Privacy Policy
Effective date: June 7, 2026 Operator: Disc Golf Trading Post (a trade name of Last Tree Disc Golf LLC, a New Jersey limited liability company, NJ Business Entity ID 0451463690) ("we", "us", "the platform")
This Privacy Policy explains what personal information we collect when you use Disc Golf Trading Post, how we use it, who we share it with, and the rights you have over it. It applies to all visitors and to every account holder — buyers, sellers, and people browsing without an account.
Plain summary: we collect what we need to run a peer-to-peer marketplace for used disc golf discs. We do not sell your information. The only analytics we use is privacy-friendly and cookieless (Vercel Web Analytics) — we do not run advertising pixels, ad-tech trackers, or session-replay scripts. We share data only with the service providers that move money, ship packages, host the site, deliver email, and authenticate logins. The full text below names every category of information, every recipient, and every right you have.
1. Scope and key terms
1.1 Who this applies to. This policy applies to everyone who uses the platform, including signed-in account holders (buyers and sellers) and signed-out visitors.
1.2 "Personal information" means information that identifies, relates to, or could reasonably be linked with you or your household. Examples include your name, email, mailing address, phone number, IP address, payment method, and the contents of your listings, orders, bids, ratings, and wishlist.
1.3 Relation to the Terms of Service. This policy works alongside the platform's Terms of Service. Where the two documents address the same topic — for example, the limited information sellers receive about buyers to fulfill an order — they are meant to be consistent. Defined terms in the Terms of Service have the same meaning here.
1.4 Service providers. A "service provider" (sometimes called a "processor") is a third-party company we use to run a specific function of the platform — for example, processing payments. Service providers are bound by written contracts that restrict their use of your information to performing that function. We list every service provider we use in Section 4.1.
1.5 Children. The platform is for users aged 18 or older (Terms of Service Section 1.1). We do not knowingly collect information from anyone under 13. See Section 9.
2. Information we collect
We collect information in three ways: you give it to us, our systems record it as you use the platform, and our service providers send it back to us about you.
2.1 Information you provide
Account creation (via Clerk, our authentication provider):
- Email address (required)
- Display name (optional)
- Authentication method (password set with Clerk, or third-party login if you connect one)
Buyer profile (when you buy or save a card for auctions):
- Shipping name, full street address, phone number
- A Stripe payment-method identifier (we receive an opaque token; we do not see your card number, expiration, or CVV)
Seller profile (when you onboard to sell):
- Ship-from name, full street address, phone number (USPS requires a phone number for Ground Advantage commercial labels)
- Government tax ID (SSN or EIN), date of birth, and bank account routing/account numbers — these are collected by Stripe directly during Stripe Connect (Express) onboarding; we never see or store them
- Stripe Connect account identifiers (so we can route payments and payouts on your behalf)
Listings:
- Photos of the specific disc you are selling
- Mold, plastic, weight, condition rating, price, and any optional fields you complete (variant, color, glow / dye flags, edition details, per-area wear notes, free-text description)
Orders and bids:
- Cart contents
- Bid amounts on auctions
- Buyer shipping address snapshotted at order creation (so later changes to your profile do not rewrite older orders)
Ratings and reviews:
- Star rating, free-text review (up to 2,000 characters)
- Optional photos
- Optional seller response
Wishlist and price tracking:
- The molds, plastics, or specific variants you have subscribed to
- The listings you have subscribed to price-drop alerts for
- Whether you have opted in to new-listing email alerts
Communications you initiate:
- Anything you send to support@disctradingpost.com or through dispute-reporting flows
2.2 Information collected automatically
Cookies set by us. We set three functional cookies. None are used for advertising or cross-context tracking:
| Cookie | Purpose | Approximate lifetime |
|---|---|---|
dtp_cart |
Stores your cart so it persists across visits before checkout | 30 days |
dtp_ship_zip |
Stores your ZIP code so we can show shipping estimates on listing pages without asking again | 1 year |
dtp_seller_kit_ack |
Records that a seller has acknowledged the starter-kit walkthrough step (cosmetic only) | 1 year |
Cookies set by Clerk (authentication provider). Clerk sets session and CSRF cookies so you can stay signed in. These are managed by Clerk and are governed by Clerk's Privacy Policy.
Cookies set by Stripe (payment processor). When you use the Stripe payment flow at checkout or save a card for auctions, Stripe may set its own cookies for fraud detection and session continuity. These are governed by Stripe's Privacy Policy.
Server logs. Our hosting provider (Vercel) and our database provider (Neon) maintain technical logs that include IP address, browser user-agent, request URL, and response status codes. Logs are used for security monitoring, debugging, and abuse prevention. They are not used for advertising, behavioral profiling, or cross-context tracking.
Privacy-friendly analytics. We use Vercel Web Analytics to understand how the site is used — aggregate page views, referring sites, and general device/region information. It is cookieless, does not track you across other websites, does not build an advertising profile, and does not collect information that identifies you personally. It is provided by our hosting provider, Vercel (see Section 4.1).
We also record the same kind of aggregate page-view data in our own database (the page visited, the referring site, any campaign tags in the link you followed, a coarse region, and general device type) to operate and improve the platform. This first-party analytics is likewise cookieless and uses no client-side storage: we do not store your raw IP address, and same-day unique visits are counted using a salted identifier that is regenerated each day, so it cannot be used to recognize you over time or across other sites.
What we do not use. We do not run Google Analytics, Facebook / Meta Pixel, TikTok Pixel, Hotjar, FullStory, PostHog, Mixpanel, Segment, or any session-replay, fingerprinting, or cross-context-behavioral-advertising tracker. We do not embed third-party advertising scripts on the platform.
2.3 Information from third parties
Clerk sends us your email and display name (and any third-party identity-profile data you authorize) when you sign in.
Stripe sends us status updates about your seller account (e.g., whether onboarding is complete, whether your account can receive payouts), payment-event notifications (succeeded, failed, refunded, charged back), and tax-calculation records when applicable.
Shippo sends us label and tracking metadata associated with the labels we purchase on your behalf (label URL, tracking number, carrier status events).
We do not buy lists, do not enrich your record with data brokers, and do not receive shopper-profile data from advertising networks.
3. How we use your information
3.1 Run the marketplace. Show you listings, save your wishlist, store your cart, accept your bids, group multi-seller carts at checkout, render your ratings on seller profiles.
3.2 Process payments and payouts. Route your payment through Stripe; route the seller's payout to their connected bank account; calculate and remit any applicable sales tax (when Stripe Tax is enabled).
3.3 Ship orders. When you buy a disc, share your shipping name, address, and phone with Shippo to purchase a USPS Ground Advantage label, and share the same information with the seller so they can prepare and ship the package.
3.4 Send transactional emails. Confirm orders, notify you of bid outcomes, deliver shipping and tracking updates, alert you when a watched listing drops in price or a wishlist mold lists, send payout receipts, and forward dispute correspondence.
3.5 Maintain trust and safety. Detect and prevent fraud, anti-shilling violations, fee circumvention, repeated chargebacks, account-takeover attempts, and Terms-of-Service violations. This may include reviewing transactional logs, payment-failure patterns, and bid history.
3.6 Comply with law. Retain tax records as required by the IRS and state revenue authorities; respond to lawful subpoenas, court orders, and binding legal process; comply with anti-money-laundering and sanctions screening obligations (largely handled by Stripe during seller onboarding).
3.7 Defend the platform. Use your information as evidence in chargeback responses (we attach order details, listing URL, condition rating, and ship-from state to the underlying PaymentIntent metadata for Stripe dispute defense), in dispute resolution, and to respond to any legal claim.
3.8 Improve the platform. Analyze aggregate, de-identified patterns of use — for example, which catalog pages are most-viewed or which condition tiers sell fastest — to make product decisions. We do not build individual behavioral profiles or use your individual usage history to target you.
3.9 Notify you of material changes. Send updates about changes to the Terms of Service, this Privacy Policy, or features that affect how your information is used.
4. Who we share your information with
We share your information only with the parties named below, and only as described below. We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We have not done either in the preceding 12 months.
4.1 Service providers
Each service provider receives only the information needed to perform its function. Each is bound by its own data-processing terms and privacy policy.
| Provider | Function | Information shared | Their policy |
|---|---|---|---|
| Clerk | Authentication | Email, display name, login events | clerk.com/legal/privacy |
| Stripe | Payments, Connect onboarding, Tax | Buyer + seller name, address, email, phone; seller government tax ID + bank account (collected by Stripe directly); transaction details | stripe.com/privacy |
| Shippo | USPS label generation and tracking | Buyer + seller name, address, phone; parcel weight + dimensions; order ID | goshippo.com/privacy |
| Cloudinary | Listing + rating photo storage and delivery | Photos you upload, asset metadata (no personal identifiers embedded by us) | cloudinary.com/privacy |
| Resend | Transactional email delivery | Email address, name, order / listing details included in message bodies | resend.com/legal/privacy-policy |
| Neon | PostgreSQL database hosting (US region) | Everything stored in the platform database | neon.tech/privacy-policy |
| Vercel | Site + serverless-function hosting and privacy-friendly, cookieless web analytics (US region) | Request data, server logs, environment configuration; aggregate page-view + referrer analytics (no cookies, no cross-site tracking) | vercel.com/legal/privacy-policy |
If we replace, add, or remove a service provider in a way that affects how your personal information is handled, we will update this table.
4.2 Other platform users
Sellers receive limited buyer information for each order they fulfill: your display name (or shipping name if different), full shipping address, phone number, and the order's item list. This is the minimum necessary to ship the order. Sellers are contractually prohibited (Terms of Service Section 2.5) from using buyer information for any purpose other than fulfilling that order.
Buyers receive limited seller information: the seller's display name, ship-from city and state, aggregate seller rating, and tracking number on shipped orders. Buyers do not see the seller's full ship-from address, phone, email, or tax/bank details.
Ratings, reviews, and listing photos are public. When you rate a seller, your display name, star rating, review text, and any uploaded photos appear on that seller's public profile and on the order page. When you list a disc, the photos you upload are visible to anyone browsing the listing.
4.3 Government, regulators, and law enforcement
We may share your information with government agencies, regulators, or law enforcement when (a) we are compelled by a valid subpoena, court order, search warrant, or other binding legal process; (b) we reasonably believe disclosure is necessary to prevent imminent harm; (c) we are required to report tax information to the IRS or a state revenue department; or (d) we are responding to lawful sanctions-screening or anti-money-laundering obligations.
4.4 Business successors
If we are acquired, merged, or restructured, your information may transfer to the acquiring entity. We will require the acquirer to honor this Privacy Policy, or to provide affected users with reasonable advance notice and a meaningful opportunity to delete their account before the transfer takes effect.
4.5 With your consent
We may share information not described above only with your express prior consent.
4.6 What we never do
- We never sell your personal information for monetary or other valuable consideration.
- We never share your personal information with advertising networks, data brokers, or cross-context behavioral advertisers.
- We never disclose seller bank-account, tax-ID, or buyer payment-card details to anyone — that information flows directly between you and Stripe and we never see it.
5. Cookies and similar technologies
5.1 Our cookies are functional. The three cookies we set (dtp_cart, dtp_ship_zip, dtp_seller_kit_ack) are functional and necessary for the platform to work as you would expect. None are used for advertising or third-party tracking.
5.2 Third-party cookies. Clerk and Stripe set their own cookies on pages where their UI is loaded (sign-in pages, checkout pages, the save-a-card flow for auctions). These cookies are functional or strictly necessary for those parties' core features such as session integrity and fraud detection.
5.3 Do Not Track. Our platform does not respond to "Do Not Track" browser signals because we do not run cross-context behavioral tracking — there is nothing for the signal to opt you out of on our side.
5.4 Global Privacy Control (GPC). Because we do not sell or share personal information for cross-context behavioral advertising, GPC signals have no operational effect on our handling. We honor the underlying request: we do not sell or share your information, regardless of signal.
5.5 Disabling cookies. You can disable cookies in your browser settings, but the platform will not work correctly without them — you will not be able to sign in, hold items in a cart, or complete checkout.
6. How long we keep your information
| Data category | Retention |
|---|---|
| Account record (User row) | While your account is active. After you request deletion, see Section 7.2. |
| Order records, payment records, and tax records | 7 years after the order date, to satisfy IRS and state tax recordkeeping requirements |
| Listing photos | While the listing is active. After a listing is DELISTED, SOLD, or CANCELED, we may retain photos for up to 90 days for refund and dispute handling, then remove them from Cloudinary |
| Rating photos and review text | Indefinitely, as part of the seller's public rating history; you can request review-text removal under Section 7 |
| Wishlist, price-watch, and saved-search records | Until you remove them yourself or close your account |
Cart cookie (dtp_cart) |
About 30 days from your last activity |
| Other functional cookies | About 1 year |
| Authentication session (Clerk) | Per Clerk's retention policy |
| Server logs (Vercel, Neon) | Per each provider's standard retention; typically 30–90 days |
If the law requires us to retain information longer than the periods above (for example, in connection with a pending dispute or legal hold), we will do so for the longer period.
7. Your rights
This section explains the rights you have over your personal information and how to exercise them. The specific rights available to you depend on where you live, but we extend the core baseline of these rights to all users regardless of residence — the only thing that varies by jurisdiction is the legal label.
7.1 The rights you have
- Access. Request a copy of the personal information we hold about you.
- Correction. Request that we correct inaccurate or incomplete information. You can also edit most account fields directly in your account settings.
- Deletion. Request that we delete your personal information, subject to the limits in Section 7.2.
- Portability. Request a machine-readable copy of the information you provided to us (for example, your listings or your order history).
- Opt out of "sale" or "sharing." We do not sell or share personal information for cross-context behavioral advertising, so this right has nothing to opt out of on our side. It is honored by default.
- Non-discrimination. We will not deny you service, charge you a different price, or provide a different quality of service because you exercised a right under this policy.
- Authorized agent. You may use an authorized agent to submit a request on your behalf. We will verify the agent's authority before acting.
- Appeal. If we decline a request, you can appeal in writing to support@disctradingpost.com. We will respond to appeals within 60 days.
7.2 Limits on deletion
We may decline a deletion request, or retain a limited copy of the data, when:
- We are legally required to retain it (for example, the 7-year tax-recordkeeping rule on completed orders).
- Retention is necessary to complete a transaction you initiated, fulfill a warranty, or process a refund or dispute.
- Retention is necessary to detect or prevent fraud, defend against legal claims, or enforce the Terms of Service.
- We need to preserve information under a pending legal hold.
When we retain information after a deletion request, we limit it to the minimum necessary and use it only for the retained purpose.
7.3 California residents (CCPA / CPRA)
California residents have the rights listed in Section 7.1, including:
- Right to know the categories of personal information we collect, the sources we collect it from, the purposes for which we collect it, and the categories of recipients we disclose it to (covered in Sections 2, 3, and 4).
- Right to know the specific pieces of personal information we have collected about you.
- Right to delete (subject to Section 7.2).
- Right to correct inaccurate personal information.
- Right to opt out of "sale" and "sharing" for cross-context behavioral advertising — we do not engage in either, so there is nothing to opt out of on our side.
- Right to limit the use of "sensitive personal information." Where we collect sensitive personal information (your account credentials with Clerk; the SSN/EIN and bank-account information you provide directly to Stripe during seller onboarding), we use it only for the essential purposes described in this policy — to operate your account, authenticate you, verify your identity, and process payments and payouts. We do not use sensitive personal information to infer characteristics about you. Because our use is limited to these essential purposes, the CPRA right to limit use has nothing to opt out of on our side.
- Right to non-discrimination.
Categories of personal information collected (CCPA disclosure). In the preceding 12 months, we have collected the following CCPA-defined categories:
- Identifiers — name, email, postal address, phone number, IP address, account ID, Clerk user ID, Stripe customer ID.
- Customer records (Cal. Civ. Code § 1798.80) — shipping name + address + phone.
- Commercial information — listing history, purchase history, bid history, ratings.
- Internet or network activity — limited to functional cookies, cookieless analytics, and server logs (see Section 2.2).
- Geolocation data — ZIP code only, for shipping estimates.
- Visual information — listing photos and rating photos.
- Sensitive personal information — account log-in credentials (with Clerk); financial-account identifiers (with Stripe). As noted above, used only for essential purposes.
We disclose these categories for the business purposes listed in Section 3 and to the service-provider categories listed in Section 4.1. We have not sold or shared personal information for cross-context behavioral advertising in the preceding 12 months.
To make a CCPA request, email support@disctradingpost.com with the subject line "Privacy Request" or use your in-account settings to access and edit the information directly.
7.4 New Jersey residents (NJDPA)
New Jersey residents have rights under the New Jersey Data Privacy Act, including the rights to access, correct, delete, port, opt out of targeted advertising, opt out of sale, and opt out of profiling for solely-automated decisions producing legal or similarly significant effects. As noted throughout this policy, we do not engage in targeted advertising, sale of personal information, or profiling for automated decisioning, so those opt-outs have nothing to opt out of on our side. The other NJDPA rights are honored as described in Section 7.1. Send requests to support@disctradingpost.com with the subject line "Privacy Request."
7.5 Other US state residents
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon, Montana, Iowa, Indiana, Tennessee, Florida, Delaware, New Hampshire, and other states with comprehensive consumer-privacy laws have substantially similar rights to those in Section 7.1. To exercise any right, email support@disctradingpost.com with the subject line "Privacy Request." We will respond within the timeframe required by your state's law — typically 45 days, with a possible 45-day extension on notice.
7.6 European Economic Area, United Kingdom, and Switzerland
We operate the platform from the United States and do not target users in the EEA, UK, or Switzerland. If you nonetheless use the platform from one of those regions:
- Lawful basis. We process your personal information based on (a) contract performance (running your account and processing orders), (b) legitimate interests (fraud prevention, security, defending against legal claims, improving the platform), (c) compliance with legal obligations (tax, anti-money-laundering), and (d) your consent where required.
- International transfers. Your information will be transferred to and stored in the United States. We rely on appropriate safeguards (including Standard Contractual Clauses where applicable) for transfers involving our service providers.
- GDPR / UK GDPR rights. You have the rights of access, rectification, erasure, restriction of processing, portability, objection to processing, and the right to lodge a complaint with your supervisory authority.
To exercise EEA / UK / Swiss rights, email support@disctradingpost.com with the subject line "Privacy Request."
7.7 How to make a request
Email support@disctradingpost.com with:
- The right or rights you are exercising
- Enough information for us to verify your identity (typically the email on your account plus a recent order ID or listing ID)
- If you are using an authorized agent, written authorization signed by you
We respond within the timeframe required by applicable law — typically 45 days for US state rights and 30 days for EEA / UK GDPR rights. If we need more time, we will tell you within that initial window and explain why.
8. Security
We use reasonable and appropriate technical and organizational measures to protect your information:
- Encryption in transit. All traffic to and from the platform uses HTTPS (TLS).
- Encryption at rest. Our database (Neon) and image host (Cloudinary) encrypt stored data at rest by default.
- Access controls. Production database and service-provider dashboards are protected by 2-step verification.
- Secrets management. API keys and other credentials are stored in Vercel's encrypted environment-variable system, not in source code.
- Payment data minimization. We never see or store your full payment-card number, CVV, expiration, or seller bank-account details — that information flows directly to Stripe.
- Principle of least information. We share only the minimum necessary information with each service provider and with each counterparty user (sellers receive only the shipping fields needed to fulfill the specific order in question, etc.).
No security system is perfect. If we have reason to believe your information has been accessed by an unauthorized party in a way that creates a meaningful risk of harm, we will notify you as required by applicable law.
9. Children's privacy
The platform is intended for users aged 18 or older (Terms of Service Section 1.1). We do not knowingly collect personal information from anyone under 13, and we do not direct the platform at children. If you believe a child under 13 has provided personal information to the platform, email support@disctradingpost.com and we will delete the account and the information promptly. Additional protections for minors aged 13–17 under California and other state laws are inapplicable to the platform because we do not permit minors to register; if a minor nonetheless gains access, the same deletion procedure applies.
10. International users
We operate the platform from the United States. Our service providers store data in the United States (or, for Neon and Cloudinary, in additional US or EU regions as configured). If you access the platform from outside the United States, you understand that your information will be transferred to, stored in, and processed in the United States, where data-protection law may differ from your home jurisdiction.
11. Linked services and external sites
The platform contains links to third-party sites — for example, manufacturer pages referenced in the catalog, the privacy policies of our service providers, and retailer-pricing sources (Infinite Discs, Marshall Street, OTB). We are not responsible for the privacy practices of those third-party sites. Read their policies if you use them.
12. Changes to this policy
We may update this Privacy Policy from time to time — for example, when we add or change a service provider, when applicable law changes, or when we add a feature that handles personal information differently.
- Effective date. The "Effective date" at the top of this policy is always the date of the most recent material update.
- Notice. We will notify account holders of material changes by email or by an in-platform notice before the change takes effect. Prior versions are kept on file and can be provided on request.
- Continued use. Your continued use of the platform after a material change takes effect constitutes acceptance of the updated policy. If you do not agree to a change, you can close your account before the effective date.
13. Contact
Email: support@disctradingpost.com
Mailing address: Last Tree Disc Golf LLC Attn: Privacy 725 Belmont Ave Collingswood, NJ 08108 United States
For any formal privacy request — CCPA / CPRA, NJDPA, other US state rights, GDPR, or general questions — use the email above with the subject line "Privacy Request" so we can route it correctly.