Hidehouse Craft just became Founder #053
Core Policy

Privacy Policy.

How Crafters Market collects, uses, shares, and protects personal information across Buyer, Maker, and visitor interactions — including our Creator-Owned AI Policy, California Privacy Rights (CCPA / CPRA), and the current Third-Party Service Providers vendor inventory.

◆ Core Policy
Version: 3.4Effective: On production launch (date set at go-live)Last updated: 2026-06-30
Founding Access v1 · Pending legal review. This document is provided for transparency during Crafters Market’s Version 1 marketplace validation phase. It is not legal advice and has not been finalized by counsel. If a term is unclear, email team@craftersmarket.org.
Crafters Market is a marketplace where Buyers, Makers, applicants, and visitors interact. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what controls you have. It applies to all users of the Platform.

§011. Introduction

  • Effective date: On production launch (date set at go-live).
  • Last updated: 2026-06-30. Version 3.2.
  • Purpose: this Policy is intended to provide transparent, plain-language disclosure of how Crafters Market collects, uses, and shares information.
  • Relationship to the Terms of Service: this Policy supplements the Terms of Service and is incorporated by reference. Where it conflicts with the Terms of Service on a privacy-specific issue, this Policy controls.
  • Scope: this Policy applies to Buyers, Makers, applicants for the Maker program, and visitors to the Platform. It does not apply to information collected by third parties on their own services even when linked from the Platform.

§022. Information We Collect

We collect the following categories of information. Not every category applies to every user.

  • Account information — name, email, phone, mailing address, business name (for Makers), and profile information you provide.
  • Marketplace information — Listings you create, Orders you place or fulfill, reviews you leave or receive, messages you send through Platform messaging, items you save, and (if implemented) wishlists and search history.
  • Maker verification information — during Maker onboarding and verification, we may collect information necessary to assess application quality and confirm identity. Only the information necessary to operate the marketplace is collected.
  • Payment information — payments are processed by Stripe. Crafters Market does NOT see or store full payment-card numbers, CVV codes, or full bank-account details. We see and store only what Stripe returns (tokens, last-4 digits, transaction metadata).
  • Uploaded content — photos, videos, listing descriptions, logos, digital files, and Custom Order uploads (collectively, “User Content”).
  • Technical information — IP address, browser, operating system, device identifiers, log files, crash reports, and referring pages.
  • Analytics — aggregate usage metrics to improve usability, marketplace performance, search, and fraud detection.
  • Cookies — see Section 7. Categories include essential cookies, analytics cookies, preference cookies, and (where applicable) marketing cookies.

§033. How We Use Information

We use the categories above for the following purposes:

  • Account creation and management.
  • Operating the marketplace (search, browsing, listing display, recommendations).
  • Processing Orders and facilitating payment through Stripe.
  • Customer support and dispute resolution (including Marketplace Assistance under the Returns & Refunds Policy).
  • Fraud prevention, account security, and Platform integrity.
  • Improving search relevance and personalization within the Platform.
  • Marketing communications, subject to the consent rules in Section 12.
  • Legal compliance, including tax reporting and responding to lawful requests.
  • Aggregate analytics and product improvement.

§044. Information Sharing

We share information only as needed to operate the marketplace. Categories of recipients:

  • Buyers and Makers — information necessary to complete transactions (e.g. the Buyer’s shipping address is shared with the Maker fulfilling the Order; the Maker’s shop name is displayed to the Buyer).
  • Payment processors — Stripe receives the information needed to process payments and payouts.
  • Shipping providers — shipping addresses and Order details are shared with carriers selected by the Maker.
  • Service providers — vendors that help us operate the Platform (analytics, cloud hosting, email delivery, fraud detection, customer-support tooling). Service providers are under contractual obligations to use information only on our behalf.
  • Legal requirements — we may disclose information when required by court order, subpoena, legal process, law-enforcement request, or regulatory inquiry; we will notify affected users where legally permitted.
  • Business transfers — in connection with a merger, acquisition, asset sale, or bankruptcy, information may transfer to the successor entity subject to the protections of this Policy.
  • We DO NOT sell personal information to third parties.
  • We DO NOT share personal information with advertisers for third-party ad targeting outside our own owned campaigns.

§054a. Third-Party Service Providers (Vendor Inventory)

The following third-party services are currently used to operate the Platform. Each vendor is bound by its own privacy and security terms in addition to our contractual obligations with them. This list reflects production; we update it when we add, remove, or replace a vendor.

  • Stripe (payments, Stripe Connect, subscriptions) — processes Buyer payments, Maker payouts, Crafters Plus subscription billing, and dispute/chargeback workflows. Receives Buyer billing information, Maker identity and banking information for KYC, and transaction metadata. Governed by Stripe's Privacy Policy and Connected Account Agreement.
  • Cloudflare (CDN, DDoS protection, edge security) — sits in front of Platform traffic. Sees IP addresses, request metadata, and (where TLS is terminated at the edge) request contents in transit. Used for performance and abuse mitigation, not for advertising.
  • Google Analytics 4 / GA4 (product analytics) — measures site usage, funnels, retention. Receives pseudonymous identifiers, page-view events, and coarse geolocation. Configured with IP anonymization where supported.
  • Google Ads (advertising, conversion tracking) — runs off-site ad campaigns and imports conversion events. Receives hashed identifiers and conversion metadata for ads attribution. Does not receive plaintext personal information.
  • Google Search Console (SEO / indexing telemetry) — provides organic-search performance data. Does not receive user personal information beyond aggregated query and click data.
  • Meta (Facebook / Instagram) Ads & Conversions API — runs off-site ad campaigns on Meta surfaces. Receives hashed identifiers and conversion metadata for ads attribution.
  • Pinterest (advertising and catalog feed) — if enabled, receives catalog metadata for Maker Listings and hashed identifiers for conversion attribution.
  • TikTok (Pixel and Events API) — if enabled, receives hashed identifiers and conversion events for ads attribution on TikTok surfaces.
  • Sentry (error monitoring) — if enabled, receives client and server error stack traces, request metadata, and pseudonymous user identifiers to help us find and fix bugs.
  • Mailgun / transactional email provider — delivers transactional email (Order confirmations, account and security notices, dispute updates, payout notifications). Receives recipient email addresses and message content.
  • Shippo (shipping-label purchase, rate lookup) — if the Maker uses on-Platform label purchase, Shippo receives the shipping address, package dimensions, and payment metadata needed to purchase and track the label.
  • AI service providers — the specific model providers we rely on for Operational AI (e.g., OpenAI, Anthropic, Google Gemini) may receive prompts and content necessary to perform the specific task (search relevance, listing optimization, translation, moderation, ad-copy generation). Provider identities may change over time; we do not send AI providers your creative Maker Content for training under the Creator-Owned AI Policy (Section 11 and Terms §6a).
  • Emergent Universal Key (LLM aggregator) — used internally to route Operational-AI requests to the appropriate model provider without exposing plaintext API keys to the Platform runtime.
  • Each vendor listed above has its own Privacy Policy that governs its own processing of information it receives from us. Links are available on request.
  • When we add, remove, or replace a vendor in a way that materially changes what information is shared, we will update this list and, where required by law, notify affected users.

§065. Data Retention

  • We retain information only as long as reasonably necessary to operate the Platform, comply with legal obligations, resolve disputes, enforce our agreements, and maintain security.
  • Specific retention periods are set internally based on category and risk profile (e.g. transaction records, tax records, fraud-investigation logs are retained for the longer periods that law and dispute windows require).
  • On account closure, see Section 13.

§076. User Rights

Subject to applicable law, you may request the following with respect to information we hold about you:

  • Access — a copy of personal information we hold about you.
  • Correction — correction of inaccurate information.
  • Deletion — deletion of personal information we no longer have a lawful or operational basis to retain. Self-service account deletion (buyers and makers) is available at /account/delete.
  • Portability — a machine-readable export of personal information where required.
  • Objection — objection to specific processing activities where applicable law grants that right.
  • Marketing preferences — opt out of marketing communications at any time (transactional communications cannot be opted out of while you have an active account).
  • Cookie preferences — manage cookie categories as described in Section 7 and the Cookie Policy.
  • To exercise any of these rights, contact team@craftersmarket.org. We respond within 30 days. Some information may need to be retained for legal, tax, fraud-prevention, or contractual reasons.

§086a. California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) grants you the following rights in addition to those in Section 6:

  • Right to know. You may request the categories and specific pieces of personal information we have collected about you, the sources of that information, the business or commercial purpose for collection, and the categories of third parties with whom we share it.
  • Right to delete. You may request deletion of personal information we have collected about you, subject to statutory exceptions (for example, information we need to complete a transaction, detect security incidents, or comply with a legal obligation).
  • Right to correct. You may request correction of inaccurate personal information we hold about you.
  • Right to limit use of sensitive personal information. You may request that we limit our use of sensitive personal information (SPI) to purposes necessary to provide the requested service.
  • Right to opt out of “sale” or “sharing.” The CCPA/CPRA defines “sale” and “sharing” broadly. Crafters Market does not sell personal information for money. Where our use of advertising cookies (Meta, Google, Pinterest, TikTok, Reddit) constitutes “sharing” for cross-context behavioral advertising under the CCPA/CPRA, you may opt out via the Cookie Preference Center (post-launch) or by sending a request to team@craftersmarket.org.
  • Right to non-discrimination. We will not deny goods or services, charge different prices, or provide a different level of quality because you exercised any of these rights.
  • How to submit a request. Email team@craftersmarket.org with the subject line “California Privacy Rights Request.” We will verify your identity using account information and respond within 45 days (extendable by 45 additional days where necessary and with notice to you).
  • Authorized agents. You may authorize an agent to submit a request on your behalf. Authorized-agent requests must be accompanied by written authorization signed by you.
  • Appeals. If we deny your request, you may appeal by replying to our written response; we will respond to appeals within 45 days.
  • Metrics. To the extent we are required to publish annual metrics under the CCPA/CPRA, we will do so on our Privacy Policy page or a linked disclosure.

§097. Cookies & Tracking

We use cookies and similar technologies. Categories:

  • Essential cookies — required for the Platform to function (sign-in sessions, cart state, fraud checks).
  • Analytics cookies — understand traffic, page performance, and feature usage. Aggregated and anonymized where possible.
  • Functionality cookies — remember your preferences (theme, language, viewed-listing history).
  • Security cookies — detect and block fraud and abuse.
  • Session-management cookies — maintain sign-in state and cart continuity.
  • Marketing cookies — not currently used for third-party ad targeting. If we ever add advertising cookies, we will disclose and manage them via the Cookie Policy and obtain consent where required.
  • See the Cookie Policy for the full inventory and your controls.

§108. Security

  • We use reasonable administrative, technical, and organizational safeguards to protect information against unauthorized access, alteration, disclosure, and destruction.
  • Examples include encryption in transit (HTTPS), encryption at rest for sensitive fields, access controls limiting who can view production data, security logging, and routine review of vendor security posture.
  • No method of internet transmission or electronic storage is completely secure, and we cannot guarantee absolute security.
  • If we become aware of a security incident affecting your information, we will notify you in line with applicable law.

§119. Children’s Privacy

  • The Platform is not intended for individuals under 18 unless otherwise permitted by applicable law.
  • We do not knowingly collect personal information from children.
  • If you believe a child has provided information to the Platform, contact team@craftersmarket.org and we will take prompt steps to delete it.

§1210. International Transfers

  • Crafters Market currently operates primarily within the United States, and the Platform is intended for U.S.-based Buyers and Makers. Personal information you provide is stored and processed in the United States.
  • If we expand services to residents of the European Economic Area (EEA), the United Kingdom, or other jurisdictions requiring additional transfer safeguards, we will implement the legally required mechanisms (including Standard Contractual Clauses or equivalent safeguards where applicable) before accepting registrations from those jurisdictions.
  • If you access the Platform from outside the United States, you understand and agree that your information will be transferred to and processed in the United States, and that the data-protection laws of the U.S. may differ from those of your home jurisdiction.

§1311. AI & Automated Services — Creator-Owned AI Policy

  • Your creativity belongs to you. This section explains, in plain English, how Crafters Market uses AI in relation to your personal information and User Content, and — importantly — what we do NOT do.
  • Operational AI (allowed): We use AI-powered tools to operate and market the Platform. This includes search relevance and personalization, recommendations, fraud and spam detection, on-platform translations, accessibility enhancements, customer-support assistance, Listing optimization, SEO metadata generation, and the use of third-party advertising platforms (Google, Meta / Facebook / Instagram, Pinterest, TikTok, Reddit, and similar surfaces) solely to generate, optimize, target, and deliver advertisements that promote Maker Listings. Operational AI also includes email campaigns, blog articles, product-description drafts, promotional graphics, video scripts, and social captions used to promote the marketplace.
  • Operational AI is part of running and promoting the marketplace. It does not require a separate consent step beyond your acceptance of the Terms of Service, the Maker Agreement (if you sell), and this Privacy Policy.
  • AI Model Training (NOT allowed without your explicit consent): We do not use your User Content — your photos, Listings, descriptions, journals, or other creative work — to train image-generation models, large language models, recommendation foundation models, or other commercial AI/machine-learning systems, and we do not license or otherwise permit your User Content to be used by any third party (including any third-party advertising provider) to train commercial foundation models. The Operational AI license above does not authorize the Platform or any third-party advertising provider to train commercial foundation models using your User Content.
  • Silence, inaction, or continued marketplace participation are not consent to AI Model Training. Consent must be affirmative and specific to a defined training program.
  • Personal information (as opposed to creative User Content) is never used to train external commercial AI models.
  • If we launch an AI Training Program in the future, it will be opt-in only, with a separate consent step, a clear description of intended use, the ability to withdraw consent later (subject to reasonable technical limitations for previously-trained models), and no reduction in your visibility, ranking, payouts, or marketplace access if you decline.
  • Aggregated, de-identified data. We may use aggregated statistics (e.g., “how many Buyers viewed a Listing this week”) that cannot reasonably be tied back to an individual Maker or Buyer to improve our own operational-AI features.
  • Cross-reference: Section 6a of the Terms of Service and Section 10a of the Maker Agreement contain the marketplace-wide AI use rules. If any of those three references conflict, the Maker Agreement controls with respect to Maker Content.

§1412. Communications

  • Transactional notifications — Order confirmations, shipping notices, dispute updates, security alerts, payout notifications. These are required for service and cannot be opted out of while you have an active account.
  • Account notices — policy updates, terms-of-service changes, account-status changes.
  • Optional marketing communications — newsletters, new-Maker announcements, promotional campaigns. You may opt out at any time using the unsubscribe link in any marketing email or by updating your account preferences.
  • We do not share email addresses with third-party advertisers for marketing to you outside the Platform.

§1513. Account Closure

  • You may close your account at any time from account settings or by emailing team@craftersmarket.org.
  • On closure, your public profile is unpublished and Listings (for Makers) are removed.
  • Certain information may be retained to comply with legal obligations (tax records, transaction history, anti-fraud records), resolve disputes, prevent fraud, and maintain marketplace records.
  • Retained information is segregated from active operations and is used only for the limited purposes above.

§1614. Changes to this Policy

  • We may update this Policy from time to time. Material changes will be communicated by posting the updated Policy to the Platform, by email, and / or by in-product notice prior to taking effect.
  • The Effective Date and Last Updated values reflect the current version.
  • Continued use of the Platform after the effective date of an update constitutes acceptance.
  • Where required by law, we will obtain affirmative re-acceptance for material changes.

§17Google API Services User Data

  • Crafters Market uses Google APIs only for OWNER-SIDE business operations (Search Console, Analytics, and Ads). We DO NOT offer "Sign in with Google" to buyers or makers, and we do not access Gmail, Drive, Calendar, Contacts, Photos, YouTube, or any consumer Google service.

§18Google User Data We Access

  • Google Search Console — scope: https://www.googleapis.com/auth/webmasters. We submit our own sitemaps and read indexing status of our own URLs (craftersmarket.org). We do not read data about other websites or users.
  • Google Analytics 4 — scope: https://www.googleapis.com/auth/analytics.readonly. Server-side reporting on aggregate traffic to craftersmarket.org. We read aggregate metric counts only — no per-visitor identifiers are pulled into our database.
  • Google Ads API — scope: https://www.googleapis.com/auth/adwords. We create + report on the off-site ad campaigns we run to drive traffic to craftersmarket.org. We do not access ad accounts that don't belong to us.
  • Connected-account email (display only): immediately after the OAuth handshake, we make a best-effort call to Google's https://www.googleapis.com/oauth2/v2/userinfo endpoint to show "Connected as you@example.com" on the admin settings screen so the connecting team member can verify they linked the intended account. We do NOT request the openid, profile, or userinfo.email scopes separately — if Google's response does not include an email, we proceed with an empty value.

§19How We Use Google Data

  • Submit sitemap.xml + sitemap_index.xml to Google Search Console so Crafters Market pages are indexed.
  • Inspect indexing status of specific craftersmarket.org URLs to debug indexing issues.
  • Read aggregate Google Analytics 4 reports (pageviews, sources, sessions) for the admin dashboard.
  • Create, pause, and read performance metrics on Google Ads campaigns we run to drive traffic to craftersmarket.org.
  • Display the connected admin's email address on our admin settings screen.
  • We DO NOT use Google user data to train AI or machine-learning models.
  • We DO NOT use Google user data for advertising targeting outside our own owned Google Ads campaigns.
  • We DO NOT enrich, profile, or repackage Google user data for any other purpose.

§20Storage & Retention

  • An encrypted OAuth refresh token, stored at rest in our MongoDB.
  • The connected admin's email address (display-only on the settings screen).
  • The list of OAuth scopes granted.
  • We DO NOT persist the content of Search Console reports, Analytics rows, or Ads campaigns beyond what's needed to render the current admin view in memory.
  • Refresh tokens are deleted immediately on disconnect; any cached derived data is purged within 30 days.
  • Data is stored in encrypted form on infrastructure provided by our hosting partner under industry-standard SOC 2 / ISO 27001 controls.

§21Sharing & Third Parties

  • We DO NOT sell Google user data.
  • We DO NOT share Google user data with any third party for advertising, marketing, or analytics outside the Crafters Market platform.
  • We DO NOT transfer Google user data to any AI or ML provider for training.
  • We DO NOT share Google user data with sub-processors except the encrypted-at-rest database described in "Storage & Retention" above.
  • If we ever need to expand sharing for a legitimate operational reason, we will obtain explicit re-consent from the connecting admin before doing so.

§22User Controls / Disconnect & Delete Data

  • Revoke Google's grant at any time: visit https://myaccount.google.com/permissions, find "Crafters Market", and click "Remove access". Revocation is enforced by Google immediately.
  • Disconnect from inside our admin dashboard: open Admin → Settings → Integrations and click "Disconnect" next to the relevant Google service.
  • On disconnect, our stored refresh token is deleted within seconds. Any cached derived data (admin display state, sitemap submission history) is purged within 30 days.
  • Request a copy of all Google-sourced data we hold about you: email team@craftersmarket.org with subject line "Google data access request". We respond within 30 days.
  • Request deletion of all Google-sourced data we hold about you: email team@craftersmarket.org with subject line "Google data deletion request". We respond within 30 days.

§23Google API Limited Use Disclosure

  • Crafters Market's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements: https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specific_api_scopes
  • We affirm that data obtained from Google's APIs is used only to provide or improve user-facing features that are prominent in the requesting application's user experience — specifically the owner-side Search Console, Analytics, and Ads operations described above.
  • We affirm that data obtained from Google's APIs is not transferred to others except as necessary to provide or improve those features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
  • We affirm that data obtained from Google's APIs is not used for serving advertisements outside our own owned Crafters Market ad campaigns.
  • We affirm that humans do not read data obtained from Google's APIs unless we have obtained the connecting admin's affirmative agreement, the data is required for security purposes (such as investigating abuse), it is required to comply with applicable law, or the data has been aggregated and anonymized for internal operations.

§24Contact

  • Questions about how we handle Google user data: team@craftersmarket.org.
Payments are processed by Stripe under their PCI-DSS-compliant infrastructure. We do not see, store, or log your full card details at any point. Our Google integrations are limited to read-only / write-our-own-sitemap operations on Crafters-Market-owned properties — they never read your Google account data.

Version: 3.4·Effective date: On production launch (date set at go-live)·Last updated: June 30, 2026

Revision history
v3.4 · 2026-06-30 — Final Legal Consistency Audit (v4): §4a adds a concrete Third-Party Service Providers (Vendor Inventory) enumerating every production vendor — Stripe, Cloudflare, GA4, Google Ads, Google Search Console, Meta Ads/CAPI, Pinterest, TikTok, Sentry, Mailgun, Shippo, AI service providers, and the Emergent Universal Key aggregator.
v3.3 · 2026-06-30 — Second-round legal-review pass: §10 International Transfers rewritten from EU/UK placeholder to U.S.-focused language (with forward-looking commitment to SCCs / equivalent safeguards before EEA/UK expansion); §11 clarifies that Operational AI does NOT authorize the Platform or any third-party advertising provider to train commercial foundation models on Maker Content.
v3.2 · 2026-06-30 — Legal-hardening pass: added §6a California Privacy Rights (CCPA/CPRA) — right to know/delete/correct/limit SPI/opt-out of sharing/non-discrimination/agent-authorization/appeals. Wired Effective date through the effective-date deployment hook.
v3.1 · 2026-06-30 — Rewrote §11 as the Creator-Owned AI Policy. Distinguishes Operational AI (allowed under the license) from AI Model Training (opt-in only, never a condition of marketplace access). Cross-referenced with ToS §6a and Maker Agreement §10a.
v3.0 · 2026-06-30 — Expanded to 14 numbered sections covering Information We Collect, Sharing, Retention, User Rights, Cookies, Security, Children\u2019s Privacy, International Transfers, AI & Automated Services, Communications, Account Closure, and Changes. Preserved Google API Services User Data disclosure verbatim (OAuth verification requirement).
v2.x · prior — Six-bullet summary plus Google API Services User Data disclosure.

◆ Policy Hierarchy · Order of Precedence
  1. 1.Applicable Law — Federal, state, and local law of the jurisdiction where the User resides or where the Order is fulfilled. Non-waivable consumer-protection rights always govern.
  2. 2.Terms of Service — The foundational contract between every User and the Platform.
  3. 3.Maker Agreement (seller-specific issues only) — For issues relating to Maker activity (listings, payouts, seller conduct, seller-side IP, exclusivity, taxes), the Maker Agreement is more specific than the topic-level Marketplace Policies and controls within its subject-matter scope. For non-seller (Buyer or general) issues, the Marketplace Policies control.
  4. 4.Marketplace Policies — Topic-specific policies: Buyer Protection, Returns & Refunds, Shipping & Logistics, Privacy, Cookies, Prohibited Items, Community Guidelines, Intellectual Property & DMCA, Fee & Pricing, Accessibility Statement.
  5. 5.Maker Shop Policies — A Maker's own published Shop Policies for their Listings. Must not conflict with anything above; conflicts are unenforceable to the extent of the conflict.
  6. 6.Order-Specific Agreements — Terms agreed to at checkout or in messaging for a specific Order (e.g., custom order specifications, agreed processing time). Bind only that Order.
◆ Revision History
  • v3.4·2026-06-30·Final Legal Consistency Audit (v4): §4a adds a concrete Third-Party Service Providers (Vendor Inventory) enumerating every production vendor — Stripe, Cloudflare, GA4, Google Ads, Google Search Console, Meta Ads/CAPI, Pinterest, TikTok, Sentry, Mailgun, Shippo, AI service providers (OpenAI/Anthropic/Google Gemini), and the Emergent Universal Key aggregator. Replaces the previous generic 'service providers' category with a named list that matches production.
  • v3.3·2026-06-30·Second-round legal-review pass: §10 International Transfers rewritten from EU/UK placeholder to U.S.-focused language (with forward-looking commitment to SCCs / equivalent safeguards before EEA/UK expansion); §11 clarifies that Operational AI does NOT authorize the Platform or any third-party advertising provider to train commercial foundation models on Maker Content.
  • v3.2·2026-06-30·Legal-hardening pass: added §6a California Privacy Rights (CCPA/CPRA) — right to know/delete/correct/limit SPI/opt-out of sharing/non-discrimination/agent-authorization/appeals. Wired effective_date through the effective-date deployment hook.
  • v3.1·2026-06-30·Rewrote §11 as the Creator-Owned AI Policy. Distinguishes Operational AI (allowed under license) from AI Model Training (opt-in only, never a condition of marketplace access). Cross-references ToS §6a and Maker Agreement §10a.
  • v3.0·2026-06-30·Marketplace rewrite. Adds data-role split (Platform vs. Maker as controller), cross-border transfers, rights request workflow, retention schedule, vendor list appendix.
  • v2.0·2026-02-15·GA4 + GSC vendor additions.
  • v1.0·2025-12-01·Initial Beta Privacy Policy.
◆ Related Policies
Question about this policy?

Email us at team@craftersmarket.org and we’ll respond within 1 business day.

Contact Support