marsoole

Effective May 13, 2026

Privacy Policy

This Privacy Policy describes what information Mahmoud Mehrjoo ("Marsoole", "we", "us") collects, how we use it, and the choices you have when you use the Marsoole mobile application.

We do not sell or rent your personal information.

This policy is incorporated into our Terms of Service.

1. Information you provide

  • Account details: username, display name, password (stored hashed by our auth provider), date of birth, optional avatar photo
  • Listings: title, description, photos, price, area, tags, and similar fields
  • Messages: contents of conversations with other users
  • Q&A posts and replies, including emoji reactions
  • Optional location pin and search radius (when you set them)

2. Information collected automatically

  • Device information (operating system, version, model)
  • Approximate or precise location, only when you grant permission, used to show listings nearby
  • Push notification token, only when you grant permission
  • Basic usage data (which screens you view, when, basic interactions) for product improvement and abuse prevention
  • IP address (used by our hosting provider for security and rate-limiting)

3. Information from third parties

  • Sign-in metadata from Apple Sign in with Apple and Google Sign-In (your unique provider identifier, the email and full name you share with us, and — for Google only — an optional avatar photo). If you use Apple's Hide My Email, we receive only the relay address.
  • Authentication tokens stored by Supabase Auth (our identity provider).
  • Place autocomplete (Photon / OpenStreetMap) — when you type in an address field, the typed text and your approximate coordinates are sent to bias suggestions toward your area.

4. What we do not collect

We do NOT currently collect government IDs, financial account information, biometrics, contact lists, or message content from outside Marsoole.

5. How we use information

  • Operate the Service and its features
  • Personalize listings, suggestions, and search results in your area
  • Send transactional notifications (replies, messages, listing inquiries)
  • Improve, debug, and secure the Service
  • Detect and prevent fraud, abuse, and illegal activity
  • Comply with law and protect rights and safety

6. Sharing

We share information with:

  • Other users — only the parts you choose to make public (your username, display name, listings, replies, and messages with that specific user).
  • Service providers that help us run Marsoole: Supabase Inc. (database, authentication, file storage); Apple and Google (sign-in providers); Apple Push Notification service and Firebase Cloud Messaging (push delivery); Photon / OpenStreetMap (place autocomplete); Brevo or equivalent (transactional emails, if and when configured).
  • Legal authorities when required by law, subpoena, court order, or to investigate fraud, sanctions evasion, exploitation of minors, threats to safety, or other serious harm.

6a. Sanctions and export-control screening

Where required by law, we may screen account information and transactions against U.S. (OFAC), EU, UK, UN, and other sanctions and export-control lists. If a match is found, we may suspend the account and decline service, and we may notify the appropriate authorities as required by law.

7. Data retention

  • Account data is kept while your account is active.
  • When you delete your account, your profile (name, username, avatar, date of birth, email) is removed, along with your listings, ads, saved items, push tokens, blocks, and reports you filed.
  • Messages you sent, reviews you wrote or received, completed trip bookings, and questions or replies you posted in the community remain visible to the other users involved, with your name replaced by "Deleted user." This preserves the integrity of other users' conversation history and the marketplace's review record.
  • Pending or accepted trip bookings you were a party to are automatically cancelled.
  • Server backups and audit logs may retain data for up to 30 days before being purged.
  • Push tokens are removed when you uninstall the app or rotate them.

8. Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, restrict, object to, or port your data.

EU/UK residents have rights under GDPR. California residents have rights under CCPA/CPRA. We honor these rights regardless of where you live.

Account deletion is available from Settings. For other requests, email privacy@marsoole.me.

9. Children

The Service is not intended for users under 13. If we learn we have collected data from a user under 13, we will delete it.

10. International transfers

Our infrastructure is hosted in regions selected by our providers (primarily Supabase's data centers). By using the Service, you consent to processing in those regions.

11. Security

We use commercially reasonable safeguards: encryption in transit (HTTPS) and at rest (database-level encryption by our provider), access controls, and standard authentication. No system is perfectly secure; please use a strong password and keep it private.

12. Changes

We will announce material changes to this Privacy Policy in the app and update the effective date.

13. Contact

privacy@marsoole.me