Privacy Policy (v2.0)
Effective 2026-06-30 (v2.0)
This Privacy Policy describes how sell.fun Inc. ("sell.fun," "we," "us," or "our") collects, uses, and shares information when you use our website at sell.fun, our MCP server, our CLI tools, our Claude Code plugin, and any related services (collectively, the "Services").
By using the Services, you agree to the collection and use of information as described in this policy.
1. Who We Are
sell.fun Inc. is a Delaware corporation and is the data controller for buyer transactional data (purchases, invoices, receipts, payment identifiers), consistent with our role as merchant of record under the Terms of Service. For non-transactional Creator-to-Buyer communications initiated by Creators (e.g., product updates, announcements), Creators and sell.fun act as joint controllers.
Contact: hello@sell.fun · sell.fun Inc., 1209 N Orange St, Wilmington, DE 19801, USA.
2. Information We Collect
2.1 Information You Provide
- Account information: Email address when you create a Creator or Buyer account via magic-link authentication.
- Creator profile and tax onboarding: Display name, legal business name, legal address, tax classification, tax form type (W-9 / W-8BEN / W-8BEN-E), Stripe Connect account details (we do not store your full bank account or card numbers).
- Product listings: Titles, descriptions, pricing, tags, categories, and uploaded product files.
- Purchase information: Products purchased, transaction amounts, tax collected, buyer country (from billing address), and buyer VAT ID if provided.
- Communications: Messages you send to us via email or support channels.
2.2 Information Collected Automatically
- Device and access data: IP address, browser type, operating system, referring URL, pages viewed, and timestamps.
- Usage data: Features used, tools invoked (via MCP, CLI, or web), search queries, and interaction patterns.
- Cookies: We use essential cookies for authentication and session management. See Section 8.
2.3 Information from Third Parties
- Stripe: Limited transaction data (payment status, payout status, Stripe account ID, charge ID, balance transaction fee). We never receive or store full credit card numbers.
- Cloudflare: Standard web analytics data (page views, geographic region, device type).
3. How We Use Your Information
- Provide the Services: Process purchases, deliver products, manage accounts, handle Creator payouts via Stripe.
- Act as merchant of record: Calculate and collect applicable indirect taxes (VAT, GST, sales tax) at checkout, issue invoices in sell.fun's name, manage disputes. Where we hold active tax-authority registrations, remit collected taxes to the relevant authorities; where registration is pending, hold collected amounts in preparation for remittance once registration is active.
- Communicate: Purchase confirmations (including invoice receipts), delivery links, magic-link emails, and service notifications.
- Prevent fraud: Detect fraudulent transactions, enforce Terms of Service, moderate content.
- Improve the Services: Analyze usage patterns, fix bugs, develop new features.
- Legal compliance: Respond to legal requests, enforce our rights, meet tax-reporting requirements (including DAC7 for EU Creators), and comply with US export controls and OFAC sanctions.
We do not sell your personal information to third parties. We do not use your data for targeted advertising.
4. How We Share Your Information
4.1 With Creators (for Buyers)
When you purchase a product, the Creator receives your email address and purchase details for fulfillment purposes only. Creators may not use this information for unrelated marketing without your separate consent. Creators do not see your payment card details, billing address, or VAT ID; these remain with sell.fun.
4.2 With Service Providers
- Stripe — Payment processing, Creator payouts, fraud detection, tax calculation (Stripe Tax), and 1099-K / W-8 tax form collection (Connect).
- Cloudflare — Website hosting, content delivery, DDoS protection.
- Resend — Transactional email delivery (purchase confirmations, magic links).
- Tax-filing partners — sell.fun may use tax-compliance providers such as Taxually, TaxJar, hellotax, or Quaderno to file VAT OSS returns, UK VAT returns, and US state sales-tax returns. These providers process transaction data strictly for return preparation.
These providers process data only on our behalf (or in the case of Stripe, as a controller of payment credentials pursuant to its own privacy policy) and are contractually required to protect it.
4.3 For Legal Reasons
We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of sell.fun, our users, or the public.
4.4 Tax Authority Reporting
As merchant of record, we report aggregate transaction data to tax authorities in jurisdictions where we are registered. Under EU Directive 2021/514 (DAC7), once our EU VAT One-Stop Shop registration is active, we will begin collecting and reporting Creator-level data (including identity, bank details, and annual consideration) to the Irish tax authority on the cadence required by the Directive. Affected Creators will be notified before any reportable data is submitted. See the Creator Agreement for details.
4.5 Business Transfers
If sell.fun is acquired or merged, user information may transfer to the new owner. We will notify affected users before their information becomes subject to a different privacy policy.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Creator/Buyer account data | Until account deletion + 30 days |
| Purchase, invoice, and transaction records | 10 years (tax and VAT compliance) |
| Product listings and files | Until deleted by Creator |
| Authentication tokens | Until session expiry or logout |
| Server logs (IP, access) | 90 days |
| Support communications | 3 years |
6. Data Security
- All data in transit encrypted via TLS/HTTPS.
- Product files stored in Cloudflare R2 with signed delivery tokens.
- Magic-link authentication (no passwords stored).
- Payment processing handled entirely by Stripe. We never see or store credit card numbers.
- Database encrypted at rest via Cloudflare D1.
No method of transmission or storage is 100% secure. If we become aware of a breach, we will notify you per applicable law.
7. Your Rights
All users may request access, correction, deletion, or export of their data by emailing hello@sell.fun. We respond within 30 days. Note: records required for tax compliance (section 5, 10-year retention) may not be fully deletable until the retention period expires, but we can restrict further processing.
EEA/UK Users (GDPR)
You may also restrict processing, object to processing based on legitimate interests, withdraw consent, and lodge complaints with your local data protection authority. Legal bases: contract performance (including as merchant of record), legitimate interests (fraud prevention, platform integrity), legal obligations (tax reporting, DAC7), and consent.
California Users (CCPA/CPRA)
You may know what data is collected, request deletion, and opt out of personal information sales (we do not sell personal information). We do not discriminate for exercising privacy rights. We do not respond to Do Not Track signals.
8. Cookies
| Cookie | Purpose | Duration |
|---|---|---|
| Session cookie | Authentication (Creator/Buyer login) | Session / 30 days |
| CSRF token | Cross-site request forgery protection | Session |
We do not use advertising cookies, tracking pixels, or third-party analytics cookies. Cloudflare may set security cookies to protect against bots.
9. International Data Transfers
Our Services are hosted on Cloudflare's global network. For EEA/UK users, we rely on Standard Contractual Clauses (SCCs) and equivalent safeguards for transfers to our processors (Cloudflare, Stripe, Resend, and tax-filing partners). Stripe's GDPR compliance framework covers payment-card data.
10. Children's Privacy
The Services are not directed to children under 13 (or under 16 in the EEA/UK). We do not knowingly collect information from children. Contact us at hello@sell.fun if you believe a child has provided us with personal information.
11. AI Assistant and MCP Usage
When you interact with sell.fun through an AI assistant, the AI provider processes your conversation per their own privacy policy. sell.fun receives only tool calls made on your behalf (e.g., creating a listing, making a purchase). We do not receive or store your conversation history. Authentication uses OAuth 2.1 directly with sell.fun.
12. CLI Tool and Plugin Usage
The CLI stores your authentication token locally in ~/.sellfun/config.json. The sell.fun skills plugin may write local usage telemetry such as which skill completed and how long it took to ~/.sellfun/analytics/. Anonymous aggregate telemetry (no personal data) can be opted into; the default is off. The plugin checks for updates by contacting sell.fun/api/sell/version. Skill execution (reading files, generating descriptions) happens locally using your AI tokens; data is sent to sell.fun when you create, update, publish, or upload a listing.
13. Changes to This Policy
We may update this policy. Material changes will be posted on our website with an updated effective date, and existing users will see a notice at their next login. Continued use constitutes acceptance.
14. Contact Us
Email: hello@sell.fun · Website: sell.fun