Short version: We collect only what we need to run the Service. We never sell your data. You can request deletion of your account and data at any time.
This Privacy Policy explains how JDMarket ("we", "us", "our") collects, uses, stores, and protects your personal information when you use the Service. By using JDMarket, you agree to the data practices described in this policy. This policy complies with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal private-sector privacy law.
| Category | Data collected | Required? |
|---|---|---|
| Account | Username, email address, hashed password | Yes |
| Profile | Telegram chat ID (for notifications) | Optional |
| Usage | Search queries, watch configurations, scrape job history, AI filter prompts, saved favorites | Yes (core feature) |
| Billing | Stripe customer ID, subscription status, plan type. Full card details are never stored by us. | Paid plans only |
| Technical | IP address, browser/device type, server access logs | Automatic |
We do not collect your Facebook credentials, your Facebook friends list, private messages, or any data from your Facebook account beyond the public Marketplace listings retrieved by the agent on your behalf.
We do not: sell, rent, or share your personal information with third parties for advertising or marketing purposes. We do not use your data to train AI models.
Under PIPEDA and applicable privacy legislation, we process your personal information on the following bases:
Your data is stored on servers located in Toronto, Canada (DigitalOcean). We use PgBouncer connection pooling and PostgreSQL for data storage. All connections use TLS encryption in transit.
We use the following sub-processors and third-party services to operate JDMarket:
| Provider | Purpose | Data shared |
|---|---|---|
| Stripe, Inc. | Payment processing & subscription management | Email, name, billing address, payment method (processed directly by Stripe) |
| DigitalOcean | Cloud infrastructure & hosting | All data stored on their servers (Toronto region) |
| Resend | Transactional email delivery | Your email address and email content |
| Cloudflare | DNS, DDoS protection, CAPTCHA (Turnstile) | IP address, browser fingerprint (for CAPTCHA only) |
| Telegram | Notification delivery (optional) | Listing data sent to your Telegram chat (only if you configure a Chat ID) |
We do not share your personal information with any other third parties. Each sub-processor has been selected for their privacy and security standards.
The JDMarket desktop agent runs on your computer and communicates with our servers over HTTPS. Specifically:
We use a single session cookie to keep you logged into the JDMarket web dashboard. This cookie is:
We do not use advertising cookies, cross-site tracking cookies, or any third-party analytics cookies (e.g. Google Analytics). We do not use fingerprinting or any other form of persistent tracking.
Cloudflare Turnstile (our CAPTCHA provider) may set a short-lived cookie on login and registration pages for bot detection purposes only.
We implement reasonable technical and organizational measures to protect your personal data, including:
However, no method of electronic transmission or storage is 100% secure. In the event of a data breach that poses a risk to you, we will notify affected users and relevant authorities as required by law.
Under PIPEDA and applicable Canadian privacy law, you have the right to:
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
Your data is primarily stored and processed in Canada (Toronto). Some of our sub-processors (Stripe, Cloudflare, Resend) are US-based companies. By using the Service, you consent to the transfer of your information to these providers in accordance with their respective privacy policies and applicable data transfer frameworks.
We select sub-processors that provide contractual guarantees for the protection of personal data transferred internationally.
The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. If you believe a minor has created an account, please contact us at [email protected].
We may update this Privacy Policy from time to time. For material changes, we will notify you by email or by posting a prominent notice within the Service at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
For any privacy-related questions, requests, or concerns, please contact us: