Privacy Policy

Last updated: 2026-05-03

This policy explains what personal data Nellie Shoes collects, why we collect it, and how you can control it.

What we collect

• Account info: email, display name, password (hashed with bcrypt).
• Profile info (sellers): store name, your seller-application responses, and a Stripe Connect account ID. Identity verification is handled by Stripe — we do not store SSN, EIN, or government IDs ourselves.
• Order info: items purchased or sold, prices, shipping address, carrier and tracking number, dispute and refund history.
• Authentication metadata: session cookies (HttpOnly, Secure, SameSite=Lax), login attempts (rate-limiting), IP address per session.
• Communications: we keep email logs for a reasonable retention period to verify deliverability.

What we don't collect

• Credit card numbers — these go directly to Stripe and never touch our servers.
• Cookies for advertising or third-party tracking. We use only essential cookies for login session state. See our cookies note below.

How we use it

• To run your account and process orders;
• To send transactional emails (signup verification, order updates, payouts);
• To prevent fraud and enforce our Terms;
• To meet legal and tax recordkeeping obligations.

Who we share with

• Stripe — for payment processing and seller payouts. Their privacy policy applies separately at stripe.com/privacy.
• Email providers (Resend or Gmail API, depending on configuration) for delivery of transactional email.
• We do not sell your data.

Cookies

We use one essential cookie: session, an opaque server-issued token used to keep you logged in. It is HttpOnly, Secure, and SameSite=Lax. We do not use analytics, advertising, or third-party tracking cookies on Nellie Shoes.

Your rights

You can:

• Export your data at any time from the Account page (downloads a JSON archive of your profile, listings, orders, bids, and reviews).
• Delete your account from the Account page. We retain anonymized order records for tax and legal recordkeeping; PII is scrubbed.
• Correct your information from the Account page or by contacting us.

Retention

Account info is kept until you delete the account; order records may be retained for up to 7 years for tax and legal purposes. Login attempt records are pruned after 30 days; email logs after 90 days.

Children

Nellie Shoes is not directed at children under 13. If you believe we have collected data from a child, contact us and we will delete it.

Changes

We will announce material changes on the site and email active users with 14 days' notice.

Contact

Questions? See our Contact page.