Legal
Privacy Policy
Last updated: 2026-06-26
This Privacy Policy describes how Escrow-App ("we," "us," or "our") collects, uses, and discloses your personal information when you use our platform, website, and related services (collectively, the "Service").
1. Information We Collect
We collect the following categories of personal information:
- Account information: name, email address, US shipping address, phone number.
- Identity verification: where required by law or by our payment processor, government-issued ID or other verification documents.
- Transaction information: Deal details (item descriptions, prices, shipping addresses, tracking numbers, photos), communications with counterparties.
- Payment information: handled and stored by Stripe; we do not store full card numbers or bank account numbers on our servers.
- Usage information: device type, browser, IP address, pages visited, actions taken on the Service.
- Support communications: messages you send to our team and our responses.
- Referral program data: referral code, link sharing activity, referral credit status, and associated transaction records used to verify credit eligibility.
- Transaction Certificate: a digitally-signed, SHA-256-hashed document containing deal details, evidence submitted, and dispute outcomes, retained as a permanent record of each completed or resolved transaction.
2. How We Use Information
- To provide, operate, and improve the Service.
- To process Deals and release funds correctly.
- To verify identity and prevent fraud, money laundering, and prohibited transactions.
- To resolve disputes between users.
- To send transactional emails (Deal updates, account notices) and, with your consent, marketing communications.
- To comply with legal obligations, including tax reporting and law enforcement requests.
- To detect and prevent referral fraud, including through card payment fingerprint comparison via Stripe for anti-abuse purposes.
3. How We Share Information
We share personal information only as follows:
- Counterparties on Deals: the other party in a Deal sees the information necessary to complete the transaction (name, shipping address, communications).
- Service providers: Stripe (payments and identity verification) — we send to Stripe: payment details, identity verification requests, and transaction metadata; Stripe returns to us: payment status, card fingerprints for fraud detection, and identity verification results. Other service providers include email infrastructure, customer support tooling, and cloud hosting. Each is bound by a data processing agreement.
- Legal requests: we may disclose information when required by subpoena, court order, or law enforcement request, or to protect the rights, property, or safety of Escrow-App, our users, or the public.
- Business transfers: in connection with a merger, acquisition, or sale of assets, with notice to affected users.
We do not sell personal information.
4. Cookies & Tracking
We currently use only functional first-party cookies strictly necessary to operate the Service, including session management and security. We do not currently use third-party analytics cookies (such as Google Analytics). If we introduce analytics or marketing cookies in the future, we will update this policy and provide notice through our cookie banner. You can disable non-essential cookies at any time through your browser settings.
5. Your Rights
Depending on where you live, you may have the following rights:
- Access: request a copy of the personal information we hold about you.
- Correction: request that inaccurate information be corrected.
- Deletion: request that we delete your information, subject to legal retention obligations.
- Portability: receive your data in a structured, machine-readable format.
- Opt out: opt out of certain processing activities, including marketing communications.
- CCPA-specific (California residents): right to know, right to delete, right to opt out of "sale" or "sharing" of personal information, right to non-discrimination for exercising your rights.
- GDPR-specific (EEA/UK residents): right to object, right to restrict processing, right to lodge a complaint with a supervisory authority.
To exercise any of these rights, email us at [email protected]. We will respond within the timeframe required by applicable law.
6. Data Retention
We retain personal information according to the following schedules:
- Financial transaction records (including Transaction Certificates): 7 years from the transaction date, as required by applicable tax and financial regulations.
- Identity verification documents (KYC): for the duration of your account plus any additional period required by applicable anti-money laundering (AML) law, typically 5 years after account closure.
- Dispute records and in-app chat: 7 years from the date of dispute resolution.
- Account information: for the duration of your account. Upon account deletion, personal identifiers are removed within 90 days, subject to the retention periods above.
When information is no longer needed and no retention obligation applies, we delete it or anonymize it.
7. Security
We use industry-standard administrative, technical, and physical safeguards to protect personal information, including encryption in transit and at rest, access controls, and regular security reviews. No system is 100% secure, however; you are responsible for maintaining the confidentiality of your account credentials.
8. Children
The Service is not directed to children under 18. We do not knowingly collect personal information from anyone under 18, and we do not knowingly collect any personal information from children under 13 as defined by the Children's Online Privacy Protection Act (COPPA). Account creation requires users to confirm they are at least 18 years old.
If we discover or are notified that we have collected personal information from a user under 18, we will promptly suspend the account and delete all associated personal information. If you believe we have inadvertently collected information from a minor, please contact us immediately at [email protected].
9. International Transfers
Our infrastructure and service providers are primarily located in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US, where data protection laws may differ from those in your country.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified by email to active users. The "Last updated" date at the top of this page reflects the most recent revision.
11. Contact
Questions or requests? Email [email protected].