Privacy Policy

Last updated: March 2026

CarsBaltic ("we", "our", or "us") operates the website carsbaltic.com. This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR).

1. Data We Collect

• Account data: name, email address, and password hash when you register
• Profile data: phone number, Telegram username (optional, only if you add them)
• Listing data: car details, photos, price, location that you post
• Usage data: pages visited, search queries, listing views (no personal identification)
• Payment data: processed by Stripe — we never store card details

2. How We Use Your Data

• To provide and operate the CarsBaltic marketplace
• To display your contact details to buyers (only what you choose to share)
• To process payments for boost/featured services via Stripe
• To send transactional emails (listing confirmation, expiry notices)
• To improve our service and detect abuse

3. Third-Party Services

• Cloudinary — stores uploaded photos on secure CDN servers
• Stripe — processes payments (PCI-DSS compliant)
• Google OAuth — optional sign-in via your Google account
• Neon — PostgreSQL database provider (hosted in EU)
• Vercel — website hosting (EU edge network)

4. Cookies

We use strictly necessary cookies for authentication (session management) and functional cookies to remember your language preference. We do not use advertising or tracking cookies. You can disable cookies in your browser settings, though this may affect site functionality.

5. Your Rights (GDPR)

Under GDPR, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data via your Profile Settings
• Delete your account and all associated data
• Export your data in a portable format
• Object to processing of your data

To exercise these rights, email us at hello@carsbaltic.com.

6. Data Retention

Active listings are retained for 30 days from posting, then automatically expired. Deleted listings and accounts are removed from our database within 30 days. We retain payment records for 7 years as required by EU law.

7. Data Security

All data is transmitted over HTTPS. Passwords are hashed using bcrypt. We do not sell or share your personal data with third parties for marketing purposes.

8. Contact

For privacy-related questions or requests, contact us at hello@carsbaltic.com.