Privacy Policy

NoLie, Inc. ("NoLie," "we," "us," or "our") operates a collectibles auction marketplace. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website, mobile application, and related services (collectively, the "Platform"). By using the Platform, you consent to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly, including: name, email address, phone number, mailing address, and shipping address when you create an account or complete a transaction; payment information (processed and stored by our third-party payment processor, Stripe); identity verification information when required for seller onboarding or compliance; listing details including photographs, descriptions, and pricing for items you list for auction; communications you send to us or other users through the Platform; and, where applicable, resale certificates, seller's permits, state tax identification numbers, and related documentation provided for sales tax exemption purposes. This information may be collected during account registration or at any time a user requests tax-exempt status.

1.2 Information Collected Automatically

When you use the Platform, we automatically collect: device information (device type, operating system, browser type); IP address and approximate country derived from it (we do not retain raw IP addresses in our analytics event records); usage data (pages viewed, features used, auction activity, bidding history, offers, and items added to cart); first-party cookies and similar tracking technologies described in Section 8; and referral source and session duration.

1.3 Information from Third Parties

We may receive information from third-party services including payment processors, identity verification providers, shipping carriers, and analytics providers.

2. How We Use Your Information

We use your information to: operate and maintain the Platform; process transactions, payments, and payouts; verify user identity and prevent fraud; verify tax exemption eligibility and maintain records as required by applicable state tax law; facilitate shipping and delivery of items; communicate with you about your account, transactions, and Platform updates; enforce our Terms of Service and other policies; comply with legal obligations; improve the Platform and develop new features, including search and ranking quality; and send promotional communications (with your consent, where required).

3. How We Share Your Information

We may share your information with: other users as necessary to complete transactions (for example, sharing a buyer's shipping address with a seller to fulfill an order); payment processors to process transactions; shipping carriers to facilitate delivery; service providers who assist in operating the Platform; state or federal tax authorities upon request, pursuant to audit, or as otherwise required by applicable tax law, including resale certificates and seller's permit documentation; law enforcement or government agencies when required by law or to protect our rights; and in connection with a merger, acquisition, or sale of assets.

We do not sell your personal information to third parties, and we do not share personal information for cross-context behavioral advertising.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services, comply with legal obligations, resolve disputes, and enforce our agreements. Transaction records are retained for a minimum of 7 years for tax and compliance purposes. Resale certificates, seller's permits, and related tax exemption documentation are retained for as long as required by applicable state tax law. Analytics event records described in Section 8 are retained for 90 days in our primary database and in encrypted longer-term storage for aggregate analysis. Upon a verified deletion request, we remove identifying fields from these records within 30 days.

5. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your information. However, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security of your data.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the right to: access, correct, or delete your personal information; opt out of promotional communications; request a copy of your data; opt out of the sale or sharing of personal information (note that we do not sell or share personal information — see Section 7); and object to or restrict certain processing of your data. Residents of California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Delaware, Indiana, Kentucky, Rhode Island, and other states with comprehensive privacy laws may exercise these rights regardless of the specific statute.

To exercise these rights, contact us at support@nolie.com. We will respond within 30 days or as required by applicable law.

7. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to request correction or deletion, the right to opt out of the sale or sharing of personal information for cross-context behavioral advertising, and the right to limit the use of sensitive personal information.

NoLie does not sell personal information, does not share personal information for cross-context behavioral advertising, and does not use personal information for targeted advertising. We do not engage in profiling that produces legal or similarly significant effects concerning you. Because there is no sale or sharing to opt out of, opt-out preference signals (including the Global Privacy Control) have no effect on our processing. You may still exercise your access, correction, and deletion rights by contacting support@nolie.com.

8. Cookies and Analytics

NoLie uses a small number of first-party cookies and a server-side analytics event log to operate the Platform, secure authentication, and improve product ranking and search quality. We do not use third-party analytics providers, advertising trackers, or cross-site tracking technologies. None of the cookies or event records described in this section are shared with third parties, and the data does not leave NoLie's infrastructure.

8.1 Cookies We Set

The cookies described below are all first-party (set only by NoLie domains) and not readable by JavaScript. They are used solely for server-side reads. We set: a long-lived analytics identifier cookie persisted for up to one year, used to correlate Platform activity across sessions for the analytics purposes described in Section 8.2; a session identifier cookie with a sliding thirty-minute idle expiry, used to group related actions within a single browsing session; and authentication cookies set by our authentication provider to keep you signed in.

8.2 Analytics Event Log

When you interact with the Platform — for example, searching, viewing a listing, placing a bid, making or accepting an offer, adding an item to a cart, or completing a checkout — we record a structured event describing that action. Each event may include the event type; the listing, seller, or order it relates to; the rank position and ranking version at which an item was displayed (for impressions); your user ID if signed in, together with the anonymous and session identifiers described in Section 8.1; the approximate country derived from your IP address; and basic device context such as user agent string and app version. We do not retain raw IP addresses.

We use this data for internal debugging, fraud detection, product analytics, and improving ranking and search relevance. We do not use it for advertising, behavioral targeting, or sale to third parties.

8.3 Your Controls

You can clear or block cookies through your browser settings; doing so may sign you out and may affect Platform functionality. Authenticated users may request deletion of their associated analytics event records at any time by contacting support@nolie.com.

9. Third-Party Links

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.

10. Children's Privacy

The Platform is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete it.

11. International Users

The Platform is operated from the United States. If you access the Platform from outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or Platform notification. Continued use after changes take effect constitutes acceptance.

13. Contact

NoLie, Inc. A Delaware C-Corporation Email: support@nolie.com