Legal

PRIVACY POLICY

Effective: March 5, 2026 · Last updated: March 28, 2026

MotoStaq LLC ("we," "us," "our") operates motostaq.com. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data.

1. Information We Collect

Information You Provide

  • Account information: name, email address, password (stored as a hash — we never store plaintext passwords), display name
  • Listing content: titles, descriptions, photos, pricing, part details
  • Payment information: processed directly by Stripe — we do not store, access, or transmit your credit card numbers
  • Messages: buyer-seller communications sent through the platform
  • Shipping addresses: provided for order fulfillment
  • Support requests: emails and communications you send to us

Information Collected Automatically

  • Usage data: pages visited, search queries, clicks, time spent on pages
  • Device information: browser type, operating system, screen resolution
  • IP address: used for fraud prevention and approximate location
  • Cookies: essential session cookies and optional analytics cookies

Third-Party Authentication

  • Google Sign-In: If you create an account using "Continue with Google," we receive your email address from Google to create your account. Your username is derived from your email address prefix for privacy. We do not access your Google password, contacts, or any other Google account data. Your Google account data is handled in accordance with Google's Privacy Policy.

AI Garage Data

  • Diagnostic inputs: symptoms, photos, and bike details submitted to the Diagnose tool are sent to Google's Gemini AI for analysis. We do not permanently store uploaded images or diagnostic data after processing.
  • Part photos: images uploaded to the Part Identifier are sent to Google's Gemini AI for analysis. We do not permanently store uploaded images after processing.
  • Chat messages: Build Advisor conversations are sent to Google's Gemini AI. Conversation history is stored in your browser session only and is not saved on our servers.
  • Install Guide inputs: part names and bike details are sent to Google's Gemini AI to generate guides.

2. How We Use Your Information

  • To operate and maintain the marketplace
  • To process transactions and payouts
  • To prevent fraud, abuse, and unauthorized access
  • To resolve disputes between buyers and sellers
  • To improve the Service and develop new features
  • To communicate with you about your account, orders, and important updates
  • To provide AI-powered diagnostics, part identification, build advice, and installation guides
  • To enforce our Terms of Service
  • To comply with legal obligations

We do not use your data for targeted advertising. We do not sell your personal information.

3. Information Sharing

We share your information only in the following circumstances:

  • Other users: Your public profile, listing information, and shipping address (to sellers for order fulfillment)
  • Stripe: Payment and payout processing
  • Google (Gemini AI): Images and text submitted to AI Garage tools, subject to Google's API Terms
  • Google (OAuth Sign-In): If you sign in with Google, we receive your email address from your Google account to create and manage your MotoStaq account. We do not receive your Google password.
  • Hosting providers: Vercel (hosting), Supabase (database) — as necessary to operate the Service
  • Email service (Resend): Transactional and onboarding emails (order confirmations, account notifications, verification emails, welcome emails, and follow-up emails for new accounts) are sent via Resend. Only your email address and message content are shared. You may unsubscribe from non-essential emails at any time by contacting [email protected].
  • Law enforcement: When required by law, subpoena, or court order, or to protect the safety of our users

4. Data Retention

We retain your account data for as long as your account is active. Transaction records are retained for 7 years for tax and legal compliance. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law. AI Garage images are processed in real-time and not permanently stored.

5. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your account and personal data
  • Portability: Request your data in a structured, machine-readable format
  • Opt-out: Unsubscribe from marketing emails at any time

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your rights

To exercise any of these rights, email [email protected]. We will respond within 30 days (45 days for complex CCPA requests).

6. Security

  • HTTPS/TLS encryption on all pages with HSTS preload
  • Stripe PCI-DSS Level 1 compliance for payment processing
  • Passwords stored using industry-standard hashing (bcrypt via Supabase Auth)
  • Rate limiting on authentication and payment endpoints
  • Content Security Policy (CSP) headers to prevent XSS and injection attacks
  • Stripe webhook signature verification to prevent spoofed payment events
  • Input sanitization on all user-submitted data
  • Role-based access controls on internal systems
  • X-Frame-Options: DENY to prevent clickjacking
  • Referrer-Policy: strict-origin-when-cross-origin

While we implement reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

7. Cookies

Essential cookies: Required for authentication, session management, and basic site functionality. These cannot be disabled.

Analytics cookies: Used to understand how users interact with MotoStaq to improve the Service. These are optional.

We do not use third-party advertising or tracking cookies.

8. Children's Privacy

MotoStaq is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a user under 18, we will delete it promptly.

9. Third-Party Links

MotoStaq may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

10. International Users & GDPR

MotoStaq is based in and primarily serves the United States. If you access the Service from outside the US, you understand and agree that your data may be transferred to, stored, and processed in the United States.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you may have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, and port your personal data. Our legal basis for processing is your consent (account creation) and legitimate interest (fraud prevention, platform operations). To exercise any GDPR rights, email [email protected]. We will respond within 30 days.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Platform at least 14 days before taking effect. The "Last updated" date at the top reflects the most recent revision.

12. Contact

Questions or concerns about this Privacy Policy? Contact us at [email protected]

📸AI Garage