Privacy Policy

Last updated: 04 May 2026

Your privacy matters to us. This page explains what data Rezi's Marketplace collects, why we collect it, how it is stored, and who can access it.

1. Data we collect (by default)

The moment you visit or sign up, we automatically collect the following information. This is on by default and is required for the site to operate securely.

• Account details: username, email address, hashed password (we never store passwords in plain text).
• Profile data: avatar, badges, role assignments, balance, ratings.
• Connection data: IP address, country (derived from IP), browser, operating system, device fingerprint.
• Discord linkage: if you connect Discord we store your Discord ID and (when granted) the roles you hold on our linked server.
• Payment metadata: the provider used (e.g. Stripe / NowPayments), transaction IDs and amounts. We never store full card numbers; payments are processed by the provider directly.

2. Why we collect it

• To run the service: log you in, deliver auto-delivery payloads, settle escrow, pay out withdrawals.
• To detect fraud, abuse, multi-accounting and brute-force attacks (rate limiting, IP/device checks).
• To resolve disputes between buyers and sellers using a complete activity history.
• To provide aggregate analytics to site staff (visitor counts, top sellers, popular pages).

3. How your data is secured

All data is stored in our own database, fully isolated from the public internet. Passwords are hashed with bcrypt. Sessions use HttpOnly, SameSite cookies. Sensitive endpoints are protected by CSRF tokens, rate limits and (where enabled) 2FA. Your data cannot be accessed by other users or any outside party — only authorised staff with admin access can view it, and every staff lookup is recorded in the audit log.

4. Who can see your data

• You — via your dashboard, order history and wallet pages.
• Site staff with the relevant admin permission — only when needed for moderation, fraud checks, or support, and always recorded in the audit log.
• The other party in a transaction — only sees your username, avatar, public badges and order chat.
• Payment processors — receive only the data needed to process the payment.
• No one else. We do not sell, trade, or rent personal data to advertisers or third parties.

5. Cookies

We set cookies for: keeping you logged in (session), CSRF protection, distinguishing new vs returning visitors (a long-lived rzvid cookie containing a random ID, no personal data), and remembering your preferences. We do not use cookies for advertising.

6. Data retention

Account data is kept while your account is open. Transaction and audit logs are kept for at least 12 months for fraud and tax purposes. Chat messages are retained while the related order is active and for 90 days afterwards. Deleting your account removes your profile, listings, DMs and notifications; we keep anonymised transaction records as required by law.

7. Your rights

You can request a full export of the data we hold about you, ask us to correct anything that's wrong, or ask us to delete your account at any time — open a support ticket from your dashboard.

8. Data Protection

The site is not directed at children . If we learn that we have collected data from a child 13 Or Under we will Automatically Detected and Deleted Swiftly.

9. Changes to this policy

We will announce significant changes via the on-site announcement bar. Continuing to use the site after a change means you accept the updated policy.

10. Contact

Questions about your data? Open a support ticket from your dashboard.