← Back to Home

Privacy Policy

Effective date: April 21, 2025

Your listings live on your own PDS — not our servers.

Because Open Market is built on the AT Protocol, the content you publish stays on your own Personal Data Server. We index it for discovery, but we don't own it and can't hold it hostage.

01

Introduction

This Privacy Policy describes how Open Market ("we," "us," or "our") collects, uses, and protects information when you use openmkt.app ("the Service"). Because Open Market is built on the AT Protocol, most of your data — including your listings — lives on your own Personal Data Server (PDS), not ours.

02

Information We Collect

What we don't collect

  • Your AT Protocol password
  • Payment or financial details
  • Private messages with other users
  • Data from your PDS beyond public records

What we do collect

  • Your Atmosphere handle and DID (from OAuth)
  • Session tokens (stored in your browser)
  • Aggregated usage analytics
  • Support communications

2.1 Identity & Authentication

When you sign in, you are redirected to your PDS's OAuth flow. We never receive or store your password. Upon successful authentication, we receive your Atmosphere handle, DID (Decentralized Identifier), display name, and avatar URL. OAuth tokens are stored in your browser's IndexedDB — not on our servers.

2.2 Listing & Storefront Content

Listings you create through Open Market are published as public ATProto records to your PDS. We index those records to power the marketplace. This content is publicly accessible on the AT Protocol network regardless of Open Market.

2.3 Usage Analytics

We use Google Analytics (GA4) to understand how the Service is used. This includes page views, listing views, interest interactions, and listing creation events. Analytics data is aggregated and does not identify you personally, but Google's data collection is governed by the Google Privacy Policy. You can opt out using the Google Analytics Opt-out Browser Add-on.

2.4 Support Communications

If you contact us by email, we retain that correspondence to respond to and resolve your request.

03

How We Use Information

3.1 Operating the Service

We use your Atmosphere identity to authenticate you, associate listings with your account, and display your storefront to other users.

3.2 Product improvement

Aggregated analytics help us understand which features are used, identify issues, and decide what to build next.

3.3 Customer support

We use your contact information and correspondence to respond to support requests and troubleshoot issues.

3.4 Safety & integrity

We may review account or listing activity to detect fraud, abuse, or violations of our Terms of Service.

04

Data Storage & Security

Your listing content is stored on the AT Protocol network via your own PDS — not on our infrastructure. Removing a listing from Open Market de-indexes it from our platform, but managing the underlying ATProto record is done through your Atmosphere account.

Session tokensare stored in your browser's IndexedDB and are never transmitted to or held by our servers beyond what is required for the OAuth handshake.

Operational data (analytics, support logs) is stored on secure servers with encryption in transit (HTTPS/TLS). Access is limited to those who need it to operate the Service.

We aim to delete inactive account and support data within a reasonable period after it is no longer needed for its stated purpose.

05

Third-Party Services

5.1 AT Protocol / Atmosphere

Authentication and listing storage rely on AT Protocol OAuth and the Atmosphere network. Your use of your PDS provider is subject to their own privacy policy and terms.

5.2 Google Analytics (GA4)

We use GA4 for usage analytics. Data is sent to Google's servers and governed by the Google Privacy Policy. No personally identifying information is deliberately included in analytics events.

5.3 Email

Support communications are handled via email. We use a third-party email provider; messages are processed according to their privacy policy.

06

Your Rights & Choices

6.1 Access your data

You can request a summary of personal information we hold about you by emailing us.

6.2 Delete your data

You can delete your listings directly from your Atmosphere account (which removes them from our index) or contact us to request deletion of any additional data we hold.

6.3 Opt out of analytics

Use the Google Analytics Opt-out Browser Add-on to prevent GA4 from collecting your usage data.

6.4 Revoke access

You can revoke Open Market's OAuth access at any time from your Atmosphere account settings under Connected Apps. This will sign you out and prevent future access until you re-authenticate.

07

Cookies & Tracking

We use essential cookies and browser storage to maintain your session. We do not use advertising or cross-site tracking cookies.

Google Analytics sets its own cookies for usage measurement. These are analytics-only and are not used for advertising targeting.

08

Children's Privacy

Open Market is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately and we will delete it.

09

International Data Transfers

Your data may be processed in countries other than your own. Where required, we rely on appropriate legal mechanisms for international transfers, including standard contractual clauses or adequacy decisions by relevant authorities.

10

Legal Basis for Processing (GDPR)

For users in the European Union, our legal bases for processing are:

Contract

Operating your account and displaying your listings

Legitimate interest

Product improvement, analytics, and abuse prevention

Consent

Analytics cookies (where consent is required)

Legal obligation

Compliance with applicable law

11

Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will post a notice on the platform and announce the update via our Bluesky account at least 30 days before they take effect. The "Effective date" at the top of this page will always reflect the current version.

12

Contact

For privacy-related inquiries or data requests, contact us at support@openmkt.app. We aim to respond within 30 days.

If you are in the EU and have unresolved concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

Questions about your privacy?

We're committed to transparency. If anything here is unclear, just ask.

Contact us
← Read our Terms of Service