Privacy Policy

We collect only what is necessary to operate the platform:

• Identifier: A one-way HMAC of your email address. We never store your email in plaintext.
• Nickname: A random alias assigned at registration. You may display this publicly.
• Encrypted key blob: Your private key, encrypted with your password, stored as an opaque binary blob. We cannot decrypt it.
• Listings: Content you post, including title, description, images, and payment preferences.
• Messages: Encrypted with your keypair. The server stores ciphertext only and cannot read the contents.
• Reputation data: Trade counts and aggregated ratings.

• Your real name or government-issued ID
• Your postal or physical address
• Your payment card or bank details
• Persistent IP address logs or device fingerprints
• Third-party tracking cookies or analytics beacons

Your data is used solely to:

• Authenticate you and maintain your session
• Display your listings to other users
• Deliver encrypted messages between participants
• Calculate and display reputation scores
• Respond to your support requests

We do not sell your data. We do not use it for advertising. We do not share it with third parties except as required by law.

We retain your account data for as long as your account is active. Listings, messages, and trade records are deleted when you delete them or close your account. Reputation aggregates may persist in anonymised form.

Messages are end-to-end encrypted using asymmetric keys that never leave your device in plaintext. Images are stripped of EXIF metadata before storage. Passwords are hashed with Argon2id. Access tokens expire after one hour.

We use a single session cookie for authentication. No tracking, advertising, or analytics cookies are set.

You may request at any time:

• A copy of all data we hold about you
• Deletion of your account and associated data
• Correction of incorrect account information

To exercise these rights, delete your account from the settings page or contact us via the GitHub issue tracker.

We may update this policy. When we do, we will update the "Last updated" date at the top. Continued use of Bartr after changes constitutes acceptance of the updated policy.

Questions about this policy can be raised on our public GitHub repository. We do not provide a private email address to reduce spam and maintain transparency.