Privacy Policy
Last updated: March 12, 2026
1. Introduction
Red Impact, doing business as UnicornMarket ("we", "our", "us"), operates the website unicornmarket.net. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Service, in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.
Data Controller: Red Impact, 30 N Gould St Ste R, Sheridan, Wyoming, 82801, United States. Contact: privacy@unicornmarket.net
2. Information We Collect
We collect the following categories of personal data:
Account Data
- Full name, email address, and password (hashed)
- Account role (buyer or seller)
- Company name and bio (optional)
- Date of Terms of Service acceptance
Transaction Data
- Offer details, deal history, and negotiation records
- Payment amounts, fees, and escrow status
- Asset transfer records and delivery confirmations
Financial Data (Sellers Only)
- Bank account and payout information (processed and stored by Stripe)
- Business verification documents (processed by Stripe Connect)
Usage Data
- Pages visited, features used, and interaction patterns
- Browser type, device information, and IP address
- Error reports and performance data
3. How We Use Your Data
We process your personal data for the following purposes:
- Service delivery: Operating the marketplace, processing transactions, managing escrow payments, and facilitating asset transfers
- Account management: Creating and maintaining your account, authenticating your identity, and managing your preferences
- Communication: Sending transactional emails (deal updates, payment confirmations, security alerts)
- Platform improvement: Analyzing usage patterns to improve features, fix bugs, and optimize performance
- Security: Detecting and preventing fraud, unauthorized access, and abuse
- Legal compliance: Meeting regulatory obligations, responding to legal requests, and enforcing our Terms of Service
Legal basis (GDPR): We process data based on contractual necessity (to provide our Service), legitimate interest (to improve and secure our platform), consent (for analytics cookies), and legal obligation (financial record-keeping).
4. Third-Party Data Processors
We share your data with the following third-party service providers who process it on our behalf. Each processor is contractually bound to protect your data and only use it for the specified purposes.
Firebase / Google Cloud
- Purpose:
- Authentication, database (Firestore), file storage, and cloud functions
- Data shared:
- Email, name, profile data, uploaded files, transaction records, chat messages
- Retention:
- Retained while account is active; deleted upon account deletion request (30-day grace period)
- Privacy policy:
- https://firebase.google.com/support/privacy
Stripe
- Purpose:
- Payment processing, escrow, and seller payouts via Stripe Connect Express
- Data shared:
- Name, email, bank account details (for sellers), payment card details (processed by Stripe, never stored on our servers), transaction history
- Retention:
- Retained per Stripe's policy and applicable financial regulations (typically 7 years for tax/legal purposes)
- Privacy policy:
- https://stripe.com/privacy
PostHog
- Purpose:
- Product analytics and usage tracking to improve the platform
- Data shared:
- Anonymous usage events, page views, feature interactions, device type, browser type
- Retention:
- Retained for 12 months, then automatically deleted
- Privacy policy:
- https://posthog.com/privacy
Sentry
- Purpose:
- Error monitoring and performance tracking to maintain platform reliability
- Data shared:
- Error logs, stack traces, browser/device metadata, anonymized user identifiers
- Retention:
- Retained for 90 days
- Privacy policy:
- https://sentry.io/privacy/
Resend
- Purpose:
- Transactional email delivery (account confirmations, deal notifications, payment receipts)
- Data shared:
- Email address, email content, delivery status
- Retention:
- Retained for 30 days after delivery
- Privacy policy:
- https://resend.com/legal/privacy-policy
Vercel
- Purpose:
- Website hosting, CDN, and serverless function execution
- Data shared:
- IP address, request logs, performance metrics
- Retention:
- Retained for 30 days
- Privacy policy:
- https://vercel.com/legal/privacy-policy
5. Cookies and Tracking
We use the following types of cookies:
- Essential cookies: Required for authentication and session management. Cannot be disabled.
- Analytics cookies: Used by PostHog to understand how users interact with the platform. Can be disabled via cookie preferences.
- Error tracking cookies: Used by Sentry to capture and diagnose errors. Can be disabled via cookie preferences.
You can manage your cookie preferences at any time through the cookie settings banner or by contacting us. Non-essential cookies are only activated with your explicit consent.
6. Your Rights
Under GDPR, CCPA, and other applicable laws, you have the following rights:
- Right to access: Request a copy of all personal data we hold about you
- Right to rectification: Correct inaccurate personal data via your account settings
- Right to erasure: Request deletion of your account and personal data
- Right to data portability: Export your data in a machine-readable format (JSON)
- Right to object: Opt out of analytics data processing via cookie preferences
- Right to restrict processing: Request that we limit how we process your data
To exercise any of these rights, visit your Account Settings page or contact us at privacy@unicornmarket.net. We will respond within 30 days.
7. Data Retention
- Active accounts: Data retained while your account is active
- Deleted accounts: Personal data deleted within 30 days of deletion request, except where retention is required by law
- Transaction records: Retained for 7 years for tax and legal compliance
- Analytics data: Anonymized and retained for 12 months
- Error logs: Retained for 90 days
8. Data Security
We implement industry-standard security measures including encryption in transit (TLS/HTTPS), encryption at rest (Firebase/Google Cloud), Firebase Authentication with secure token management, rate limiting on all API endpoints, Content Security Policy headers, and regular security audits. No method of transmission over the Internet is 100% secure; while we strive to protect your data, we cannot guarantee absolute security.
9. International Data Transfers
Your data may be transferred to and processed in the United States, where our servers and third-party processors are located. For EU/EEA residents, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs), for all international data transfers.
10. Children's Privacy
Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our Service. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy, your personal data, or wish to exercise your rights:
- Privacy inquiries: privacy@unicornmarket.net
- General inquiries: info@unicornmarket.net
- Mail: Red Impact, 30 N Gould St Ste R, Sheridan, Wyoming, 82801
If you are located in the EU/EEA and believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority.