Privacy Policy

Last updated: January 2026 · Effective immediately

This Privacy Policy describes how Patrick Market ("we", "our", "us", or "the Platform") collects, uses, processes, stores, and discloses personal information when you visit, register on, or transact through our online marketplace. We respect your privacy and are committed to protecting personal data through reasonable security measures consistent with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

1. Information We Collect

When you create an account on Patrick Market or interact with our services, we may collect the following categories of personal information:

1.1 Account Information

• Username and chosen display identifier
• Encrypted authentication credentials (we never store passwords in plain text)
• Two-factor authentication settings, if enabled
• Account preferences and configuration choices

1.2 Transaction Data

• Records of orders, escrow deposits, and dispute history
• Communications with vendors and support staff
• Payment confirmations from supported cryptocurrencies (we do not handle credit-card or fiat payments directly)

1.3 Technical Information

• IP address (anonymized after 30 days)
• Browser type, operating system, and device fingerprint signals used solely for fraud prevention
• Approximate geolocation derived from connection metadata
• Pages visited, referrer, and timestamps for analytics and security

2. How We Use Your Information

We process personal data only for the purposes described in this policy:

• Service delivery — to authenticate users, process orders, and facilitate communication between buyers and verified vendors.
• Security & fraud prevention — to detect suspicious activity, prevent unauthorized account access, and protect platform integrity.
• Customer support — to respond to inquiries, resolve disputes, and continuously improve user experience.
• Legal compliance — to comply with applicable laws, court orders, and lawful regulatory requests.
• Service improvement — to analyze aggregated, de-identified usage patterns to enhance marketplace features.

We do not sell, rent, or trade personal information to third parties for their independent marketing purposes.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area, our legal bases for processing personal data include:

• Contractual necessity — to perform services you have requested by registering an account.
• Legitimate interests — including fraud prevention, marketplace security, and dispute resolution, balanced against your rights.
• Consent — where you have explicitly opted in to specific processing activities, such as marketing communications.
• Legal obligation — where we are required by applicable law to retain or disclose specific records.

4. Data Sharing & Third Parties

We share personal information only in the limited circumstances described below:

• Service providers — such as hosting providers, content-delivery networks, and email infrastructure, contractually bound by data-protection obligations equivalent to ours.
• Verified vendors — only the minimum information required to fulfill an order you have placed.
• Legal authorities — when compelled by valid legal process, with prior judicial review where applicable.
• Successor entities — in the event of a corporate restructuring, asset transfer, or merger, with continued protection equivalent to this policy.

We do not engage in cross-context behavioral advertising, and we do not share personal data with advertising networks.

5. Cookies & Similar Technologies

Patrick Market uses session cookies and similar tracking technologies for the following narrow purposes:

• Authentication and session continuity
• Cross-site request forgery (CSRF) protection
• Aggregated, privacy-respecting analytics
• Remembering your locale and accessibility preferences

For complete details, see our Cookie Policy.

6. Data Retention

We retain personal information only for the period necessary to deliver services and meet legal obligations:

• Active accounts — for the duration of your registration plus 90 days following voluntary deletion.
• Transaction records — up to seven years where required by financial-records regulations.
• Server logs — automatically rotated and anonymized after 30 days.
• Communications — retained for 24 months unless required longer for an active dispute.

7. Your Rights

Depending on your jurisdiction, you have the following rights regarding personal information we hold about you:

• Right of access — request a copy of personal data we process about you.
• Right to rectification — correct inaccurate or incomplete information.
• Right to erasure ("right to be forgotten") — request deletion subject to legal retention requirements.
• Right to restrict processing — temporarily limit how we use your data.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interests.
• Right to withdraw consent — where processing is based on consent.
• California rights (CCPA) — including right to know, delete, and opt-out of sale (we do not sell personal information).

Submit any request via the Contact page; we respond within 30 days as required by applicable law.

8. Security Measures

We employ industry-standard organizational and technical safeguards to protect personal data against unauthorized access, alteration, disclosure, or destruction:

• End-to-end TLS 1.2+ encryption for all data in transit
• Encryption at rest for databases containing personal information
• Argon2 / bcrypt password hashing — passwords are never stored in recoverable form
• Strict role-based access controls and audit logging for all administrative operations
• Regular third-party security audits and continuous vulnerability scanning
• Automated intrusion-detection and rate-limiting at edge layer

While no system is impenetrable, we continuously improve protections and notify affected users without undue delay if a personal-data breach occurs.

9. International Data Transfers

Patrick Market operates globally; personal information may be processed in countries other than your country of residence. When transferring data outside the EEA, we rely on appropriate safeguards including Standard Contractual Clauses approved by the European Commission and adequacy decisions where applicable.

10. Children's Privacy

Patrick Market services are intended exclusively for users 18 years of age or older. We do not knowingly collect personal information from children. If we learn we have collected such data, we will delete it promptly. Parents or guardians who believe their child has provided personal information should contact us via the Contact page.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. The updated date appears at the top of this page. Material changes will be notified via on-platform notice at least 30 days before taking effect. Continued use of Patrick Market after changes become effective constitutes acceptance of the revised policy.

12. Contact Us

For privacy questions, data-subject requests, or to report concerns, please reach our team via the Contact page. We aim to respond to all privacy inquiries within seven business days and resolve all formal requests within the legally required timeframe.

For unresolved concerns, you may also lodge a complaint with your local data protection authority.