Privacy Policy

Depending on how you use the Service, we may collect the following categories of personal data:

• Account data: email address, name (if provided), password hash (if using email/password), account settings.
• Authentication data: if you sign in with Google, we receive identifiers and basic profile information made available by Google (typically email and profile name/photo, depending on your Google settings and what you authorize).
• Subscription & billing data: subscription status and plan information for buyer subscriptions. Card details are processed by our payment processor (Stripe) and are not stored on our servers.
• Usage data: approximate usage analytics for site performance and product improvement (we use self-hosted Umami). This may include pages viewed, referrers, device/browser info, and timestamps.
• User content & communications: messages exchanged via our chat feature, and information you submit through forms (e.g., listing inquiries or support requests).
• Listing and marketplace data: information you submit in listings or profiles, and related communications.
• Security data: logs related to authentication, fraud prevention, and abuse detection (e.g., IP address, timestamps, device identifiers in logs).

We use personal data to:

• Provide, operate, and maintain the Service (including accounts, marketplace features, and chat).
• Process buyer subscriptions and manage billing status.
• Communicate with you about your account, transactions, support requests, and important service notices.
• Improve the Service, understand usage patterns, and troubleshoot issues.
• Protect the Service and users (fraud prevention, abuse detection, enforcement of our Terms).
• Comply with legal obligations and respond to lawful requests.

If you are in the EEA/UK (and generally for users in France), we process personal data under the following legal bases:

• Contract: to provide the Service and fulfill our agreement with you (e.g., account access, subscription features).
• Legitimate interests: to secure, maintain, and improve the Service; prevent fraud and abuse; and understand product usage (balanced against your rights).
• Consent: where required (for example, certain cookies or optional marketing communications, if used).
• Legal obligation: to comply with applicable laws (e.g., accounting/tax obligations, responding to lawful requests).

We do not sell your personal data. We may share it in the following cases:

• Service providers: vendors that help us operate the Service (e.g., hosting, email delivery, analytics, authentication, customer support tooling).
• Payments: Stripe processes subscription payments. We receive transaction and subscription status information from Stripe.
• Authentication: if you use Google sign-in, Google processes authentication and provides us with the data you authorize.
• Email delivery: we use Resend to send transactional emails (e.g., account and service notifications).
• Analytics: we use self-hosted Umami to measure usage and improve the Service.
• Legal and safety: when required by law, to protect rights and safety, or to prevent fraud/abuse.
• Business changes: if we are involved in a reorganization, sale, or transfer, personal data may be transferred as part of that process (subject to applicable law).

Note: MicroExits does not provide escrow at this time. Payments between buyers and sellers (other than buyer subscriptions) are not handled by us.

We use cookies and similar technologies to operate the Service (for example, to keep you signed in) and to understand usage. Some cookies are strictly necessary for the Service to function.

You can control cookies through your browser settings. Disabling certain cookies may affect site functionality.

We keep personal data only as long as necessary for the purposes described in this Privacy Policy, including to comply with legal obligations, resolve disputes, and enforce agreements.

• Account data: retained while your account is active; if you delete your account, we delete or anonymize data unless we must retain it for legal reasons.
• Chat messages: retained to provide conversation history and for safety/abuse prevention; you can request deletion subject to our legal and safety obligations.
• Billing records: retained as required for accounting and tax compliance.
• Security logs: retained for a limited period to help protect the Service.

Depending on your location, you may have rights including access, rectification, deletion, restriction, objection, and data portability. You may also withdraw consent where processing is based on consent.

To exercise rights, contact us at microexits@protonmail.com. We may ask you to verify your identity.

If you are in the EEA, you also have the right to lodge a complaint with your local data protection authority.