Dreamsmith
Obsidia

Privacy Policy

Effective Date: February 11, 2026

Introduction

Obsidia ("we," "our," or "us") operates a peer-to-peer marketplace for buying and selling fragrances. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Platform"). By using the Platform, you consent to the practices described below.

1. Information We Collect

Personal Information

Name, email address, and profile photo provided during account creation. If you sign in with Apple, we receive your name and email (which may be an Apple private relay address). Your date of birth is verified on-device to confirm you are at least 18 years old but is not stored on our servers.

Payment & Identity Data

Payment method details and identity verification documents are collected and processed by our third-party payment provider (Stripe). Obsidia does not store full card numbers or government IDs on our servers.

Transaction Data

Order history, shipping addresses (including phone number for carrier contact), tracking information, dispute records, and communications between buyers and sellers.

Device & Usage Data

Device type, operating system, IP address, app version, push notification device tokens, crash logs, and anonymized usage analytics to improve performance and reliability.

User-Generated Content

Listing photos, authenticity photos, profile images, dispute evidence, and any other content you upload to the Platform.

2. How We Use Your Information

  • Facilitate transactions, process payments, and coordinate shipping between buyers and sellers
  • Verify seller identity through Stripe Connect onboarding
  • Communicate order updates, shipping notifications, and dispute resolutions
  • Enforce our Terms of Service, Seller Rules, and Dispute Policy
  • Detect and prevent fraud, chargebacks, and unauthorized activity
  • Improve app performance, fix bugs, and develop new features
  • Send marketing or promotional communications (only with your opt-in consent)

3. How We Share Your Information

Service Providers

We share data with trusted third parties that help operate the Platform:

  • Stripe — Payments & identity verification
  • Shippo — Shipping labels & tracking
  • Firebase / Google Cloud — Hosting, database & storage
  • Google Analytics for Firebase — Usage analytics
  • Firebase Crashlytics — Crash reporting

Other Users

Buyers see your seller display name, profile photo, and listing details. Sellers see the buyer's shipping address for fulfillment purposes only. Neither party sees payment details.

Legal & Safety

We may disclose information if required by law, subpoena, or court order, or if we believe disclosure is necessary to protect the rights, safety, or property of our users, the public, or Obsidia.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity. We will notify you of any such change.

We do NOT sell your personal information to third parties.

We do NOT share SMS opt-in data or consent with third parties for purposes unrelated to delivering the messaging service.

4. Data Security

We implement industry-standard security measures including TLS encryption in transit, encrypted storage at rest, and role-based access controls. Payment data is handled entirely by Stripe (a PCI DSS Level 1 certified provider) and never touches our servers.

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify affected users and relevant authorities as required by applicable law.

5. Your Choices & Rights

  • Access & update your personal information in your account settings at any time
  • Request deletion of your account and associated data by contacting support
  • Opt out of marketing communications via your notification preferences or the unsubscribe link in emails
  • Disable analytics collection in your device settings

6. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

  • Right to Know — You may request the categories and specific pieces of personal information we have collected about you
  • Right to Delete — You may request that we delete your personal information, subject to certain legal exceptions (e.g., completing a transaction, legal compliance)
  • Right to Opt-Out of Sale — We do not sell your personal information to third parties. If this changes, we will provide a "Do Not Sell My Personal Information" mechanism
  • Right to Non-Discrimination — We will not discriminate against you for exercising any of your CCPA rights

To exercise these rights, contact us at support@obsidia.app. We will verify your identity before processing your request and respond within 45 days as required by law.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services, comply with legal obligations, resolve disputes, and enforce our agreements. Transaction records are retained for a minimum of 3 years for tax and compliance purposes.

8. Children's Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we discover that we have inadvertently collected data from a minor, we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Platform or via email. Continued use of the Platform after changes are posted constitutes acceptance of the revised policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or your personal data, contact us at:

Email: support@obsidia.app

Back to Products