Privacy Policy

Bazaario ("we," "us," or "our") operates the marketplace platform at bazaario.app. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including our website, mobile experience, and related services (collectively, the "Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree, please do not use the Service.

We collect the following types of information:

• Account information: Name, email address, password (hashed), role selection (consumer, vendor, or organizer), and zip code when you create an account.
• Profile information: Business name, description, category, phone number, address, logo, banner images, and social media links for vendors and organizers.
• Payment information: Payment details are collected and processed by Stripe. We do not store your full credit card number, bank account number, or other sensitive financial information on our servers.
• Location information: Zip code (provided during signup), IP-based geolocation (to verify eligibility for our DC/Maryland/Virginia service area), and venue addresses for events.
• Usage data: Pages visited, features used, browser type, device information, and interaction patterns to improve the Service.
• Messages: Content of messages exchanged between users through the platform's messaging system.
• Uploaded content: Images, documents, and other files you upload to the platform (such as vendor logos, event photos, and application materials).

We use your information to:

• Provide, operate, and maintain the Service
• Process transactions and send related information (confirmations, receipts, tickets)
• Facilitate communication between consumers, vendors, and event organizers
• Verify your eligibility for the Service (e.g., DMV area residency)
• Send transactional emails (booking updates, event reminders, application status changes)
• Improve and personalize the Service based on usage patterns
• Detect, prevent, and address fraud, abuse, or technical issues
• Comply with legal obligations

We use the following third-party services that may collect or process your data:

• Stripe: Payment processing, vendor/organizer payout management, and identity verification for Stripe Connect accounts. Stripe's privacy policy governs their handling of your payment data.
• Supabase: Database hosting, user authentication, file storage, and real-time features. Data is stored in Supabase-managed PostgreSQL databases.
• Google: OAuth authentication (optional sign-in with Google) and Google Maps for venue/location display.
• Resend: Transactional email delivery (booking confirmations, event updates, account notifications).
• ipapi.co: IP-based geolocation to determine whether you are located in our service area during signup.
• Vercel: Web hosting and serverless function execution.

We use a minimal set of cookies and local storage for essential platform functionality. We do not use advertising or tracking cookies.

• Authentication session: Supabase auth tokens stored in cookies to keep you signed in.
• Active organization: The bazario-active-org cookie stores your currently selected organization for organizer accounts.
• Onboarding state: The bazaario-onboarded cookie tracks whether you have completed the onboarding process.
• Local storage: Temporary form data during onboarding and UI preferences.

We do not sell your personal information to third parties. We share data only in the following circumstances:

• Public profiles: Vendor business profiles and organizer profiles are publicly visible when marked as public. This includes business name, description, category, location, and uploaded images.
• Event participation: When a vendor is approved for an event, their profile information is visible in the event's vendor directory.
• Payment processing: Transaction details are shared with Stripe to process payments and facilitate payouts.
• Legal compliance: We may disclose information if required by law, court order, or government request, or to protect the rights, safety, or property of Bazaario or others.

You have the right to:

• Access: Request a copy of the personal data we hold about you.
• Update: Correct or update your account and profile information at any time through your dashboard.
• Delete: Request deletion of your account and associated data. Some data may be retained as required by law or for legitimate business purposes (e.g., transaction records).
• Data portability: Request your data in a portable format.

To exercise any of these rights, contact us at hello@bazaario.app.

We implement appropriate technical and organizational measures to protect your information:

• All data in transit is encrypted via HTTPS/TLS.
• Database access is controlled through Supabase Row Level Security (RLS) policies, ensuring users can only access data they are authorized to see.
• Supabase encrypts data at rest in their managed PostgreSQL databases.
• Payment data is handled by Stripe, which is PCI DSS Level 1 compliant.
• Passwords are hashed using industry-standard algorithms and are never stored in plain text.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a minor, please contact us at hello@bazaario.app and we will promptly delete the information.

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. For material changes, we will notify you via email or a prominent notice on the Service. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: hello@bazaario.app

Website: bazaario.app