Barracks Bazaar Barracks Bazaar
  • Register
  • Login
  • Terms & Conditions
  1. You are here:  
  2. Home
  3. Privacy Policy
Details
Last Updated: 04 July 2026

Privacy Policy

Last updated: 4 July 2026

This Privacy Policy explains how Barracks Bazaar ("we", "us", "the Site") collects, uses, shares, and protects your personal data, and the rights you have over that data under the EU General Data Protection Regulation (GDPR) and applicable data-protection law. Barracks Bazaar is a members-only, peer-to-peer community marketplace for participating U.S. military installations. Because we serve a community that includes residents of the European Union, we apply GDPR-level protections to everyone.

1. Who we are (Data Controller)

The data controller responsible for your personal data is Barracks Bazaar. If you have any question about this policy or wish to exercise your privacy rights, contact us at: This email address is being protected from spambots. You need JavaScript enabled to view it..

2. Payments

Barracks Bazaar is a peer-to-peer marketplace. For items bought and sold on the Site, we handle no funds and process no payments. Buyers and sellers arrange and complete payment directly with each other, in person. We do not collect, store, or transmit card numbers, bank details, or any other payment-instrument data. The one exception is optional supporter contributions, which are processed by Stripe as described in Section 15 - even then, we never receive your card or bank details ourselves.

3. Personal data we collect

We collect only what is needed to run a members-only community marketplace:

  • Account identity — your name/username and email address, and your login credentials.
  • Installation affiliation — the participating installation/community you select at registration, used to scope the marketplace to your community.
  • Optional profile details — if you choose to provide them: address, city, and phone number, and your preferred buying/selling (currency) preferences.
  • Listings and images — the items you list for sale, their descriptions, prices, and any photos you upload.
  • Order and transaction records — when you place or receive an order through the marketplace, the order details and the names and chosen contact preferences associated with that order (used so buyer and seller can arrange the in-person exchange — home addresses are not part of checkout). No payment is taken.
  • Moderation and community records — reports you submit or that concern you, and moderation actions, kept to keep the community safe.
  • Contact-form submissions — if you use a contact or waitlist-interest form, the information you provide there.
  • Server activity logs — limited administrative action logs for security and troubleshooting. We do not use IP addresses to track you; our hosting provider's standard server logs may record them briefly for security and are not used for profiling.

4. Why we use your data and our lawful bases

We rely on the following GDPR lawful bases:

  • Performance of a contract (Art. 6(1)(b)) — creating and maintaining your account, scoping you to your installation community, and providing the marketplace (listings, orders, buyer/seller exchange).
  • Consent (Art. 6(1)(a)) — optional profile data you choose to add, any cookies beyond those that are strictly necessary, and any marketing communications (we do not currently send marketing). You may withdraw consent at any time.
  • Legitimate interests (Art. 6(1)(f)) — moderation, security, fraud and abuse prevention, and keeping limited action logs, balanced against your rights and freedoms.

5. Who we share data with (recipients and processors)

We do not sell your personal data, and we use no third-party advertising or analytics trackers. We rely on a small number of processors: our hosting provider Hostinger (Site and database, on servers in the European Union under a data-processing arrangement), Stripe for supporter payments (Section 15), Anthropic and product-catalog services for the AI listing tools (Section 16), and our email delivery service. Each receives only what its job requires. Other members of the marketplace see only the limited information needed to transact with you (for example, a seller's listings, or the name/contact details you share to arrange an in-person exchange). We may disclose data where legally required.

6. International transfers

The Site and its data are hosted within the European Union. Some of our service providers process data in the United States — Stripe for supporter payments and Anthropic and the product catalogs for the AI tools (see Sections 15 and 16). Stripe certifies to the EU-U.S. Data Privacy Framework; we share only the minimum each service needs. Where any transfer were to occur, we would rely on an appropriate GDPR safeguard (such as an adequacy decision or standard contractual clauses).

7. How long we keep your data (retention)

  • Account data — kept while your account is active; deleted on account deletion or after a period of prolonged inactivity.
  • Listings and order/transaction records — kept while your account is active and as needed to support the community marketplace; removed on account erasure.
  • Administrative action logs — retained on a rolling basis (currently up to 12 months) under a scheduled retention task, then automatically deleted.
  • Consent records — kept as evidence of consent and refreshed periodically.

8. Cookies

The Site is login-gated and uses only strictly necessary cookies: a PHP session cookie that keeps you logged in during your visit, and the core "Remember Me" cookie if you choose that option. We use no tracking, advertising, or analytics cookies. Because these cookies are essential to the service, they do not require opt-in consent; we show a short notice disclosing them.

9. Your rights under GDPR

You have the right to: access your data; rectify inaccurate data; request erasure ("right to be forgotten"); restrict or object to processing; data portability; withdraw consent at any time (without affecting prior processing); and lodge a complaint with a supervisory authority (for residents of Italy, the Garante per la protezione dei dati personali, or your local EU authority).

To exercise your rights, use the Site's built-in data-request page at Privacy Data Request, where you can submit an information (access) or removal (erasure) request, or email us at This email address is being protected from spambots. You need JavaScript enabled to view it.. We will respond within the time limits set by GDPR.

10. Automated decision-making

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on you.

11. Children

The Site is intended for adults. You must be 18 or older to register or use the marketplace. We do not knowingly collect data from children.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by an updated "Last updated" date above and, where appropriate, by notice on the Site.

13. Data breaches

If a personal-data breach occurs that is likely to put your rights at risk, we will notify the competent supervisory authority within 72 hours of becoming aware of it and, where required, notify you directly without undue delay.

14. United States residents (including California)

We do not sell or share personal information as defined by the California Consumer Privacy Act (CCPA/CPRA), and we do not use your data for cross-context behavioural advertising. US residents may exercise the rights to know, correct, and delete their personal information using the same Data Request tool or by emailing This email address is being protected from spambots. You need JavaScript enabled to view it.. We will not discriminate against you for exercising these rights.

15. Supporter payments (Stripe)

Voluntary contributions are processed by Stripe, Inc. (stripe.com), our payment processor. Stripe collects and processes your name, email address, and full payment details directly, under its own privacy policy (stripe.com/privacy). We never receive or store your card or bank details.

What we receive and keep: the Barracks Bazaar username you enter at checkout, the email address used to pay, the amount and currency, the contribution type (one-time or subscription), Stripe's transaction and subscription reference IDs, and your resulting access status. We use this to switch your AI access on and off, to answer questions about your contribution, and for basic accounting.

Subscriptions and refunds: for recurring contributions, Stripe notifies us automatically about renewals, cancellations, and refunds so your access can follow your payments without manual handling; those notifications carry the same limited details listed above. Stripe also sends you its own payment receipts by email.

Retention and deletion: contribution records are kept while your access is active and afterwards as reasonably needed for accounting and dispute handling; we process them to carry out your contribution and for our legitimate interest in funding the Site. You can request deletion of your account data at any time through the Privacy Data Request page; contribution records that must be retained for accounting are kept in minimal form and deleted when no longer required.

International transfer: Stripe processes payments in the United States. Stripe certifies to the EU-U.S. Data Privacy Framework for transfers of European personal data.

16. AI features and product lookups

If you use the AI listing tools, the text you type about an item is sent to our AI provider (Anthropic) to generate the draft, and any barcode or product name you look up is sent to product-catalog services (such as UPCitemdb and Google Books) - these lookups contain product identifiers only. Do not include personal information in item descriptions. Photos you attach to a listing are stored on the Site and are not analyzed by the AI. If you turn on notifications, we store the delivery address your device issues for that purpose (revocable in your browser settings at any time); messages sent through the private relay are stored so they can be delivered.

Next article: Join your base's marketplace Next
  • Privacy Policy
  • Privacy Data Request
  • Terms of Service
Barracks Bazaar uses only strictly necessary cookies (to keep you logged in). We use no tracking or advertising cookies. See our Privacy Policy.