Legal

Privacy Policy

Last updated: July 4, 2026

This policy explains what personal data Wilum (“we”, “us”) collects when you use wilum.co, including the iHave–iWant marketplace and membership services, how we use it, and the choices you have. By using the site you agree to this policy.

Data we collect

Account data. Your email address and a hashed password (we never store passwords in plain text), plus a display name if you set one.

Content you create. Marketplace listings (titles, descriptions, photos), exchange offers and related messages, favourites, and feature votes.

Approximate location. If you use location features (such as “Near me”), your browser shares coordinates that we convert to a city name. We store only the city, not your precise coordinates.

Payment confirmations. For membership payments made by bank transfer or QR payment, we store the receipt you upload. Card payments are processed by our payment providers (such as Stripe) — we never see or store your card number.

Usage data. Standard technical data (IP address, browser type, pages visited, errors) collected via our analytics tooling and server logs, used to keep the service reliable and to understand how features are used.

How we use your data

  • To provide the service: accounts, listings, exchanges, membership access.
  • To send transactional email (verification codes, exchange notifications).
  • To keep the platform safe: uploaded photos and listing text are automatically screened by AI moderation systems before publication, and we apply rate limiting and bot protection to prevent abuse.
  • To measure and improve the product through aggregated analytics.

We do not sell your personal data, and we do not use it for third-party advertising.

What other users see

Your published listings, display name, and city are visible to other users. Your email address is never shown publicly and is never exposed through our APIs.

Service providers

We rely on a small set of processors to run the service: hosting and content delivery (Vercel), database and file storage (Supabase), payment processing (Stripe and regional providers), transactional email (Resend), product analytics (PostHog), bot protection (Cloudflare Turnstile), and AI content-safety screening (Google and Amazon Web Services). Each provider receives only the data needed for its function.

Cookies and local storage

We use a session cookie to keep you signed in, local storage for preferences such as theme, and analytics identifiers to understand product usage. We do not use third-party advertising cookies.

Data retention and deletion

We keep your data while your account is active. You can request access to, correction of, or deletion of your personal data at any time by emailing info@wilum.co. We will action deletion requests within 30 days, except where we are legally required to retain certain records (for example, payment confirmations).

Age requirement

The service is intended for users aged 18 and over. We do not knowingly collect data from children.

Changes to this policy

If we make material changes, we will update the date above and, where appropriate, notify you in the product. Questions? Contact info@wilum.co. See also our Terms of Service.