theRuckRack
Trust & Security

Trust, Security & Privacy

This page is maintained by theRuckRack to answer common security and privacy questions about the marketplace. It describes controls that are enabled today and how the responsibilities are split between theRuckRack, our hosting platform, and you. It is not a certification and has not been independently audited.

Accounts & access

  • Sign-in with email and password or Google.
  • Passwords are hashed and verified by our authentication provider — theRuckRack staff never see them.
  • Buyers, sellers, and administrators are separate roles. Admin actions are restricted by server-side role checks.
  • Each account can only read and modify its own profile, listings, favorites, and orders.
  • Sign out from any device on the account menu in the header.

Encryption

  • All connections between your browser and theRuckRack use HTTPS / TLS.
  • Database connections from our application to our managed database are encrypted in transit.
  • Card details are handled by our payment processor — they are never stored on theRuckRack servers.

Data we collect

  • Account: email, display name, optional avatar, optional location and bio.
  • Listings you create: title, description, price, condition, category, and images you upload.
  • Activity: favorites, messages, and order history needed to operate your account.
  • We do not sell personal data to third parties.

Hosting & subprocessors

  • Application hosting and edge runtime: Lovable.
  • Database, authentication, and file storage: Supabase (managed Postgres).
  • OAuth sign-in: Google.
  • Payments: Stripe.
  • These providers process data on our behalf under their own security and privacy programs.

Cookies & analytics

  • We use a session cookie to keep you signed in.
  • We do not use third-party advertising cookies.
  • Local browser storage is used to remember your cart between visits.

Retention & deletion

  • You can edit or delete your listings and favorites at any time from your dashboard.
  • Order and message history is retained while your account is active for support and dispute resolution.
  • To request full account deletion, contact us at the address below.

Shared responsibility

  • Lovable / Supabase — secure the hosting platform, managed database, and authentication service.
  • theRuckRack — defines access rules, validates input, reviews listings, and responds to security and privacy requests.
  • You — keep your password private, use a strong unique password, and report suspicious listings or messages.

Contact us

  • Privacy or data requests: privacy@theruckrack.com
  • Report a security issue: security@theruckrack.com
  • Report a suspicious listing: use the “Report” link on the listing page or message support from your dashboard.

This page is editable project content maintained by theRuckRack. It is not an independent audit, certification, or legal agreement. Specific compliance, regulatory, or contractual commitments are provided separately on request.