Collect Sisu

Legal

Privacy Policy

Last updated May 24, 2026

Draft: this page is awaiting legal review. The substantive terms below are a starting point and may change.

This Privacy Policy explains how Collect Sisu (“we,” “us,” or “our”) collects, uses, shares, and protects information when you use our website, mobile applications, and related services (collectively, the “Service”).

1. Information we collect

1.1 Information you provide directly

  • Account information: name, email, password, phone number, profile photo, bio.
  • Identity verification (Hosts): Stripe collects government-issued ID and bank account information on our behalf to enable payouts. We do not store these documents.
  • Listings: photos, descriptions, pricing, location, availability that you choose to publish.
  • Bookings & messages: dates, items, conversations between Guests and Hosts.
  • Payment information: handled by Stripe; we receive only a token and the last four digits of your card.

1.2 Information collected automatically

  • Usage data: pages viewed, actions taken, IP address, device type, browser, referrer.
  • Cookies and similar technologies: for sign-in sessions, preferences, and analytics. You can disable cookies in your browser, but parts of the Service may not work.
  • Location: approximate location based on IP; precise location only if you grant permission for proximity-based search.

1.3 Information from third parties

  • Sign-in providers: if you sign in with Google or Apple, we receive your name, email, and avatar.
  • Stripe: account verification status and payout history.

2. How we use your information

  • To provide, maintain, and improve the Service.
  • To process bookings, payments, and payouts.
  • To facilitate communication between Guests and Hosts.
  • To send transactional emails (booking confirmations, reminders, receipts).
  • To send marketing emails (you can opt out at any time).
  • To detect, investigate, and prevent fraud or abuse.
  • To comply with legal obligations.

3. How we share your information

3.1 Between users

When you book a listing, the Host sees your name and contact details needed to fulfill the booking. When you list, your name, photo, and listing details are public. Messages between you and the other party are visible to both parties and to Collect Sisu staff for support and dispute resolution.

3.2 With service providers

We share information with vendors that help us operate, including:

  • Stripe — payments and Connect payouts
  • Firebase (Google) — authentication
  • Supabase — database hosting
  • Railway — backend hosting
  • Vercel — frontend hosting
  • Cloudinary — image storage and delivery
  • Postmark — transactional email delivery
  • PostHog — product analytics

3.3 For legal reasons

We may share information when required by law, valid legal process, or to protect the rights, safety, or property of Collect Sisu, our users, or the public.

3.4 In business transfers

If Collect Sisu is involved in a merger, acquisition, or asset sale, user information may be transferred as part of that transaction. We will notify you of any change in ownership or material change in how your information is handled.

4. Your rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete your account and associated data (subject to legal retention requirements, e.g. transaction records for tax purposes).
  • Object to or restrict certain processing.
  • Receive a copy of your information in a portable format.
  • Withdraw consent for marketing communications.

To exercise any of these rights, contact privacy@collectsisu.com from the email address on file. We respond to verified requests within 7 days. Account deletion is also self-serve in our iOS app (Account → Delete account); a web self-serve flow is in development.

5. Data retention

We keep your information for as long as your account is active and as needed to provide the Service. After account closure, we retain transaction records for the period required by applicable tax and accounting law (typically seven years).

6. Security

We use industry-standard safeguards (encryption in transit, hashed passwords via Firebase, scoped database access) to protect your information. No system is 100% secure; we encourage you to use a strong, unique password and enable two-factor authentication where available.

7. Children

The Service is not directed to children under 13 (or under 16 in the EU/UK). We do not knowingly collect information from children. If you believe a child has provided us information, contact us and we will delete it.

8. International transfers

Our service providers are located in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US under appropriate safeguards.

9. Changes to this Policy

We may update this Policy from time to time. Material changes will be announced through the Service or by email.

10. Contact

Questions or requests about this Policy: contact privacy@collectsisu.com.