We believe in collecting the minimum needed to connect buyers with sellers — and never more. This page explains what we collect, why, and the controls you have.
This policy covers domainmarketspace.com and all related services (the “Service”) operated by Domain MarketSpace Inc. (“we”, “us”). It applies to anyone who visits the site, browses the marketplace, submits an offer, or creates an account.
Domain MarketSpace is a discovery and communication tool. We introduce buyers and sellers of domain names; we do not process payments, hold funds in escrow, or execute domain transfers. The actual sale is concluded directly between the buyer and the seller.
We collect only what we need to run the Service:
| Account info | Name, email, password (hashed), optional bio, handle, website, Twitter. |
| Portfolio data | Domains you list (name, TLD, price, description, registrar, expiry), your notes, and your listing status. |
| Buyer inquiries | When a buyer submits an offer, we store their name, email, offer amount and message so you can reply. |
| Usage data | Page views, clicks, referrer, rough geolocation (country-level), browser type. Used for analytics and abuse prevention. |
| Support | Anything you send us when you contact support. |
We do not collect payment information — we never touch the transaction. Any payment you make to a seller is between you, the seller, and your chosen escrow or registrar.
We do not use your data to train third-party AI models, and we do not sell or rent it to advertisers.
We only share data where strictly necessary. Our sub-processors:
| Hosting | Vercel (infrastructure, CDN) |
| Database | Neon / Postgres (encrypted at rest) |
| Resend (transactional email) | |
| Analytics | Plausible (privacy-friendly, cookie-less aggregate stats) |
| Error tracking | Sentry (IPs truncated, no PII in payloads) |
We may disclose data if required by law, a valid subpoena, or to protect the rights and safety of users. We’ll tell you unless legally gagged.
We use a single first-party cookie to keep you logged in. We don’t use third-party tracking cookies or advertising pixels. Our analytics provider (Plausible) is cookie-less and does not track visitors across sites.
Some browsers honor “Do Not Track”. We respect it where technically possible.
Passwords are hashed with bcrypt. Data is encrypted in transit (TLS 1.3) and at rest. We follow the principle of least privilege for internal access and log every production query.
No system is perfectly secure. If you discover a vulnerability, please report it to security@domainmarketspace.com. We respond within 48 hours and don’t pursue good-faith researchers.
Depending on your jurisdiction (GDPR, CCPA, UK GDPR, Lei Geral de Proteção de Dados), you may have rights to:
Exercise any of these by emailing privacy@domainmarketspace.com. We respond within 30 days (usually much sooner).
The Service is not directed to children under 16. We don’t knowingly collect data from them. If you believe a child provided us data, email privacy@domainmarketspace.com and we’ll delete it.
We may update this policy as the product evolves. Material changes will be announced at least 14 days in advance via email and in-app banner. The version and effective date at the top of this page always reflect the latest copy.
Privacy questions, data requests, or concerns: