Security & Encryption
Privacy Policy
Last Updated: June 23, 2026
1. Information We Collect
We collect basic profile data (display names, emails, photos) during authentication via Firebase Auth. Phone number and address books are only persisted when submitted by hosts to list active directory ads.
2. Data Safety & Protection
All uploaded user assets, verification documents, and listing images are handled with server-validated write access rules. Public records are accessible to directory search crawlers, while private data is locked strictly behind API sessions.
3. Direct Messaging Security
Real-time communication channels utilize peer-authenticated Firestore reading listeners. Only the explicit participants of a buyer-seller thread are authorized to open or view message contents.