TradeLayer

Legal

Privacy Policy

Last updated: May 14, 2026

Template notice: This document is a starting template. It must be reviewed and customized by qualified legal counsel before being used for production.

1. Introduction

TradeLayer ("we", "us", "our") provides software that helps retail businesses operate trade-in counters. This Privacy Policy describes what personal information we collect, why we collect it, how we use it, and your rights regarding that information.

2. Information we collect

We collect information in the following categories:

  • Account information: name, business email, password hash, role, and authentication metadata.
  • Shop information: business name, address, locations, staff users, and configuration preferences.
  • Customer trade records: the trade-in transactions you record using the service, including item descriptions, condition grades, offers, payouts, and the customer identifier you choose to attach.
  • POS access tokens: OAuth tokens we obtain when you connect Shopify, Square, or Clover. Tokens are encrypted at rest and used only to fulfill your instructions inside the service.
  • Usage and device data: IP address, browser, device type, pages visited, and timestamps. Used for security, debugging, and product analytics.
  • Support communications: the contents of any messages you send to support@tradelayer.app or via in-app support.

3. How we use information

  • Operate, maintain, and secure the service.
  • Authenticate users and enforce access control.
  • Process trade-in transactions and write the results to your connected POS.
  • Provide customer support.
  • Send service announcements and (with consent) product updates.
  • Comply with legal obligations and enforce our Terms.

4. Third parties

We share data only with service providers needed to deliver the product:

  • Hosting & database: stores account, shop, and trade data.
  • Payments (Stripe): processes subscription billing. We never see your full card number.
  • POS integrations (Shopify, Square, Clover): we exchange data with the POS system you authorize.
  • Email delivery and analytics providers: for transactional email and aggregated product analytics.

We do not sell your personal information.

5. Data retention

We retain account and trade data for the life of your subscription plus 90 days, after which active records are deleted or fully anonymized. Backups are retained for up to 30 days. You can request earlier deletion at any time.

6. Your rights (GDPR / CCPA)

Depending on your jurisdiction, you have the right to access, correct, export, restrict processing of, and delete your personal information. California residents have the right to know what categories of personal information are collected and to opt out of any sale of personal information (we do not sell). To exercise any of these rights, email support@tradelayer.app.

7. Cookies

We use strictly necessary cookies for authentication and a small number of first-party analytics cookies to understand product usage. See our Cookie Policy for details.

8. Security

We protect data with TLS in transit, AES-256 at rest, scoped row-level security, audit logging, and least-privilege access. POS tokens are encrypted with a separate key and decrypted only inside trusted server functions.

9. International transfers

Data is processed primarily in the United States. Where required, we rely on Standard Contractual Clauses for transfers from the EEA, UK, or Switzerland.

10. Children

The service is not directed to children under 16. We do not knowingly collect personal information from children.

11. Changes to this policy

We will post any changes here and, for material changes, notify you by email at least 14 days before they take effect.

12. Contact

For privacy questions or to exercise your rights, contact us at support@tradelayer.app.