Skip to content
← Back

Privacy Policy

Effective: May 22, 2026

This Privacy Policy explains what data LUUT ("we," "us") collects from you, how we use it, and the choices you have.

1. What we collect

We collect the data needed to operate a marketplace:

  • Account info: email, username, display name, avatar, authentication provider (Google, Discord, or email/password).
  • Transaction info: shipping address, items you list or buy, payment-method tokens (we never see your full card number, that stays with Stripe).
  • Usage info: IP address at signup, pages viewed, actions taken on the site, referral attribution.
  • Communications: emails you send to support and messages within the platform.

2. How we use it

  • To run the marketplace: match buyers and sellers, process payments, generate shipping labels, handle disputes.
  • To prevent fraud, ratings manipulation, and waitlist farming.
  • To send transactional emails (signup confirmation, offers, payouts, disputes, shipping).
  • To improve the product through aggregated, de-identified analytics.

We don't sell your personal information. We don't use your data to train AI models.

3. Who we share it with

We share data only with service providers we need to run LUUT:

  • Supabase: database, authentication, and file storage.
  • Stripe: payments and payouts to sellers (Stripe Connect Express).
  • Shippo: shipping label purchase and tracking.
  • Resend: transactional email delivery.
  • Vercel: hosting and edge functions.
  • Cloudflare: bot prevention (Turnstile) and DDoS protection.
  • Upstash: rate limiting.
  • Sentry: error monitoring.
  • Google Analytics: aggregated usage metrics.

We may share data when required by law, in response to lawful requests, or when necessary to protect rights, property, or safety.

4. Cookies

We use cookies and similar storage to keep you signed in, remember preferences, prevent abuse, and measure aggregate site usage. Essential cookies don't require consent; analytics and preference cookies can be disabled in your browser.

5. Data retention

We keep account data while your account is active. After deletion, we retain transactional records (orders, payouts, disputes) for as long as required by tax, accounting, and anti-fraud laws, typically 7 years for financial records.

6. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data. To exercise any of these rights, email privacy@luut.gg. We'll respond within 30 days.

7. Children

LUUT is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If you believe we have, email privacy@luut.ggand we'll delete it.

8. International transfers

LUUT is operated from the United States. If you access LUUT from outside the US, your data will be transferred to and processed in the US, where data-protection laws may differ from those in your country.

9. Security

We use industry-standard safeguards: encryption in transit (TLS), encryption at rest, scoped access controls, and row-level security in our database. No system is perfectly secure. If you suspect a breach of your account, email security@luut.gg.

10. Changes

We'll update this Policy when our practices change. We'll post the new effective date and, for material changes, notify you by email.

11. Contact

Privacy questions: privacy@luut.gg. General support: support@luut.gg.