- Details
Privacy Policy
Last updated: 30 June 2026
This Privacy Policy explains how Barracks Bazaar ("we", "us", "the Site") collects, uses, shares, and protects your personal data, and the rights you have over that data under the EU General Data Protection Regulation (GDPR) and applicable data-protection law. Barracks Bazaar is a members-only, peer-to-peer community marketplace for participating U.S. military installations. Because we serve a community that includes residents of the European Union, we apply GDPR-level protections to everyone.
1. Who we are (Data Controller)
The data controller responsible for your personal data is Barracks Bazaar. If you have any question about this policy or wish to exercise your privacy rights, contact us at:
2. We process no payments
Barracks Bazaar is a peer-to-peer marketplace. The Site handles no funds and processes no payments. Buyers and sellers arrange and complete payment directly with each other, in person. We do not collect, store, or transmit card numbers, bank details, or any other payment-instrument data, and there is therefore no payment processor that receives your data through us.
3. Personal data we collect
We collect only what is needed to run a members-only community marketplace:
- Account identity — your name/username and email address, and your login credentials.
- Installation affiliation — the participating installation/community you select at registration, used to scope the marketplace to your community.
- Optional profile details — if you choose to provide them: address, city, and phone number, and your preferred buying/selling (currency) preferences.
- Listings and images — the items you list for sale, their descriptions, prices, and any photos you upload.
- Order and transaction records — when you place or receive an order through the marketplace, the order details and the name/address information associated with that order (used so buyer and seller can arrange the in-person exchange). No payment is taken.
- Moderation and community records — reports you submit or that concern you, and moderation actions, kept to keep the community safe.
- Contact-form submissions — if you use a contact or waitlist-interest form, the information you provide there.
- Server activity logs — limited administrative action logs for security and troubleshooting. We do not log IP addresses.
4. Why we use your data and our lawful bases
We rely on the following GDPR lawful bases:
- Performance of a contract (Art. 6(1)(b)) — creating and maintaining your account, scoping you to your installation community, and providing the marketplace (listings, orders, buyer/seller exchange).
- Consent (Art. 6(1)(a)) — optional profile data you choose to add, any cookies beyond those that are strictly necessary, and any marketing communications (we do not currently send marketing). You may withdraw consent at any time.
- Legitimate interests (Art. 6(1)(f)) — moderation, security, fraud and abuse prevention, and keeping limited action logs, balanced against your rights and freedoms.
5. Who we share data with (recipients and processors)
We do not sell your personal data, and we use no third-party advertising or analytics trackers. The only processor we rely on is our hosting provider, Hostinger, which hosts the Site and its database on servers located in the European Union under a data-processing arrangement. Other members of the marketplace see only the limited information needed to transact with you (for example, a seller's listings, or the name/contact details you share to arrange an in-person exchange). We may disclose data where legally required.
6. International transfers
The Site and its data are hosted within the European Union. We do not routinely transfer your personal data outside the EU/EEA. Where any transfer were to occur, we would rely on an appropriate GDPR safeguard (such as an adequacy decision or standard contractual clauses).
7. How long we keep your data (retention)
- Account data — kept while your account is active; deleted on account deletion or after a period of prolonged inactivity.
- Listings and order/transaction records — kept while your account is active and as needed to support the community marketplace; removed on account erasure.
- Administrative action logs — retained on a rolling basis (currently up to 12 months) under a scheduled retention task, then automatically deleted.
- Consent records — kept as evidence of consent and refreshed periodically.
8. Cookies
The Site is login-gated and uses only strictly necessary cookies: a PHP session cookie that keeps you logged in during your visit, and the core "Remember Me" cookie if you choose that option. We use no tracking, advertising, or analytics cookies. Because these cookies are essential to the service, they do not require opt-in consent; we show a short notice disclosing them.
9. Your rights under GDPR
You have the right to: access your data; rectify inaccurate data; request erasure ("right to be forgotten"); restrict or object to processing; data portability; withdraw consent at any time (without affecting prior processing); and lodge a complaint with a supervisory authority (for residents of Italy, the Garante per la protezione dei dati personali, or your local EU authority).
To exercise your rights, use the Site's built-in data-request page at Privacy Data Request, where you can submit an information (access) or removal (erasure) request, or email us at
10. Automated decision-making
We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on you.
11. Children
The Site is intended for adults. You must be 18 or older to register or use the marketplace. We do not knowingly collect data from children.
12. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be reflected by an updated "Last updated" date above and, where appropriate, by notice on the Site.