy or how we handle your data, contact us at privacy@downtown.plus.

This Privacy Policy was last updated on March 14, 2026