Privacy Policy

This Privacy Policy describes what personal information FraxNet P2P collects when you use the service, how we use it, who we share it with, and the rights you have over it.

We collect the minimum information needed to run a P2P marketplace. We do not sell your personal data to anyone, for any purpose.

When you sign in with Google, we receive:

• Your email address
• Your Google display name
• Your Google profile picture URL (optional)

When you use the marketplace, we store:

• Profile information (handle, display name, bio)
• Configured payment methods, including the fields you enter (bank name, account number, IBAN, UPI ID, etc.)
• Ads you post, orders you open, and messages you send in chat
• Ratings you give and receive, and your resulting trust score
• Technical data: IP address, user agent, timestamps

We use your information to:

• Operate the marketplace — match counterparties, reveal payment details to the other party in an order, compute reputation
• Prevent fraud and abuse — flag off-platform contact attempts, rate-limit suspicious activity, investigate disputes
• Measure product usage in aggregate via PostHog (see “Third parties” below)
• Comply with applicable laws and respond to lawful requests

Your handle, display name, bio, verification tier, trust score, trade count, and completion rate are public — any visitor can see them on your merchant profile.

Your payment method details (bank numbers, IBANs, phone numbers for GCash/UPI, etc.) are private by default. They become visible to the counterparty only inside an active order, and only for the specific payment method attached to that order.

Your order history and chat messages are visible only to the two parties to the order and, in the event of a dispute, to FraxNet P2P administrators.

FraxNet P2P uses a small number of vendors:

• Supabase — hosts our database and authentication. All user data is stored here.
• Google — OAuth identity provider. Google receives the fact that you signed in to FraxNet P2P, but we do not share your trading activity with Google.
• PostHog — product analytics. We send PostHog an identifier and the events you trigger in the app so we can understand how the product is used. You can opt out via your browser settings.
• Vercel — hosts the application. Vercel receives standard request logs (IP, user agent, URL).

We keep your account data for as long as your account is active. Completed orders and their chat history are retained for the longer of: (a) the statutory records-retention period in your jurisdiction, or (b) two years, so that past counterparties can reference the history.

Payment-method details are deleted from our active tables when you archive the method. Audit logs of the fact that a method existed may be retained for up to 90 days for fraud investigation.

You can access, correct, export, or delete your personal data at any time from your profile settings. If you are a resident of the EU, UK, Brazil, or California, you additionally have the right to lodge a complaint with your local data-protection authority.

To exercise any of these rights, email privacy@example.com from the account you want to act on.

We protect your data with industry-standard measures — TLS in transit, row-level security in the database, encrypted backups, rate-limiting on sensitive actions. No system is perfectly secure; if you notice a vulnerability, please report it to security@example.com.

We may update this Privacy Policy from time to time. Material changes will be announced in-app and via the “Last updated” date above.

Drafting note: this is a placeholder policy to unblock deployment. Before accepting real users in any regulated market, have a qualified privacy lawyer review and amend — in particular the data-retention periods, the third-party disclosures, and the jurisdiction-specific rights (GDPR / UK DPA / LGPD / CCPA).