Privacy Policy
This is a live document. Last updated: 2026-04-16. Contact privacy@scentsell.com.au for questions about your personal data.
What we collect
ScentSell collects the following categories of personal information:
| Data type | When collected | Purpose |
|---|---|---|
| Email address | Account registration | Account access, transactional emails, notifications |
| Full name | Account registration / Stripe onboarding | Identity verification, order fulfilment |
| Delivery address | At checkout (buyer) | Shipping the purchased item |
| Payment information | Stripe handles this directly | ScentSell does NOT store card numbers or bank details |
| Device and browser data | Automatically, via Vercel analytics | Platform performance and error detection |
| Push notification token | When you grant permission | Sending push notifications via OneSignal |
| Listing content | When you create a listing | Display on the marketplace |
| Messages | When sent | Dispute resolution and communication history |
How we use it
- Order fulfilment: name and address are shared with the seller for dispatch purposes
- Platform operations: email and push are used for transactional notifications (orders, offers, messages)
- Customer support: we access your account data when you contact support
- Safety: messages and activity logs are reviewed when investigating disputes or suspected policy breaches
- Analytics: aggregate, anonymised platform usage data is used to improve ScentSell features
We do not sell your personal data to third parties.
Who we share with
| Third party | What they receive | Why |
|---|---|---|
| Stripe | Payment data, identity verification data | Processing payments and KYC |
| Supabase | All account and transaction data | Database and authentication infrastructure |
| OneSignal | Push notification device token | Delivering push notifications |
| Resend | Email address | Sending transactional and marketing emails |
| Vercel | Anonymised usage data | Hosting and analytics |
Each of these providers operates under their own privacy policy and data processing agreements. We have reviewed these agreements for Australian Privacy Act compliance.
Data retention
- Account data is retained for the lifetime of your account plus 7 years (ATO requirement for financial records)
- Messages are retained for the lifetime of your account
- You can request deletion of personal data by contacting privacy@scentsell.com.au
Your rights
Under the Privacy Act 1988 (Cth) (Australian Privacy Principles) and, where applicable, the GDPR:
- Access: you can request a copy of the personal data we hold about you
- Correction: you can request we correct inaccurate data
- Deletion: you can request deletion (subject to legal retention requirements)
- Portability: you can request a machine-readable export of your data
- Objection: you can object to specific uses of your data (e.g. marketing)
To exercise these rights, email privacy@scentsell.com.au.
Security
ScentSell uses industry-standard security practices including encrypted connections (HTTPS), Supabase Row Level Security (RLS) to enforce data access controls, and Stripe for PCI-DSS compliant payment processing. We never store plain-text passwords.