Legal

Privacy Policy

Last updated: April 2026

Deska takes your privacy seriously. This policy explains what personal information we collect, why we collect it, and how we use and protect it.

By using Deska, you agree to the practices described here.

1. What We Collect

When you create an account:

  • Full name
  • Email address
  • Phone number
  • City
  • Instagram handle (optional)

When you win an auction:

  • Delivery address (if you select home delivery)
  • State / region
  • Delivery notes
  • Payment proof image (uploaded by you)
  • Payment reference (generated by the platform)

Automatically:

  • Session data used to keep you logged in securely (via Supabase Auth)
  • Basic usage information (page visits, general activity) via standard server logs

We do not collect card numbers, bank account details, or any financial credentials. All payment instructions flow one way, from us to you.

2. How We Use Your Information

  • Account management: to create and maintain your Deska account, verify your identity, and communicate with you.
  • Auction & order fulfillment: to process winning bids, contact you about your order, arrange delivery, and confirm payment.
  • Security & fraud prevention: to detect unusual activity, prevent fake bids, and protect the integrity of auctions.
  • Platform communications: to send you confirmation emails, payment instructions, and important account notices. We do not send marketing emails.
  • Admin operations: authorised platform administrators may view your account information and order details to manage listings, verify payments, and resolve disputes.

3. Who We Share Data With

We do not sell your personal data. We only share it in the following limited situations:

  • Supabase: our database and authentication provider. Your account data is securely stored on Supabase infrastructure.
  • Cloudinary: payment proof images you upload are stored on Cloudinary. Only your uploaded file is shared.
  • Delivery partners: if you select home delivery, your name, phone number, and address may be shared with the courier or logistics partner responsible for your delivery.
  • Legal requirements: if required to comply with applicable law or a valid legal request.

4. Data Storage & Security

  • Your data is stored on Supabase servers with encryption at rest and in transit.
  • Passwords are hashed using industry-standard methods and are never stored in plain text.
  • Access to your data is restricted to authorised administrators only.
  • Row-level security (RLS) is enforced in our database. Users can only access their own data. Admins access data through a protected server-side client, never directly from the browser.
  • Payment proof images are stored on Cloudinary and are not publicly accessible via guessable URLs.

While we take reasonable precautions, no system is 100% secure. We cannot guarantee absolute security of your information.

5. Your Rights

You have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Correction: update or correct your account information at any time via your profile page.
  • Deletion: request deletion of your account and associated data. Note that records related to completed transactions may be retained for legal and operational purposes.
  • Objection: object to certain uses of your data. Contact us and we will respond within a reasonable timeframe.

To exercise any of these rights, use the feedback page or contact us directly.

6. Cookies & Analytics

Deska uses minimal cookies, primarily for authentication (to keep you logged in) and session management. We do not currently use third-party advertising or tracking cookies.

Basic server-side analytics (page requests, error logs) may be collected to monitor platform health. This data is not linked to individual user identities.

7. Data Retention

  • Account data is retained for as long as your account is active.
  • Transaction records (bids, winner attempts, payment proofs) are retained for a minimum of 12 months for operational and dispute resolution purposes.
  • If you delete your account, personal information is removed from active systems, but anonymised transaction data may remain for audit purposes.

8. Changes to This Policy

We may update this Privacy Policy as the platform evolves. Any significant changes will be communicated via email or a notice on the platform. The "Last updated" date at the top of this page reflects the most recent revision.

9. Contact

For any privacy-related questions, requests, or concerns, contact us via the feedback page. We aim to respond within 5 business days.

This policy applies to all users of the Deska platform. If you have questions about how your data is handled, please reach out. We're happy to explain.