Privacy Policy

Effective date: May 24, 2026 · Governing law: Commonwealth of Massachusetts

We're direct about how we make money. We're equally direct about how we handle your data. This policy explains what we collect, why, and what you can do about it.

1. What we collect

Information you give us directly:

  • Account information: name, email address, business name, and profile details you enter during sign-up
  • Business profile: description, category, location, avatar, and any other information you add to your profile
  • Posts: the listings you create, including descriptions, exchange type, and categories
  • Messages: the content of conversations between you and other users on the platform
  • Deal terms: the structured deal information both parties agree to, including descriptions, deliverables, and deadlines
  • Reviews: ratings and written reviews you submit after completing a deal

Information collected automatically:

  • Usage data: pages visited, features used, clicks, and navigation patterns
  • Device and browser information: browser type, operating system, screen size
  • IP address and approximate location
  • Session activity: mouse movements, clicks, scrolls, and interactions recorded via session replay technology (see Section 3)
  • Error data: technical errors and crash reports

2. How we use your data

  • To operate and improve the platform
  • To facilitate connections, messaging, and deals between users
  • To send transactional emails (deal updates, account notifications) — you cannot opt out of these while using the platform
  • To send marketing emails if you opted in — you can unsubscribe at any time via the link in any marketing email
  • To track errors and bugs so we can fix them
  • To understand how users navigate and use the platform so we can improve it
  • To enforce our Terms & Conditions and protect the community

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described in Section 4.

3. Session replay

We use Sentry, a third-party service, for error tracking and session replay. Session replay records your interactions on the platform — including mouse movements, clicks, scrolls, and navigation — as a video-like playback. We use this to identify bugs and improve the user experience.

Session replay may capture content you type or view on screen. Sentry applies automatic masking to sensitive fields, but you should be aware that this technology records your activity in real time. By using BackScratch, you consent to this recording. If you do not consent, you should not use the platform.

Sentry's privacy policy is available at sentry.io/privacy.

4. Third-party processors

We share data with the following third-party services to operate BackScratch. Each is bound by their own privacy policies and data processing agreements:

  • Supabase — database, authentication, and file storage. Your account data, messages, and deal information are stored on Supabase infrastructure.
  • Vercel — web hosting and deployment. Your requests to BackScratch pass through Vercel's servers.
  • PostHog — product analytics. We use PostHog to understand how users navigate the platform. PostHog collects usage events and page views.
  • Sentry — error tracking and session replay. See Section 3.
  • Resend — transactional and marketing email delivery.
  • Stripe (v1+) — payment processing for paid transactions. BackScratch does not store your payment card information. Stripe processes it directly.

5. Data retention

  • Active accounts: data retained for as long as your account is active
  • Deleted accounts: your profile and posts are removed within 30 days of account deletion. Messages and deal records may be retained for up to 12 months for dispute resolution and legal compliance purposes, then deleted.
  • Failed and disputed deals: visible on public profiles for 6 months, then removed
  • Session replay recordings: retained by Sentry for 90 days
  • Error logs: retained by Sentry for 90 days

6. Your rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Opt out of marketing emails at any time via the unsubscribe link in any marketing email

To exercise any of these rights, contact us at keigan@backscratchlocal.com. We will respond within 30 days.

7. Massachusetts data security (201 CMR 17.00)

BackScratch is based in Massachusetts and serves Massachusetts residents. In compliance with Massachusetts 201 CMR 17.00, we maintain a written information security program designed to protect the personal information of our users. This includes access controls, encryption of data in transit, and regular review of our security practices.

8. Cookies

BackScratch uses cookies and similar technologies to keep you logged in and to support platform functionality. We do not use advertising cookies or sell cookie data to third parties. Analytics cookies (PostHog) collect usage data to help us improve the platform.

9. Children's privacy

BackScratch is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account, contact us and we will remove it promptly.

10. Changes to this policy

We may update this policy from time to time. When we do, we'll update the effective date above and notify you by email if the changes are material. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.

11. Contact

Questions about this policy or your data? Reach us at keigan@backscratchlocal.com.

Terms & Conditions · ← Back to BackScratch