privacy policy

last updated:

overview

this privacy policy explains how pleasebuy.me ("we", "our", or "us") collects, uses, and protects your information when you visit our website and use our services.

information we collect

automatically collected information

  • ip addresses:we collect and hash your ip address using sha-256 hashing (hmac) to track product views and likes while protecting your privacy.
  • usage data:we track which products you view and like to provide accurate statistics.
  • page/shop visit counters (cookie-less):we compute basic visit counters without using cookies. for the shop section, we display total hits and unique visitors per day (uniqueness within the calendar day); for other pages, we display total hits and unique visitors without a day-by-day breakdown (uniqueness is counted in aggregate). uniqueness is determined server-side using hashed IPs (hmac‑sha‑256). these operational metrics are collected under legitimate interests to understand availability and baseline traffic levels.
  • analytics data (consent-based):with your consent, we may use google analytics to understand how visitors use our site. this is separate from our cookie-less operational counters.

information you provide

  • contact messages:when you contact us through our forms, we collect your email address and message content.
  • product inquiries:messages about specific products include your email and inquiry details.

you also have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.

how we use your information

  • to display accurate view and like counts on products.
  • to display aggregated, cookie-less visit counters (e.g., homepage/shop views) based on server-side hashed IPs.
  • to prevent spam and abuse by limiting actions per ip address.
  • to respond to your inquiries and messages.
  • to improve our website and services (with analytics consent).
  • to display essential information and site messaging.

data protection measures

ip hashingin our application databases, we do not store raw ip addresses — only hmac‑sha‑256 hashes. our web server (nginx) access logs may include ip addresses for security and diagnostics with limited retention and rotation (see “server logs (nginx)” below).
data minimizationwe only collect data necessary for our services.
secure storageall data is stored securely with appropriate access controls.
encrypted contact emailsemails submitted via our contact forms are stored encrypted at rest using aes‑256‑gcm. for operational lookups we store a separate irreversible hash of the email; the plaintext email is not used for queries.
retention limitswe enforce retention limits and automatically purge data according to policy (e.g., contact messages after 180 days).
scoped maintenance accessmaintenance tasks use scoped tokens with limited permissions ("maintenance" role) distinct from full admin access.
audit loggingwe record purge operations (actor, role, timestamp, counts) for security and compliance. audit logs do not include message content and are retained for12 months.
server logs (nginx)our web server writes json access logs that may include client ip addresses. logs are rotated weekly or when they exceed 50mb, and up to 14 rotations are kept (approximately 3 months). these logs are used strictly for security, abuse prevention, and operational diagnostics, and are not joined with application databases. logs also capture extended correlation and tracing fields (e.g.,x-request-id, traceparent, tracestate,x_b3_traceid, x_amzn_trace_id), upstream correlation ids, and timing metrics such as request_time,upstream_status, upstream_addr, andupstream_response_time.
strict transport security (hsts)we enable the http strict-transport-security (hsts) response header at the web server level to instruct browsers to use https for this domain.
content security policy (csp) with noncewe enforce a content security policy (csp) with per-request nonces for scripts. this restricts code execution to trusted sources and reduces xss risk.
request correlation (x-request-id)each request is assigned an x-request-id identifier, which simplifies diagnostics and end‑to‑end tracing (browser → application → web server).
csrf protection for admin apifor cookie‑authenticated admin api requests that change state, we require the header x-requested-with: xmlhttprequest. this reduces the risk of csrf attacks.
rate limiting and origin enforcementpublic apis are protected with rate limiting and origin enforcement, helping to prevent spam and automated abuse.
anti-spam for contact formsour contact form includes a honeypot field to deter automated submissions; if it is filled, the server responds with a generic success without storing data. we also apply a small, consistent processing delay to reduce bot effectiveness.

cookies and tracking

we use cookies for:

  • essential functionality:basic site operation. note: theme preferences are stored inlocalstorage (not cookies). for administrators only, we set an admin_token session cookie to secure access to the admin area. this cookie is not issued to regular visitors and is used strictly for authentication and session integrity. attributes: httponly, secure, samesite=lax. to provide stable, per‑device functionality for likes and product view state, we set a short, random device identifier (pbm_fid) when needed. this cookie is strictly functional, not used for analytics or cross‑site tracking, and helps avoid collisions behind shared ips (e.g., nat). attributes: httponly, secure, samesite=lax; typical lifetime up to 365 days.
  • operational counters (no cookies):homepage/shop visit counters do not require cookies and work without them. with analytics consent, we may use the anonymous pbm_vididentifier to improve deduplication accuracy (e.g., behind nat). without consent, or if the identifier is absent, counters rely on hashed ip only.
  • anonymous visitor id (consent‑based):with your analytics consent, we set a short, random identifier (pbm_vid) to improve the accuracy of visit deduplication. it is not used for cross‑site tracking, contains no personal data, and is removed if you decline analytics. it expires after 365 days, same as pbm_consent. attributes: secure, samesite=lax.
  • analytics (optional):google analytics with ip anonymization is loaded only with your consent. see google's privacy policy.
  • reply opt-in (contact):when you agree to receive a reply about an item, we set an httponly cookie ('pbm_reply_optin') to remember your choice for up to 30 days so you aren't asked again. attributes: httponly, secure, samesite=lax; it stores only the opt-in state and does not identify you. submissions require either this cookie to be present or an explicit opt-in in the form; the server validates this before accepting a message.

your consent is stored server-side in an httponly cookie ('pbm_consent') for secure reads on the server, and mirrored client-side in localstorage to power ui and pixel gating; changes synchronize across tabs via events. in addition, we maintain an aggregated, non-identifying daily counter of consent choices (accept/decline) in our database (consent_stats) to understand banner engagement. this dataset contains no identifiers and is purged after 24 months as part of regular maintenance. the pbm_consent cookie itself expires after 365 days. you can withdraw consent or adjust preferences anytime using the cookie settings control (bottom-right) or via the banner when it is shown.

you can adjust your cookie preferences anytime via the cookie settings control (bottom-right).

third-party services

google analytics

with your consent, we use google analytics to understand website usage. we have enabled ip anonymization to protect your privacy. you can opt out at any time through our cookie settings. learn more in google's privacy policy.

your rights (gdpr)

if you are in the european union, you have the following rights:

  • accessrequest a copy of your personal data.
  • rectificationcorrect inaccurate personal data.
  • erasurerequest deletion of your personal data.
  • portabilityreceive your data in a machine-readable format.
  • objectionobject to processing of your personal data.
  • withdraw consentwithdraw consent for analytics at any time.

data retention

1y
hashed ip dataautomatically deleted after 1 year.
agg
shop view aggregatesdaily aggregates (shop_view_aggregates) do not contain identifiers and are purged after 1 year as part of regular maintenance.
180d
contact messagesretained for 180 days for customer service purposes.
ga
analytics datafollows your google analytics property retention settings.
30d
idempotency fingerprintstechnical fingerprints used to deduplicate product view hits are automatically deleted after 30 days.

international transfers

your data may be processed in countries outside the eu. we ensure appropriate safeguards are in place for any international transfers.

children's privacy

13

our marketplace service is intended for users 13 years and older. users under 13 require parental consent to use our platform. we do not knowingly collect personal information from children under 13 without parental consent.

to reduce friction while upholding our policy, our contact form includes a lightweight self‑attestation checkbox confirming the user is 13+ or has parental consent. submissions are validated server‑side. to avoid re‑prompting on subsequent contact requests, we set a short‑lived httponly cookie ("pbm_age_attested") valid for up to 30 days. this cookie stores only the attestation state and does not identify you.

changes to this policy

we may update this privacy policy from time to time. we will notify you of any changes by posting the new policy on this page and updating the "last updated" date.

contact us

if you have any questions about this privacy policy or want to exercise your rights, please contact us through our contact form or email us directly.

email:

for gdpr-related requests, please include "gdpr request" in your message subject.

regional notices (ccpa/cpra)

we do not sell or share personal information as those terms are defined under the california consumer privacy laws (ccpa/cpra).

california residents may exercise applicable rights by contacting us via the contact methods listed in this policy.