16privacy

Privacy Policy

How Secondary Platform handles your data. Last updated June 2026

Secondary Platform is invite-only by design. We collect only what is needed to operate the directory, the messaging system, the auction-fee lookup tool, and the image protection layer. We do not sell or share member data with third parties.

What we collect

When you request access we collect your name, email address, and any company or note you provide. When you are approved and create an account we additionally store an authentication record, managed by Supabase Auth, the listings, requests, drafts, and saved searches you publish or save, the messages you send, and standard application logs such as timestamps of sign-in.

When you use the auction-fee lookup tool (“What did the house take?”), we store the artwork query you submitted and the Platform’s computed response in a cache so repeat lookups don’t re-spend the underlying API budget. To prevent abuse from anonymous visitors and members alike, we also store a hashed value of the caller’s IP address and a count of recent lookups; this is used to enforce the per-day and per-lifetime rate limits described in the Marketplace Rules. The IP hash cannot be reversed to the original IP.

Who sees what

Other approved members can see your display name, or your chosen members-directory name, your published listings and requests, and the messages you send to them in their inquiries. Your email address, member ID, and account status are visible only to administrators.

Messages you send through the Contact admin card on your account page are visible to administrators and to you only. Messages inside a buyer/seller inquiry are visible to the two parties of that inquiry, and become visible to administrators only if the thread is reported through the in-app report button.

Saved listings, saved searches, and your draft listings are visible only to you. Administrators can see aggregate counts for moderation and product purposes but not the contents unless a row is involved in a report.

Image protection

Every artwork image you view is protected by three coordinated layers, applied per request:

  • A discreet diagonal watermark and a corner identity tag rendered on screen, showing the viewing member’s identity and the moment the image was opened.
  • EXIF provenance metadata baked into the served image bytes, declaring Secondary Platform as the source.
  • An invisible per-viewer noise pattern embedded in the pixels of the served image. The pattern is keyed to the viewer’s account ID and the image path, and can be used forensically against a leaked image and the original to identify the viewer the leak came from. Only administrators can run this extraction (“leak check”), and only against images the administrator has reason to suspect were leaked.

The visible layers are a deterrent against casual screenshot leaks; the invisible noise pattern is the audit trail behind them. We do not store separate watermarked copies of your uploads. The watermarks are applied at view time.

Search engines

The Platform asks search engines not to index any page on the site, and the application sets a no-index header on every response. Listings and member information should not appear in public search results.

How long we keep it

Account records, listings, requests, drafts, and messages are retained for as long as your account is active. The lookup-tool cache and the underlying lookup logs are retained for up to 30 days for cache efficiency and abuse investigation. IP-hash rate-limit rows are retained until they age past their relevant window, typically 24 hours for members and longer for the lifetime visitor counter.

If you close your account we retain a minimal audit record, including account ID, email, dates of activity, and sale-history summary, so we can resolve disputes that arose before closure; everything else is removed from member-facing views.

Third-party processors

We use the following third parties to deliver the service:

  • Supabase: database, authentication, and image storage. Hosts the structured data of the Platform.
  • Vercel: application hosting and serverless function execution.
  • Resend: transactional email delivery, including invitations, password reset, saved-search alerts, and admin notifications.
  • Stripe: payment-method storage and charging for the listing fee and sale commission. Stripe stores card details directly; the Platform never sees your full card number, only the brand, last four digits, and expiry.
  • Anthropic: powers the auction-fee lookup tool. When you submit a lookup, the artwork query you typed is sent to Anthropic’s API along with instructions for the Platform’s research task. Anthropic does not see your account identity; only the query text and the Platform’s system prompt.

These providers process data only as needed to deliver the service and are bound by their own privacy commitments. We do not authorise any of them to use Platform data for advertising or model-training purposes.

Cookies

We use session cookies set by Supabase Auth to keep you signed in. Stripe sets its own cookies during the card-on-file setup flow to prevent fraud. We do not use advertising cookies, tracking pixels, or analytics that profile you across the web.

Your choices

You can edit your display name and directory name at any time from your account page, change your password from the same page, or reset it via the forgot-password flow on the sign-in page, and manage your saved card and notification preferences from your account page. You can ask the administrator to export or delete your data through the Contact admin card; we will honour the request within a reasonable time unless retaining the data is needed for legal or dispute-resolution purposes.

Contact

For any privacy question, reach the administrator through your account page.