1. Who We Are

Mesukosei.com ("the Platform," "we," "us," or "our") is a marketplace platform that connects buyers and sellers of clothing and related goods. This Privacy Policy explains how we collect, use, protect, and handle your personal information when you use our Platform.

We take your privacy seriously. Protecting the personal information of every person who trusts us with their data is a core principle of our company — not an afterthought.

2. Information We Collect

We collect only the information necessary to operate the Platform and serve you effectively:

Account Registration

• Email address
• Display name
• Password (stored only in hashed form — we never see or store your actual password)
• Date of birth (for age verification purposes only)
• Account type (Buyer or Seller)

Seller Registration (additional)

• First and last name
• Address, city, state/province, ZIP/postal code, and country
• Prefecture (where applicable)
• Preferred language

Profile Information (voluntarily provided)

• Profile picture
• Bio and store description
• Cart message
• Communication preferences

Transaction Information

• Order history, including items purchased or sold
• Shipping addresses provided at checkout
• Token balances and tip activity

Automatically Collected

• Authentication cookies required to keep you logged in
• Anti-forgery tokens for form security
• reCAPTCHA data (processed by Google) for bot prevention during registration

3. What We Do Not Collect

• Credit card numbers, bank account details, or financial credentials. All payments are processed entirely by PayPal. We never see, handle, or store your payment information.
• Government-issued identification numbers (Social Security, national ID, passport, etc.).
• Biometric data of any kind.
• Precise geolocation data. We do not track your physical location.
• Browsing activity outside the Platform. We do not use third-party tracking pixels, advertising cookies, or cross-site trackers.

4. How We Use Your Information

Your information is used exclusively for the following purposes:

• Operating your account — authentication, profile display, and preference management.
• Facilitating transactions — connecting buyers with sellers, processing orders, managing shipping details, and maintaining order history.
• Communication — sending account verification emails, order confirmations, and Platform messages between users. We may also notify you of important changes to our Terms or services.
• Security and fraud prevention — reCAPTCHA verification, rate limiting, honeypot detection, and account lockout for suspicious activity.
• Platform improvement — understanding how the Platform is used so we can make it better. This is done using aggregate, anonymized data only.
• Legal compliance — responding to lawful legal requests when required by law.

5. We Do Not Share Your Data

The only circumstances under which any of your information may be disclosed are:

• To complete a transaction: When you purchase an item, your shipping address is shared with the seller solely for the purpose of fulfilling your order. Sellers are contractually prohibited from using this information for any other purpose.
• Payment processing: When you make a payment, PayPal processes the transaction under their own privacy policy. We do not control or have access to the financial data you provide to PayPal.
• Bot prevention: Google reCAPTCHA processes limited interaction data during registration to verify you are human. This is governed by Google's Privacy Policy and Terms of Service.
• Legal obligation: If we are compelled by a valid court order, subpoena, or legal process issued by a court of competent jurisdiction, we may disclose the minimum information required by law. We will notify you of such requests to the extent legally permitted.

We do not have advertising partners. We do not have data brokers. We do not participate in data-sharing programs. We do not use your data to build marketing profiles.

6. Data Protection & Security

We implement robust security measures to protect your information:

• Password security: All passwords are cryptographically hashed using ASP.NET Core Identity's built-in hashing. We never store or have access to plaintext passwords.
• Encrypted connections: All data transmitted between your browser and our servers is encrypted using TLS/SSL (HTTPS).
• Anti-forgery protection: Every form submission is protected against cross-site request forgery (CSRF) attacks.
• Rate limiting: Registration and sensitive operations are rate-limited to prevent brute-force attacks and abuse.
• Bot prevention: Google reCAPTCHA v3 and honeypot fields protect against automated account creation.
• Account lockout: Accounts are locked after repeated failed authentication attempts.
• Access control: Role-based authorization ensures users can only access data and features appropriate to their account type.

While no system is completely immune to security threats, we continuously review and improve our security practices. If we ever become aware of a data breach that affects your personal information, we will notify you promptly.

7. Cookies & Local Storage

We use the absolute minimum number of cookies required for the Platform to function:

• Authentication cookie: Keeps you logged in during your session. This is a secure, HTTP-only cookie that cannot be read by client-side scripts.
• Anti-forgery cookie: Protects forms against CSRF attacks. This is a security measure, not a tracking tool.
• reCAPTCHA cookies: Set by Google during the registration process only, to distinguish human users from bots.

We do not use advertising cookies, analytics cookies, tracking pixels, social media trackers, or any form of cross-site tracking technology. We do not participate in any advertising networks.

8. Data Retention

• Active accounts: Your data is retained for as long as your account remains active.
• Transaction records: Order and transaction history is retained for the duration required by applicable tax and commercial laws (typically 7 years), even after account closure.
• Account deletion: Upon account closure or deletion request, we will remove your personal profile information (display name, bio, profile picture, preferences) within 30 days. Data that we are legally required to retain (such as transaction records) will be retained in anonymized form.
• Messages: Messages may be retained to protect both parties in the event of disputes. Deleted messages are soft-deleted and excluded from the user interface but may be retained for dispute resolution purposes.

9. Your Rights

Regardless of where you are located, we respect and provide the following rights to all of our users:

• Right to access: You may request a copy of the personal data we hold about you at any time.
• Right to correction: You may update or correct your personal information through your account profile at any time, or by contacting us.
• Right to deletion: You may request deletion of your account and personal data. We will comply within 30 days, subject to legal retention requirements.
• Right to data portability: You may request an export of your personal data in a commonly used, machine-readable format.
• Right to withdraw consent: Where processing is based on your consent, you may withdraw consent at any time. This does not affect the lawfulness of processing carried out before withdrawal.
• Right to object: You may object to any processing of your data. Given that we do not use your data for marketing or profiling, this right is largely satisfied by default.

To exercise any of these rights, contact us at support@mesukosei.com. We will respond within 30 days.

10. Children's Privacy

The Platform is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected data from a child under 13, we will take immediate steps to delete that information and terminate the associated account.

Users between the ages of 13 and 17 may use the Platform only with verifiable parental or legal guardian consent.

11. International Users

Mesukosei.com is operated from the United States. If you are accessing the Platform from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States.

We are committed to respecting the privacy rights of users worldwide. Regardless of your location, we apply the same high standard of data protection to all users. We do not lower our privacy protections based on geography.

12. Third-Party Services

The Platform integrates with a limited number of third-party services. Each operates under its own privacy policy:

• PayPal — for payment processing. We do not access, store, or process your financial information. PayPal Privacy Policy
• Google reCAPTCHA — for bot prevention during registration only. Google Privacy Policy

We carefully evaluate any third-party service before integration and only use services that we believe meet an acceptable standard of privacy and security. We do not integrate advertising, analytics, or social media tracking services.

13. Data Breach Notification

In the unlikely event of a data breach that compromises your personal information, we will:

• Notify affected users via email and through the Platform's banner system within 72 hours of discovery.
• Provide a clear description of what information was affected.
• Describe the steps we are taking to address the breach and mitigate harm.
• Offer guidance on steps you can take to protect yourself.
• Report the breach to relevant authorities as required by applicable law.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes:

• Material changes will be communicated via the Platform's banner notification system and/or email to all registered users.
• The "Last Updated" date at the top of this page will be revised.
• Your continued use of the Platform after changes are posted constitutes your acceptance of the revised Privacy Policy.

We encourage you to review this Privacy Policy periodically.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: support@mesukosei.com
• Platform: Mesukosei.com

We will make every effort to respond to your inquiry within 30 days.