Privacy Policy

Last updated: May 1, 2026 · We respect your privacy and are committed to protecting it.

This Privacy Policy explains how eksec ("we", "us", or "our") collects, uses, stores, and protects your personal information when you use the eksec platform at eksec.com. By using eksec, you agree to the practices described in this policy.

The short version: We collect only what we need to operate the Platform, we never sell your data, and we never share your personal information with third parties for marketing purposes.

Information We Collect
How We Use Your Information
How We Share Your Information
Your Listings & Public Information
Cookies & Local Storage
Data Security
Data Retention
Your Rights & Choices
Children's Privacy
Changes to This Policy
Contact Us

1. Information We Collect

We collect information in two ways: information you give us directly, and information collected automatically when you use the Platform.

Information you provide:

Information	When collected	Why
Email address	Registration	Account creation, login codes, notifications
Display name	Registration	Shown on your profile and listings
Password (hashed)	Optional at registration	Password-based sign-in
City & State	Profile setup	Shown publicly to help buyers find local sellers
Phone number	Profile settings	Private — never shown publicly
Bio & Avatar	Profile settings	Shown on your public shop page
Listing content	Creating listings	Displayed to buyers on the Platform
Photos uploaded	Creating listings	Displayed with your listings
Inquiry messages	Contacting sellers	Forwarded to the seller by email
Reviews & ratings	Leaving a review	Shown publicly on seller profiles

Information collected automatically:

IP address — used for security monitoring and rate limiting
Browser type and user agent — used to detect and block malicious automated requests
Pages visited and listing views — used to calculate view counts on listings
Session data — used to keep you logged in securely

We do not use third-party analytics tools (such as Google Analytics) and do not place advertising tracking cookies on your device.

2. How We Use Your Information

We use the information we collect to:

Create and manage your account
Enable you to create, edit, and manage listings
Send login verification codes (OTP) and security alerts
Forward buyer inquiries to sellers by email
Send transactional emails (listing published, expiry reminders, review notifications)
Display your public profile and shop page to other users
Protect the Platform from abuse, spam, and malicious activity
Respond to your support requests and feature suggestions
Improve the Platform based on usage patterns

We will never use your information for:

Selling or renting your data to any third party
Targeted advertising or ad retargeting
Profiling you for commercial purposes unrelated to eksec
Sending unsolicited marketing emails beyond Platform notifications

4. Your Listings & Public Information

When you create a listing, the following information is shown publicly to all visitors:

Listing title, description, photos, price, and tags
Your display name and public profile (bio, avatar, city/state, ratings)
Your city and state (never your full address or ZIP code)

In rare cases where a seller is located in a very small community, city and state combined with their display name could potentially identify them. Sellers in small towns may optionally list a nearby larger city instead.

The following information is kept private and never shown publicly:

Your email address
Your phone number
Your street address or precise location
Your IP address or device information

Your email is only shared with another user when you actively send them an inquiry, and only so they can reply to you directly. We never display email addresses on public listing or profile pages.

5. Cookies & Local Storage

eksec uses a single session cookie to keep you logged in. This cookie:

Is set only when you sign in
Contains a random session token — not your personal data
Is marked HttpOnly (not accessible to JavaScript) and Secure (HTTPS only)
Expires after 7 days of inactivity

We do not use advertising cookies, tracking pixels, or any third-party cookies. We do not use browser local storage to store personal data.

6. Data Security

We take security seriously and implement multiple layers of protection:

All connections are encrypted via HTTPS (TLS)
Passwords are hashed using bcrypt with a high work factor — we never store plain-text passwords
Login codes (OTPs) are hashed before storage and expire after 10 minutes
All database queries use prepared statements to prevent SQL injection
Uploaded files are validated for type and content before being stored
Session tokens are randomly generated and stored server-side
Sensitive directories are blocked from direct web access

While we implement industry-standard security measures, no system is 100% secure. We encourage you to use a strong, unique password and to report any suspected security issues to hello@eksec.com immediately.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Platform's services. Specifically:

Account data is retained while your account is open
Listings are stored for their active period plus a short archival window
Inquiry messages are stored to allow sellers to reference past contact history
Login session tokens expire after 7 days and are automatically purged
OTP verification codes expire after 10 minutes and are cleared after use

When you delete your account, we will delete your personal data within 30 days, except where retention is required by law or for legitimate security purposes.

8. Your Rights & Choices

You have the following rights regarding your personal data:

Access: You can view and edit your profile information at any time from your account settings.
Correction: You can update inaccurate information through your profile settings page.
Deletion: You can request account deletion by contacting us. We will delete your personal data within 30 days.
Portability: You can request a copy of your data by emailing us.
Opt-out of emails: Transactional emails (such as inquiry notifications) cannot be fully disabled as they are core to the Platform's function. However, you may contact us to adjust your email preferences.

To exercise any of these rights, contact us at hello@eksec.com.

9. Children's Privacy

eksec is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a child has created an account on eksec, please contact us and we will promptly delete the account and associated data.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where required, notify registered users by email. Your continued use of the Platform after any update constitutes your acceptance of the revised policy.

We encourage you to review this policy periodically to stay informed about how we protect your information.

11. Contact Us

For privacy-related questions, requests, or concerns, please contact us:

🔒

eksec Privacy

Email: hello@eksec.com
We aim to respond to all privacy requests within 5 business days.