The Painted Porch

Privacy Policy

Last updated: April 16, 2026

The Painted Porch (“TPP”, “we”) is a multi-tenant marketplace and ecommerce platform. This policy explains what data we collect, who holds it, and how to delete it.

1. Dual ownership of customer data

When you buy on The Painted Porch, two parties hold records of the transaction:

  • The Painted Porch (platform): your account email, cross-vendor purchase history, saved payment method reference, cart and browsing behavior.
  • The vendor (merchant of record):your email, shipping address, that transaction's details via Stripe Connect.

Each party is responsible for their own data. Deleting your TPP account deletes platform-level data but does not automatically delete records held by individual vendors — we notify each vendor of your deletion request and they handle it independently per their own privacy commitments.

2. What we collect

  • Account info: email, name, shipping/billing addresses you enter.
  • Payment: we use Stripe — we never see or store your card number. We store a reference to Stripe's saved PaymentMethod for one-click checkout.
  • Behavioral: pages viewed, products browsed, carts, orders, clicks on marketing emails (if you opt in).
  • Technical: IP address, user agent, device type (for security + analytics).

3. Cookies

We use a small set of cookies:

  • tpp_store_id, tpp_host: identify which vendor's storefront you're viewing.
  • tpp_buyer_id: identifies you across vendor custom domains for cart portability (read-only; cannot authorize payments).
  • tpp_guest_cart_id: identifies a guest cart before you sign in.
  • tpp_ref: referral attribution (30-day lifetime).
  • Supabase session cookies: standard auth.

4. Sharing

  • We share transaction details with the vendor you're buying from (they're merchant of record).
  • We share payment + billing data with Stripe, our processor.
  • We never sell personal data to third parties.

5. Your rights

  • Access: email privacy@paintedporch.market to request your data.
  • Delete: use the “Delete my account” button at /account/delete. We delete platform-level records and notify each vendor you've transacted with.
  • Portability: request an export in machine-readable JSON.
  • Opt-out: unsubscribe from marketing emails via any message footer.

6. Data retention

Order records are retained for 7 years (tax compliance). Behavioral data is retained for 2 years then aggregated. Deletion requests are honored within 30 days on our platform; vendor-held records follow their own policies.

7. Children

TPP is not directed to children under 13. We do not knowingly collect data from children.

8. Contact

Questions, requests, concerns: privacy@paintedporch.market