cados.store

Legal

Privacy Policy

Last updated: April 29, 2026

The short version

cados.store collects only what we need to run the marketplace: your Google profile when you sign in, the items you wishlist or follow, and the clicks that flow through to sellers. We don’t sell your data, don’t track you across other websites, and don’t store payment information (we never see it — buyers buy directly from sellers). You can ask us to delete your account at any time.

1. Who we are

cados.store (“cados”, “we”, “us”) is the data controller for personal information you provide while using our platform. You can reach us anytime at contact@cados.store.

2. What we collect

  • Account info: when you sign in with Google, we receive your name, email, profile image, and a Google account ID. This is the minimum needed to create your account.
  • Seller application info: if you apply to list a shop, we collect your shop name, Instagram handle, optional website URL, category, a short shop description, and a contact email.
  • Activity on the platform: items you wishlist, shops you follow, reviews you write, drop-alert subscriptions, and product clicks (which seller, which destination, timestamp, referrer, and a device fingerprint for fraud prevention).
  • Technical data: IP address, browser/user-agent, and basic request logs used for security, rate-limiting, and uptime monitoring.
  • Cookies and session tokens: a single signed session cookie keeps you logged in. We don’t use third-party advertising or analytics cookies.

3. How we use it

  • To run your account and personalise the site (wishlists, followed shops, reviews).
  • To show sellers anonymous click and follow analytics for their own shops.
  • To send transactional emails: application status, drop alerts you opted in to, and occasional service notices.
  • To prevent fraud, abuse, and spam.
  • To comply with legal obligations.

We will never sell your personal data, and we will never email you marketing for shops you haven’t followed.

4. Who we share data with

We share limited data only with these categories of recipients:

  • Sellers you interact with: when you follow a shop or sign up for its drop alerts, the seller sees that an account followed them and aggregate analytics for their listings. They do not see your email or profile unless you contact them directly.
  • Service providers we rely on to run the platform — currently Google (sign-in), Neon (database hosting), Vercel (web hosting), Resend (email delivery), and Upstash (rate-limiting). They process data on our behalf under their own privacy and security terms.
  • Authorities when required by valid legal process or to protect users from harm.

5. International transfers

Some of our service providers operate outside India. When we transfer data abroad, we rely on the safeguards offered by those providers (standard contractual clauses, equivalent regional data centres where available, and encryption in transit and at rest).

6. How long we keep data

  • Account data: until you delete your account, plus up to 30 days for backups.
  • Seller applications: kept while you are a seller, and for up to 24 months after a rejection or deactivation, to prevent abuse and re-application loops.
  • Click and analytics data: aggregated and anonymised after 13 months. Raw event data beyond that window is deleted.
  • Transactional email logs: 90 days, for delivery diagnostics.

7. Your rights

You can:

  • Access the personal data we hold about you.
  • Correct inaccurate information from your account settings or by emailing us.
  • Delete your account, which removes your profile, wishlists, follows, and reviews.
  • Object to or restrict certain processing (e.g., drop-alert emails — unsubscribe link in every email).
  • Export a copy of your data in a portable format.

To exercise any of these, email contact@cados.store from the address linked to your account. We respond within 30 days.

8. Children

cados is not intended for anyone under 18. We don’t knowingly collect data from minors. If you believe a child has signed up, write to us and we’ll remove the account.

9. Security

We use industry-standard practices to protect your data: TLS encryption in transit, encrypted storage at rest, scoped database credentials, and short-lived signed session tokens. No system is perfectly secure, so we also keep our footprint small — we collect the minimum we need and discard what we don’t.

10. Changes to this policy

When we update this policy, we’ll change the “Last updated” date above and, for material changes, notify signed-in users by email. Continuing to use cados after the update means you accept the new policy.

11. Contact

Privacy questions, data requests, or concerns? contact@cados.store.