Protecting your data and community trust
This policy explains the personal information Derbaba collects, how we use it to run the marketplace, and the rights you have over your data.
Information we collect
We collect only the details needed to run the marketplace and connect buyers with sellers. Required data varies depending on whether you are browsing, registering, or publishing a listing.
Name, email address, password, WhatsApp number, and optional Telegram handle for seller contact. Sellers may also provide city, country, biography, specialties, and product imagery.
Product titles, descriptions, pricing, category, sizing, shipping regions, and images uploaded for display on Derbaba.com.
We process the $5 listing fee through Stripe. Stripe stores your payment method details and shares limited payment status information with us.
Basic analytics (pages viewed, referrers, device type) collected by Vercel to monitor site reliability. We do not run advertising trackers.
Session cookies keep you signed in. Optional cookies remember marketplace filters. You may clear cookies in your browser and continue to browse anonymously.
How we use your information
We use personal data to operate the marketplace, communicate with you, and comply with the law. We do not sell personal information.
Display listings, connect buyers and sellers, manage seller payouts, and keep your account secure with Better Auth.
Send transactional emails via Resend about listing status, account access, and security alerts. You can opt out of non-essential messages.
Process listing fees with Stripe and reconcile those charges in our Neon Postgres database.
Maintain records required under Canadian law (PIPEDA) and respond to lawful data requests from regulators.
Third-party services
We rely on trusted providers to run Derbaba. Each service only receives the data needed to perform its role.
Processes listing fee payments and stores payment method information. Stripe may collect additional verification information in accordance with its own privacy policy.
Delivers transactional and support emails on our behalf.
Hosts Derbaba.com infrastructure, collects server logs, and provides performance analytics.
Hosts our Postgres database where account, listing, and seller records are stored securely.
Your rights
We comply with PIPEDA and core GDPR principles for diaspora users residing in the EU or UK. You retain control over your personal information.
View and update your account details at any time from the account dashboard. Contact us if you need help editing seller information or listings.
Request an export of your personal data, including listings and conversations facilitated through Derbaba.
Email privacy@derbaba.com with the subject “Data deletion” and the email address linked to your account. We will confirm identity, remove active listings, and delete your account within 30 days unless retention is legally required.
You can disable marketing emails at any time and may close your account if you no longer wish to participate in the marketplace.
Data retention and security
We keep seller and transaction records only as long as necessary to support marketplace operations and legal obligations. Access to production systems is restricted to authorized Derbaba staff.
Listing data is retained for audit purposes up to 24 months after it expires or is removed. Payment records follow Stripe’s retention schedule.
All traffic is encrypted via HTTPS. We use role-based access controls, secure development practices, and regular backups of the Neon database.
Questions?
Reach the Derbaba privacy team at privacy@derbaba.com. We typically respond within two business days.