PreLovedScents Marketplace (Nevada)
1. Introduction
This Privacy Policy describes how PreLovedScents Marketplace ("Company," "we," "us," or "our") handles personal information when you use our websites, applications, and related services (collectively, the "Platform"), including:
- LovedScents (lovedscents.com) — our brand home;
- ShareScents (sharescents.com) — the fragrance society (Studios, feed, Scent Vault, membership); and
- PreLoved Scents (prelovedscents.com) — the peer-to-peer marketplace for authentic pre-loved fragrance.
One account may be used across these properties. This policy applies to information we collect through the Platform. It supplements our Terms of Service, Marketplace License, and Verified Passport Membership Terms.
We do not sell your personal information. We collect only what we need to operate, secure, and improve the Platform, and we share information with service providers under contracts that limit their use to providing services to us.
2. Information we collect
We collect information in three ways: information you provide, information created through your use of the Platform, and information from service providers.
2.1 Account and profile information
- Email address and password (authentication credentials are handled by our identity provider; we do not store your password in plain text).
- Username, display name, biography, avatar image, and public Studio/profile customization (colors, taglines, shelf content, Top 8 scents, and similar profile fields you choose to publish).
- Country and U.S. residency confirmations you submit during signup or verification flows.
- Terms-of-use and membership-terms acceptance records (timestamps and policy versions).
2.2 Waitlist and early-access signups
If you join our founding waitlist before or without a full account, we may collect:
- Email address and an optional username claim;
- Referral codes and referral relationships;
- Waitlist status, queue position, and founding-member eligibility flags;
- Hashed IP address and user-agent fingerprints (not raw IP addresses stored in the waitlist table) for abuse prevention;
- Records that you passed human-verification checks (for example, Cloudflare Turnstile).
2.3 Membership and billing
- Verified Passport membership status, billing interval, plan amount, and renewal period dates.
- Stripe customer and subscription identifiers (payment card numbers and bank details are collected and stored by Stripe, not by us).
- Records that you acknowledged membership fees and accepted membership terms at checkout.
2.4 Society and social content
- Posts, photos, comments, likes, bookmarks, stories, and other content you submit to the Loved feed or your Studio.
- Follows, friendships, blocks, favorites, and direct-message conversations you participate in.
- Influencer directory fields if you opt in (for example, pitch text, shop label, and shop URL). Influencer profiles use contact-hiding defaults; we do not display your email, phone number, or government ID on public Studio pages.
2.5 Scent Vault (private collection)
If you use Scent Vault, we store collection data you enter, which may include bottle brand and name, fill level, notes, purchase price and date, estimated values, and photos you upload. Vault data is private to your account unless you choose to share it through Platform features.
2.6 Marketplace listings and addresses
- Listing titles, descriptions, prices, condition details, photos, and related marketplace content.
- Shipping addresses you save in your account (name, street address, city, state, postal code, country).
- Saved listing favorites.
2.7 Messages
- Message body text and conversation metadata (participants, timestamps, and related listing references where applicable).
- Fraud-risk scores, automated flag reasons, and limited message previews retained for trust-and-safety review when messages are flagged.
2.8 Identity verification (where offered)
On flows that support seller or account verification, we may collect phone numbers, verification status, and government ID images submitted for review. Government ID images are stored in access-controlled storage and are not shown on public profiles.
2.9 Notification preferences
We store your email, push, and SMS notification preference toggles. We do not currently store mobile push device tokens in our database; if we add push delivery in the future, we will update this policy before collecting tokens.
2.10 Technical and security data
- Session and authentication tokens managed by our hosting and database providers.
- Server and edge logs (for example, request timestamps, URLs, and IP addresses) maintained by our infrastructure providers for security, debugging, and abuse prevention.
- Information necessary to verify Stripe webhooks, Turnstile tokens, and API requests.
We do not use third-party advertising trackers or sell data for cross-context behavioral advertising. We do not operate a third-party analytics program that profiles you across other companies' websites.
3. How we use information
We use personal information to:
- Create and secure your account and authenticate you;
- Provide society features (Studios, feed, Scent Vault, Explore, messages, and membership benefits);
- Operate the marketplace (listings, favorites, and saved addresses);
- Process Verified Passport subscriptions and billing events through Stripe;
- Operate the founding waitlist and referral program;
- Detect, prevent, and investigate fraud, spam, bots, counterfeit activity, harassment, and policy violations;
- Review flagged messages and verification submissions;
- Provide optional AI-assisted features (for example, bottle scanning, note lookup, or scent recommendations) when you choose to use them;
- Respond to support, legal, and privacy requests;
- Comply with law, enforce our agreements, and protect the rights, safety, and security of users and the Platform.
4. Automated processing and message safety
To reduce fraud and keep transactions on-platform, messages may be automatically scanned for patterns associated with off-platform payment requests, contact information, suspicious links, and policy violations. High-risk messages may be blocked before delivery. Medium-risk messages may be flagged for manual review by authorized personnel.
This processing is used for security and integrity, not for advertising. Flagged-message queues and previews are accessible only to authorized administrators, not to other users.
5. AI features
When you use optional AI tools (such as scanning a bottle photo or requesting scent recommendations), we may send the content you submit (for example, an image or fragrance name) to a third-party AI provider to generate a response. We use that output to display results to you and, if you save them, to store structured fields in your account. Do not submit sensitive personal information in prompts or images unless necessary for the feature.
6. How we share information
We share personal information only as described below. We do not sell personal information.
| Recipient | What is shared | Why |
|---|---|---|
| Supabase (database, authentication, storage) | Account, profile, content, vault, messages, and files you upload | Core hosting and data storage |
| Stripe | Email, internal user ID, subscription and customer IDs; payment details you enter at checkout | Verified Passport billing and customer portal |
| Cloudflare | IP address, browser signals, Turnstile tokens; site traffic through CDN/workers | Site delivery, DDoS protection, bot resistance on waitlist |
| OpenAI (when enabled) | User-submitted images or text for AI features you request | Generate scan, note, or recommendation results |
| Other users | Information you choose to make public (profile, posts, public Studio fields, active listings) | Social and marketplace functionality |
| Authorities or advisers | Information required by law or to protect safety and rights | Legal compliance, fraud reporting, dispute resolution |
We require service providers to process data only on our instructions and to protect it with appropriate safeguards.
7. Cookies and similar technologies
We and our providers use cookies, local storage, and similar technologies to keep you signed in, remember preferences, protect against abuse, and operate checkout and billing flows. Stripe and Cloudflare may set their own cookies or tokens when you interact with payment or verification features. You can control cookies through your browser settings, but some features may not work if essential cookies are disabled.
8. Security
We design the Platform with security in mind. Measures include, where applicable:
- Encryption in transit: HTTPS/TLS for website traffic, with HTTP redirected to HTTPS;
- Access controls: database row-level security so users can access only their own private data unless they choose to publish content;
- Private storage buckets for sensitive uploads (for example, government ID documents and Scent Vault photos) with owner-only access policies;
- Administrative separation: fraud queues and verification submissions are not exposed to ordinary users or public APIs;
- Webhook verification for Stripe events;
- Waitlist protections: bot challenges, rate limits, disposable-email blocking, and hashed IP/user-agent records;
- Browser security headers (including Content Security Policy, HSTS, and frame protections) on our web properties.
No method of transmission or storage is 100% secure. We cannot guarantee absolute security. Passwords are managed through our authentication provider using industry-standard practices; you are responsible for choosing a strong, unique password and keeping your credentials confidential. Report suspected unauthorized access immediately to admin@lovedscents.com.
9. Your choices and rights
Depending on where you live, you may have rights to access, correct, delete, or obtain a copy of certain personal information, or to opt out of certain processing. You can:
- Update profile and Studio information in your account settings;
- Manage notification preferences where available in the app or account settings;
- Delete certain content you posted (for example, posts, vault items, or saved addresses) through Platform controls;
- Cancel Verified Passport through the billing portal or by contacting support;
- Request access, correction, or deletion by emailing admin@lovedscents.com from the email address associated with your account.
We may need to verify your identity before fulfilling a request. We may retain certain information where required by law, for fraud prevention, to complete transactions, resolve disputes, enforce our agreements, or protect the Platform.
If you are a California resident, you may have additional rights under the CCPA/CPRA, including the right to know, delete, and correct personal information, and the right to opt out of sale or sharing (we do not sell or share personal information for cross-context behavioral advertising). Submit requests to admin@lovedscents.com.
10. Data retention
We retain personal information for as long as your account is active or as needed to provide the Platform, unless you request deletion or we are required to retain it longer. Examples:
- Account and profile data: retained while your account exists;
- Billing records: retained as needed for tax, accounting, and dispute resolution;
- Flagged messages and trust-and-safety records: retained for investigation and abuse prevention;
- Public posts and listings: may remain visible until you delete them or we remove them for policy reasons;
- Ephemeral stories: hidden after expiration but backup copies may persist for a limited period in systems logs or backups.
When you delete your account (upon request), we delete or de-identify personal information unless retention is legally required or reasonably necessary for security and fraud prevention.
11. Children
The Platform is intended for adults 18 years of age or older. We do not knowingly collect personal information from children under 18. If you believe a minor has provided us information, contact admin@lovedscents.com and we will take appropriate steps to delete it.
12. United States focus
The Platform is operated from the United States and intended primarily for U.S. users. If you access the Platform from outside the United States, you understand that your information may be processed in the United States and other countries where our service providers operate, which may have different data-protection laws than your jurisdiction.
13. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date and policy version at the top of this page. Material changes may also be communicated through the Platform or by email where appropriate. Continued use after an update means you accept the revised policy, to the extent permitted by law.
14. Contact us
Privacy requests and questions: admin@lovedscents.com
General support: admin@lovedscents.com
Legal notices: admin@lovedscents.com
Mail: PreLovedScents Marketplace, Privacy Office, Nevada, United States
For help without email, visit LovedScents Support.