Privacy Policy

Version 1.1
Effective: December 15, 2025

1. Introduction

This Privacy Policy describes how Sundays.co, Inc. ("Sundays," "we," "us," or "our") collects, uses, discloses, and protects personal information when you access or use our website, platform, and services (the "Platform").

By using the Platform, you consent to the practices described in this Privacy Policy.

2. Information We Collect

a. Information You Provide

We may collect personal information you voluntarily provide, including:

  • Name
  • Email address
  • Account credentials
  • Business information (for sellers)
  • Communications sent through the Platform

b. Authentication Information

We collect authentication-related data when you sign in using:

  • Email/password
  • Google Single Sign-On (OAuth)

Authentication and user management are handled through Supabase.

c. Identity Verification (KYC)

Certain actions (such as accessing confidential seller information or initiating a Letter of Intent) require identity verification.

For these purposes, we may collect or process information through Stripe Identity, including:

  • Government-issued identification
  • Selfie or biometric verification
  • Verification status

Sundays does not store raw identity documents. Identity data is processed directly by Stripe in accordance with its privacy practices.

d. Transaction & Escrow Information

Transactions facilitated through the Platform are handled via Escrow.com. Sundays may receive limited transaction metadata, such as:

  • Confirmation of transaction close
  • Transaction status
  • Fee disbursement confirmation

Sundays does not hold buyer or seller funds.

e. Automatically Collected Information

We may automatically collect certain information, including:

  • IP address
  • Browser type and device identifiers
  • Pages viewed and actions taken
  • Timestamps and session data

This information is used for security, analytics, and Platform improvement.

3. How We Use Information

We use personal information to:

  • Operate, maintain, and secure the Platform
  • Authenticate users and manage accounts
  • Verify identity where required
  • Facilitate buyer–seller interactions
  • Enforce agreements and prevent circumvention
  • Analyze Platform usage and improve user experience (including through analytics tools such as PostHog)
  • Communicate service-related notices and updates
  • Comply with legal and regulatory obligations

4. How We Share Information

We may share personal information with:

  • Service providers, including Supabase, Stripe, Stripe Identity, Escrow.com, DocuSign, analytics tools (such as PostHog), and email providers
  • Professional advisors, such as legal or accounting firms
  • Regulatory or legal authorities, when required by law

We do not sell personal information.

5. Data Retention

We retain personal information only as long as reasonably necessary to:

  • Provide the Platform
  • Comply with legal obligations
  • Resolve disputes
  • Enforce agreements

We generally retain account information for up to three (3) years after account closure, unless a longer retention period is required by law or necessary for legitimate business purposes.

KYC data retention is governed by Stripe's policies.

6. Data Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect personal information. However, no system is 100% secure, and we cannot guarantee absolute security.

7. User Rights

General Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal information
  • Request correction or deletion
  • Object to or restrict certain processing

Requests may be submitted to privacy@sundays.co.

California Residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, and disclose
  • The right to request deletion of your personal information
  • The right to opt out of the sale of personal information (note: we do not sell personal information)
  • The right to non-discrimination for exercising your privacy rights

To submit a CCPA request, contact privacy@sundays.co. We may verify your request before responding.

8. Children's Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors.

9. International Users

Sundays currently operates only in the United States. If you access the Platform from outside the U.S., you acknowledge that your information may be processed in the United States.

10. Cookies & Tracking

We may use cookies and similar technologies for:

  • Authentication
  • Analytics (including PostHog)
  • Platform functionality and performance

You can control cookies through your browser settings.

11. Do Not Track Signals

The Platform does not currently respond to Do Not Track (DNT) signals from web browsers.

12. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users and relevant authorities in accordance with applicable law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted with a revised effective date. Continued use of the Platform constitutes acceptance of the updated policy.

14. Contact

Privacy-related inquiries: privacy@sundays.co