Privacy Policy

We collect information you provide to create and use your account, including your email address, username, password, optional profile fields, marketplace details, listings, uploaded images, messages, support requests, and AI-related prompts or source material you choose to submit.

We also process technical and operational data needed to run the service, such as authentication/session data, request metadata, device and browser details, IP-derived logs, locale and theme preferences, and email-verification state.

If you use AI features, we may process listing photos, imported product URLs, extracted product content, and image-generation prompts. We do not currently offer phone-number signup, social-login signup, or in-product billing/subscription checkout.

We use personal information to create accounts, authenticate users, deliver marketplace functionality, host user content, send transactional email, respond to support requests, detect abuse, enforce platform rules, and improve the reliability and safety of the service.

We only use optional analytics where we have a valid consent basis. If optional analytics is not enabled, we do not initialize PostHog for analytics tracking.

We also use submitted content to provide AI-assisted product extraction, listing generation, moderation, and image generation features when you ask for them.

Where a legal basis is required, we generally rely on: (a) contract performance to provide the platform and requested features, (b) legitimate interests to secure, maintain, and improve the service, (c) consent for optional analytics and other consent-based processing, and (d) legal obligations where we must retain or disclose information.

Where consent-based processing applies, you may withdraw consent by contacting us. Withdrawal does not affect processing that occurred before consent was withdrawn.

We do not sell personal information. We share information with service providers only as needed to operate the product and the specific feature you use.

We currently use the following service providers:

• Supabase for authentication, database, and file storage.
• PostHog for analytics and feature flags when analytics consent is granted.
• Resend for transactional email delivery.
• Google for certain AI listing and extraction features.
• Anthropic for moderation-related AI processing.
• Runware for AI image generation.
• Jina for URL content retrieval used in product-import flows.

We may also disclose information when required by law, when necessary to protect users or the platform, or in connection with a merger, acquisition, financing, or asset transfer.

Account, marketplace, listing, chat, and support data are stored while needed to operate the service and support legitimate business or legal needs. Exact retention windows vary by data type, operational needs, backups, and legal requirements, and we do not currently publish fixed self-enforced deletion schedules for every category of data.

Some content is intentionally visible to other users based on how the product works. For example, marketplace membership, listings, and chat content are shown to the users who can access those features. Certain uploaded files, including some listing or marketplace images, may be stored at publicly retrievable URLs depending on the storage path and feature implementation. Public or publicly accessible marketplaces can also expose content more broadly than private or membership-restricted spaces.

We use administrative, technical, and organizational safeguards intended to protect personal information, including access controls, encrypted transport, platform authentication controls, and service-provider security features. No system is perfectly secure, and we cannot guarantee absolute security.

You are responsible for safeguarding your account credentials and for reviewing the content you choose to publish or share on the platform.

Depending on where you live, you may have rights to access, delete, correct, receive a portable copy of your data, object to processing, or request another privacy-related review. In this version of the product, these requests are handled through our support-driven Privacy Request workflow rather than through self-serve export or self-serve account deletion tools.

You can currently update profile information inside the product and manage notification preferences. For privacy-rights requests, use the Privacy Request page or contact us directly. We may ask you to verify your identity before acting on a request.

Cirkle Labs operates from the United States, and our service providers may process information in the United States or other jurisdictions where they operate. If you access Cirkle from outside the United States, your information may be transferred to those jurisdictions.

Where required, we rely on contractual, organizational, and technical safeguards intended to support lawful cross-border processing.

Cirkle is not intended for children under 18, and we do not knowingly offer accounts to children. If you believe a child has provided personal information to the platform, contact us so we can investigate and take appropriate action.

We may update this Privacy Policy as the product, vendors, and legal requirements change. When we do, we will update the effective date and may provide additional notice when appropriate.

Your continued use of the service after an updated policy becomes effective means the updated policy will apply going forward.