Privacy Policy
Version: 1.0 Date: 2026-05-15
Our position, in plain English
We collect as little data as possible from you. We don't run analytics, we don't use third-party tracking, we don't sell or share your data, and we don't build a profile on you. The handful of things we do collect, we only collect because we genuinely need them to run a yard sale walk.
If anything below is unclear, use our contact form and we'll explain, in plain English, not lawyer-speak.
1. What we collect, and why
From everyone who creates an account
| What | Why we need it |
|---|---|
| Your email address | So we can sign you in and send you transactional emails (sign-in links, registration confirmations, walk reminders, payout notifications). Nothing else. |
| Your name | So we can address you in emails, and so the organizer/seller name shows up correctly on a walk page or printed map. |
| Your password (organizers and admins only) | So you can sign in. We store only a salted hash, we never see or keep your actual password. |
From organizers (people running a walk)
| What | Why we need it |
|---|---|
| The walk boundary you draw | So shoppers can see the walking area and so we can match seller addresses to your walk. |
| Walk details (name, date, time, fee, optional description, optional charity) | So we can show your walk on the public page and run registrations. |
From sellers (people registering to host a yard sale at a walk)
| What | Why we need it |
|---|---|
| Your home address | Because the walk is a map of homes, we have to know where the sale is. We verify it falls inside the walk's boundary. |
| Your payment information | Handled by Stripe. We never see your card number; Stripe gives us a token and a confirmation that you paid. |
| What you'll be selling (categories, optional notes) | So we can sort the seller list and group similar items together on the printed map. |
Automatically, when you use the site
| What | Why |
|---|---|
| Server logs (IP address, browser type, the page you requested) | Standard server operation and abuse prevention. We keep these for 30 days, then delete them. |
| A signed-in session cookie | So you stay signed in. No third-party cookies. |
What we don't collect
- No analytics (Google Analytics, Plausible, Mixpanel, etc.).
- No advertising or marketing pixels.
- No fingerprinting.
- No location tracking. (When you draw a boundary, the map is just a tile background, your device's location is never read.)
- No social-media tracking.
- No data we don't list above.
2. Who else sees your data
Only the service providers we need to run the site. Each one only sees the minimum it needs to do its job:
- Stripe, payment processing. They see what they need to charge a card and pay an organizer. Stripe's privacy policy.
- Mapbox, address autocomplete and map tiles. They see the search query you type while typing an address (e.g. "123 Main"), but never your account, name, or anything else. Mapbox privacy policy.
- SMTP2Go, sends our transactional emails. They see your email address and the email content. SMTP2Go privacy policy.
We don't sell your data. We don't share it for marketing. If a court order ever required us to disclose something, we would push back and only comply with what's legally required.
3. How long we keep things
- Account data (email, name): kept while your account is active. Deleted on request.
- Seller addresses: deleted automatically 30 days after the walk's event date. (We don't need them after that.)
- Server logs: 30 days, then deleted.
- Payment records: kept for 7 years to comply with Canadian tax law (CRA requirements for business records).
- Email contents in our outbound queue: 7 days, then deleted.
4. Your rights
Under BC's Personal Information Protection Act (PIPA) and Canada's PIPEDA, you can:
- See what we have on you. Use the contact form and we'll send it within 30 days.
- Correct anything wrong. Same form; we'll fix it.
- Delete your account and everything tied to it (subject to the 7-year payment-record retention above, which is required by law).
- Export your data in a machine-readable format.
- Withdraw consent at any time, though if you withdraw consent for things we need to run the service (like your email for sign-in), the practical result is account deletion.
We will respond within 30 days. If you don't hear back, that's a bug, email us again.
5. Security
- All traffic uses HTTPS.
- Passwords are stored as salted bcrypt hashes, we never see them.
- Payment information goes directly to Stripe; we never store card numbers.
- Database servers are hosted in Canada.
- Only a small number of staff have access to production data, and only when troubleshooting a specific issue.
If we ever suffer a data breach that affects you, we'll notify you within 72 hours of becoming aware.
6. Children
Yard Sale Walk is intended for adults (18+). If a child registers as a seller they must do so through a parent's account. We don't knowingly collect data from children under 13.
7. Changes to this policy
If we change anything material, we'll email everyone with an account at least 14 days before the change takes effect, and you can decline by closing your account. Minor wording or clarification changes don't trigger an email.
8. Contact
- Get in touch: use our contact form