Privacy Policy

Last Updated:

This Privacy Policy explains how SAHMM (Stay-at-Home Mothers' Marketplace) collects, uses, and protects your personal data in compliance with GDPR and other privacy regulations.

1. Data We Collect

1.1 Account Information
  • Required: Username, email address, password (hashed)
  • Optional: First name, last name
1.2 Profile Information
  • Optional: Bio, services offered, phone number (encrypted), street address (encrypted), city, state, ZIP code, country, church/parish affiliation
  • Privacy Controls: You control which fields are visible to other users
1.3 Content You Create
  • Barter posts (title, description, images, categories)
  • Forum posts and replies
  • Private messages to other users
  • Reviews of other users
  • Contact form submissions
1.4 Automatically Collected Data
  • IP address (for security and analytics)
  • Browser type and version
  • Login timestamps
  • Page views and interactions

2. How We Use Your Data

2.1 Essential Service Functions
  • Account Management: Create and maintain your account
  • Authentication: Verify your identity and secure your account
  • Communication: Enable messaging between community members
  • Community Features: Display barter posts, forum discussions, user profiles
2.2 Platform Improvements
  • Monitor platform performance and identify issues
  • Analyze usage patterns to improve features
  • Prevent fraud and abuse
2.3 Legal Basis for Processing (GDPR)
  • Contractual Necessity: To provide the service you've signed up for
  • Consent: For optional features and data sharing preferences
  • Legitimate Interest: Security, fraud prevention, platform improvement

3. Data Storage & Security

3.1 Encryption
  • In Transit: All data transmitted using HTTPS/TLS encryption
  • At Rest: Sensitive fields (phone numbers, street addresses, contact emails) are encrypted using industry-standard AES-256 encryption
  • Passwords: Hashed using Django's PBKDF2 algorithm with SHA256
3.2 Storage Location
  • Database: Hosted on Heroku PostgreSQL (US region)
  • Images: Stored on AWS S3 (US region)
  • Cache: Redis for session management and performance optimization
3.3 Security Measures
  • Rate limiting on sensitive operations
  • Session security with secure cookies
  • CSRF protection on all forms
  • SQL injection prevention via Django ORM
  • XSS protection through template auto-escaping
  • Regular security updates and monitoring

4. Data Sharing

4.1 Within the Community
  • Public Content: Barter posts, forum posts, and reviews are visible to all registered users
  • Profile Information: Only shared based on your privacy settings
  • Private Messages: Only visible to sender and recipient
4.2 Third-Party Services
  • Heroku: Hosting platform (covered by Heroku's privacy policy)
  • AWS S3: Image storage (covered by AWS privacy policy)
  • Sentry: Error monitoring (error logs only, no personal data)
  • Slack: Internal notifications for contact forms and account reactivation requests
4.3 We Never Sell Your Data

SAHMM does not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Retention

  • Active Accounts: Data retained as long as your account is active
  • Deactivated Accounts: Data retained for 90 days to allow reactivation
  • Deleted Accounts: Personal data permanently deleted within 30 days
  • Backup Retention: Encrypted backups retained for 30 days for disaster recovery
  • Legal Requirements: Some data may be retained longer if required by law

6. Your Rights Under GDPR

If you're an EU resident, you have the following rights:

Right to Access

Request a copy of all personal data we hold about you.

Export My Data
Right to Rectification

Update or correct inaccurate personal information.

Edit Profile
Right to Erasure

Request deletion of your personal data (Right to be Forgotten).

Delete Account
Right to Restrict Processing

Limit how we use your personal information.

Manage Consent
Right to Data Portability

Receive your data in a machine-readable format (JSON).

Export as JSON
Right to Object

Object to processing of your personal data.

Contact Us
To exercise any of these rights, use the tools above or contact us. We will respond within 30 days as required by GDPR.

7. Cookies & Tracking

7.1 Essential Cookies
  • Session Cookie (sessionid): Keeps you logged in (required)
  • CSRF Token (csrftoken): Security protection against attacks (required)
7.2 Analytics & Tracking

SAHMM currently does not use third-party analytics or tracking cookies. We only use server-side logging for security and performance monitoring.

7.3 Managing Cookies

You can disable cookies in your browser settings, but this will prevent you from logging in and using the platform.

8. Children's Privacy

SAHMM is intended for adults (18+). We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, please contact us immediately so we can delete it.

9. Policy Changes

We may update this Privacy Policy from time to time. We will notify users of significant changes via:

  • Email notification to registered users
  • Notice on the website homepage
  • Updated "Last Updated" date at the top of this policy

Your continued use of SAHMM after changes indicates acceptance of the updated policy.

10. Contact Us

For questions, concerns, or requests regarding your privacy or this policy:

  • Email: Use our contact form
  • Data Protection Officer: Available via contact form
  • Response Time: We respond to all privacy inquiries within 30 days
Supervisory Authority

If you're an EU resident and believe we haven't adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.

GDPR Compliant | AES-256 Encryption | Your Privacy Matters

Return Home