PullRate
Sign inGet started

Privacy Policy

Effective date: April 23, 2026

This Privacy Policy explains how PullRate (“we,” “us,” or “our”) collects, uses, and protects information about you when you use our platform. We take your privacy seriously and are committed to being transparent about our data practices.

1. Information We Collect

Information you provide directly

  • Account information: Email address, display name, and password when you register.
  • Seller information: For sellers, we collect additional information required by Stripe for payment processing, which may include your legal name, date of birth, address, bank account details, and government ID. This information is collected and stored directly by Stripe — we do not store it ourselves.
  • Listing content: Photos, descriptions, and pricing information you upload when creating listings.
  • Shipping information: Name and mailing address when you make a purchase.
  • Communications: Messages you send to us through support channels, and content of disputes you open.

Information collected automatically

  • Log data: IP address, browser type, operating system, referring URLs, and pages visited.
  • Device information: Device type and identifiers.
  • Usage data: How you interact with the platform — listings viewed, searches performed, and actions taken.
  • Cookies and similar technologies: We use cookies for authentication (keeping you logged in) and for CSRF protection. We do not use third-party advertising cookies.

Information from third parties

  • Stripe: We receive confirmation of payment status and payout eligibility from Stripe. We do not receive or store your full card number or bank account details.
  • Google OAuth: If you choose to sign in with Google, we receive your email address and name from Google.

2. How We Use Your Information

We use the information we collect to:

  • Create and manage your account
  • Process transactions between buyers and sellers
  • Provide buyer and seller support
  • Resolve disputes between buyers and sellers
  • Detect and prevent fraud, abuse, and violations of our Terms of Service
  • Send transactional emails (order confirmations, shipping updates, dispute notices)
  • Communicate platform updates and policy changes
  • Improve the platform based on usage patterns
  • Comply with legal obligations

We do not sell your personal information to third parties. We do not use your information for advertising on other platforms.

3. How We Share Your Information

We share your information only in the following circumstances:

  • With sellers: When you make a purchase, your shipping name and address are shared with the seller so they can ship your order. Your email address is not shared with sellers.
  • With buyers: When a buyer purchases your listing, we share their shipping address with you. We do not share buyer email addresses with sellers.
  • With Stripe: Payment processing requires sharing necessary transaction data with Stripe. Stripe's privacy practices are governed by their own Privacy Policy.
  • With Supabase: Your data is stored in Supabase's cloud infrastructure, hosted in the United States. Supabase's privacy practices are governed by their Privacy Policy.
  • Legal requirements: We may disclose your information when required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers: If we are acquired or merge with another company, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

4. Data Retention

We retain your account information for as long as your account is active. If you close your account, we will delete or anonymise your personal information within 90 days, except where we are required to retain it for legal or compliance purposes (such as transaction records for tax purposes, which we retain for 7 years).

Listing photos stored in Supabase Storage are deleted when a listing is removed or when you delete your account.

5. Data Security

We implement reasonable technical and organisational measures to protect your personal information, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of data at rest in our database
  • Row-level security policies limiting data access
  • CSRF protection on all state-changing requests
  • Rate limiting to prevent brute force attacks
  • Access controls limiting which staff can access user data

No method of transmission over the internet is 100% secure. While we work to protect your information, we cannot guarantee absolute security.

6. Cookies

We use the following cookies:

  • Authentication cookies: Required to keep you logged in. These are set by Supabase and are strictly necessary for the platform to function.
  • CSRF protection cookie: A security token to protect against cross-site request forgery attacks. Strictly necessary.
  • Theme preference: Stores your light/dark mode preference in localStorage. Not a cookie — stored locally on your device only.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. Because our cookies are strictly necessary for the platform to function, we do not require a cookie consent banner under most cookie laws — however, this may vary by jurisdiction.

7. Your Rights

Depending on where you live, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate information about you.
  • Deletion: Request that we delete your personal information. Note that we may need to retain certain information for legal purposes.
  • Portability: Request your data in a portable format.
  • Objection: Object to certain processing of your information.

To exercise any of these rights, contact us at support@pullrate.gg. We will respond within 30 days.

8. Children's Privacy

PullRate is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a minor, please contact us and we will delete it promptly.

9. International Users

PullRate is operated in the United States. If you are accessing the platform from outside the United States, your information will be transferred to and processed in the United States. By using the platform, you consent to this transfer.

For users in the European Economic Area (EEA) or United Kingdom, our legal basis for processing your personal data is:

  • Contract performance: Processing necessary to fulfill your purchases or sales.
  • Legitimate interests: Fraud prevention, platform security, and improving our services.
  • Legal obligation: Where we are required to retain data by law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice on the platform at least 14 days before the changes take effect. The date at the top of this page shows when the policy was last updated.

11. Contact

Questions, concerns, or requests regarding this Privacy Policy should be sent to: support@pullrate.gg