Sign in

Privacy Policy

How we collect, use, and protect your information.

Effective Date: January 1, 2025
Last Updated: May 30, 2026

The Short Version

JMLOGMARKET LLC ("we," "us") collects the information you give us (email, phone, listings, payment info) to run the marketplace. We don't sell your data. We use industry-standard services (AWS, Stripe) to store it securely. You can delete your account anytime.

1. Information We Collect

Information You Provide

Data Type When Collected Purpose
Email address Account signup Account login, notifications
Phone number Account signup, listings Account verification, display on listings so buyers can contact you
Name Account signup, listings Display on listings
Listing content When you post a listing Display on the marketplace
Photos When you upload to listings Display on the marketplace
Location (city/county) Listings, trucker signup Help buyers find local listings
Push notification subscription When you opt in to push notifications on your device Deliver instant alerts for new messages, listing matches, and buyer-request matches. Includes the browser-issued push endpoint URL, encryption keys, your browser user agent, and platform (web/PWA/Android). You can disable push at any time from your account settings or browser permissions.
Direct-message content When you send a message to another user Delivered to the recipient. Phone numbers and email addresses are automatically detected and hidden from the recipient's view (a privacy-by-design feature that keeps contact info on-platform). For abuse and fraud review, our staff may retain the original unredacted message text for a limited retention period, after which it is deleted.

Information Collected Automatically

Data Type Purpose
IP address Security, abuse prevention, approximate location
Browser type and device Improve site compatibility, debugging
Pages visited Understand how the site is used
Referring website Understand how users find us
Analytics identifier (GA4 client ID) A persistent random ID stored in your browser by Google Analytics 4 so we can distinguish unique visitors across sessions. Not linked to your real-world identity. Can be cleared via your browser cookie/storage settings.
Listing engagement events When a listing is viewed, called, emailed, shared, or photo-clicked, an anonymous counter is incremented on that listing so sellers can see how their post is performing. No personal identifier is recorded — just the event type and listing ID.
Bot-detection signals (Cloudflare Turnstile) When you submit certain forms as a guest (e.g., posting a listing without an account), Cloudflare Turnstile performs an invisible browser check to confirm you're not a bot. Cloudflare receives request-level signals (IP, user agent, behavioral patterns) for that check only.

Information From Sign-In Providers

If you choose to sign in with Google or Apple (through AWS Cognito), that provider transmits your name and email address to us so we can create or match your account. If you use Apple's "Hide My Email" option, Apple sends us a private relay email address instead of your real one. We do not receive your Google or Apple password.

2. How We Use Your Information

We use your information to:

  • Operate the marketplace - Display your listings, enable account login, process your requests
  • Communicate with you - Send account-related emails, respond to your questions
  • Improve the platform - Understand how the site is used, fix bugs, add features
  • Prevent abuse - Detect spam, fraud, and violations of our terms
  • Comply with law - Respond to legal requests when required

We do not sell your personal information. We don't share it with third parties for their marketing purposes.

3. Information Sharing

We share your information only in these circumstances:

  • Public listings: When you post a listing, the information in that listing (including your name, phone, photos, and location) is visible to anyone who visits the site. This is the point of the marketplace.
  • Service providers: We use third-party services to operate the platform (see Section 4). These providers only access your data to perform services for us.
  • Legal requirements: We may disclose information if required by law, court order, or to protect our rights or safety.
  • Payment processing: When you subscribe to a paid plan, your payment information is sent directly to Stripe on the web or the Android app. When you subscribe inside the iOS app, the purchase is processed by Apple through In-App Purchase (Apple is the merchant of record). On every platform, we store only an account identifier and your subscription status — we never receive or store your card number.
  • Business transfer: If JMLOGMARKET LLC is sold or merged, your information may be transferred to the new owner.

4. Third-Party Services

We use the following third-party services to operate the marketplace. Each has its own privacy policy and security practices.

  • Amazon Web Services (AWS): Hosts our website, database (DynamoDB), file storage (S3), and serverless backend (Lambda + API Gateway). All site traffic is delivered via Amazon CloudFront. AWS Privacy Policy
  • AWS Cognito: Handles user authentication (login/signup) and stores your password using industry-standard hashing. We never see or store your password directly.
  • Amazon S3: Stores the photos you upload to listings.
  • Amazon SES: Sends transactional emails on our behalf — direct-message notifications, listing alerts, password resets, and buyer-request matches.
  • Stripe: Processes subscription payments. Your payment card details are handled entirely by Stripe — we never see or store your full card number. We only store your Stripe customer ID and active subscription tier. Stripe Privacy Policy
  • Google Analytics 4 (measurement ID: G-Q30BWV6M1V): Collects anonymized usage data — page views, referrers, approximate location from IP, device/browser type, and a persistent random client ID. Used to understand traffic and improve the site. Google Privacy Policy
  • Google Tag Manager (container: GTM-TBXRVHSM): Loads our analytics and marketing tags. GTM itself does not collect personal data; it manages the tags that do (currently Google Analytics 4).
  • Cloudflare Turnstile: Bot detection on certain guest-submitted forms (e.g., posting a listing without an account, posting a buyer request). Cloudflare receives request-level signals (IP, user agent, behavioral patterns) to issue a verification token. Cloudflare Privacy Policy
  • Browser push services (Google FCM, Apple APNs, Mozilla autopush, etc.): When you opt in to push notifications, your browser registers with its vendor's push service. We send notifications through that service; we do not receive your device's identity. The push endpoint your browser provides us is stored only to deliver notifications you've subscribed to.
  • jsDelivr CDN: Delivers a small image-format helper library (heic2any) loaded on demand only when an iPhone HEIC photo is selected for upload. No personal data is sent to jsDelivr beyond the standard request metadata required to fetch a JavaScript file.
  • Anthropic (Claude API): When you use our free AI Log Grader or AI Tree Grader, the photos you upload are sent to Anthropic's Claude vision API for defect detection. Per Anthropic's commercial API terms in effect, your photos are not used to train Anthropic's models and are not retained on Anthropic's servers beyond the duration of the API call. We do not send your name, email, account ID, or any other personal identifier alongside the photos. Anthropic Privacy Policy · Anthropic Commercial Terms
  • Apple (App Store / In-App Purchase): If you subscribe to a paid plan inside our iOS app, Apple processes the purchase as merchant of record. Apple handles your payment and shares your subscription and entitlement status with us; we do not receive your card number, name, or email from Apple in connection with the purchase. Apple Privacy Policy
  • RevenueCat: Manages and verifies iOS In-App Purchase subscriptions. We send RevenueCat your account identifier (Cognito user ID) as the app-user ID, along with purchase and entitlement metadata from Apple, so it can keep your subscription status in sync. RevenueCat does not receive your card number, name, or email address. RevenueCat Privacy Policy
  • OpenStreetMap (Nominatim & map tiles): Powers location lookup (geocoding) and map display. When a map or address search loads, your browser requests data from OpenStreetMap's servers, which receive standard request metadata (including your IP address). OpenStreetMap Privacy Policy

We've chosen reputable providers with strong security practices. We do not sell your data to any of these providers; they process data only to perform services for us.

5. Cookies and Tracking

We use cookies and similar browser-storage technologies for:

  • Authentication: Session and ID tokens from AWS Cognito stored in sessionStorage to keep you logged in across page loads.
  • Preferences: Your dismissed banners, dark-mode (where applicable), referral code captured from ?ref= URL parameters.
  • Analytics: Google Analytics 4 (measurement ID G-Q30BWV6M1V) stores a persistent random client ID to recognize repeat visitors and stitch sessions. Google Tag Manager (GTM-TBXRVHSM) loads our analytics tags. We do not run third-party advertising trackers.
  • Service worker cache: Static files (CSS, JavaScript, fonts, icons) are cached on your device to make repeat visits faster and to support limited offline use. Cleared automatically when you uninstall the app or clear site data.

Most browsers let you control cookies and site storage through settings. Disabling them may affect site functionality, particularly login. Automated browsers (Playwright, Puppeteer, Selenium, and other tools that set navigator.webdriver = true) are excluded from analytics entirely.

5a. Push Notifications

Push notifications are strictly opt-in. You will never receive a push notification until you tap "Enable notifications" on a device, grant browser permission, and confirm. We use push to deliver:

  • New direct messages from other users
  • New listings matching alerts you've subscribed to
  • New listings matching open buyer requests you've posted

When you subscribe, your browser generates a unique push endpoint (issued by your browser vendor — Google, Apple, Mozilla, or similar) and a pair of encryption keys. We store these along with your user account ID (or, for non-account flows, your email address) so we can deliver the notifications you've asked for. We do not share the endpoint or keys with anyone other than the browser vendor's push relay service required to deliver each notification.

You can revoke push notifications at any time:

  • From the "Push notifications" card in your account page
  • From your browser's site-permissions settings
  • By uninstalling the app from your device

Revoked subscriptions are automatically removed from our database the next time a notification fails to deliver to them.

5b. Mobile Apps

JMLogMarket is available as a web application at jmlogmarket.io and may be distributed as a mobile application through supported app stores such as Google Play or the Apple App Store. The mobile application is built as a wrapper around the same website and is subject to this same Privacy Policy.

The mobile app collects the same information described above. Specifically:

  • The app uses the platform-provided web view (Chrome on Android, WebKit on iOS), which inherits the privacy and security controls of that platform.
  • On Android, subscription upgrades and billing management are routed to a separate external browser tab so that all payment information is handled by Stripe on our website, not within the app. On iOS, paid subscriptions are processed by Apple through In-App Purchase (Apple is the merchant of record), and we use RevenueCat to keep your entitlement status in sync. On either platform, we never receive your card number.
  • Push notifications use the platform's native notification service (Firebase Cloud Messaging on Android, Apple Push Notification service on iOS) when delivered through the mobile app.
  • Photos uploaded through the app are sent directly to our Amazon S3 storage via the same secure pipeline as the website.
  • We do not collect device advertising identifiers (IDFA, AAID) or contact lists. We do not access your camera, microphone, or precise device location without an explicit prompt for the relevant action (e.g., a camera prompt when you choose "Take photo" for a listing, or a location prompt when you tap "Set your location"). We do automatically derive an approximate, city-level location from your IP address (with no prompt) to show nearby listings first — see the Location section below.

Each app store's privacy disclosure ("Data Safety" on Google Play, "App Privacy" on the App Store) reflects this same collection scope.

5c. Location

We use location in two distinct ways:

  • Automatic, approximate (IP-based): Amazon CloudFront derives an approximate, city-level location from your IP address automatically, with no prompt. We use this only to rank nearby listings first so you see local supply before distant supply. We do not store this approximate location as a profile attribute.
  • Optional, precise (device geolocation): Only if you tap "Set your location" does your browser ask for permission to share your precise device location. If you allow it, your coordinates are used entirely within your browser to sort listings by distance. We do not send those coordinates to or store them on our servers — only a small "dismissed" flag is saved in your browser's local storage so we don't keep re-prompting you.

Map display and address lookup (geocoding) are provided by OpenStreetMap (Nominatim and map tiles); see Section 4.

6. Data Retention

  • Account data: Kept as long as your account is active
  • Listings: Kept until you delete them or we remove them
  • Server logs: Typically deleted after 90 days
  • AI Grader analytics: When you use the AI Log Grader or AI Tree Grader, we store the structured grade output (species, dimensions, defect count, grade tier, value estimate, your IP address, and your browser's user-agent string) for up to 365 days in our analytics tables. We do not store the photos themselves. This data lets us measure tool usage, improve the grading rule engine over time, and prevent abuse. Records auto-delete after 365 days.
  • AI Grader feedback: When you submit thumbs-up/down feedback on a grade, we store your rating + any optional comment, your IP, and your user-agent for up to 90 days for quality improvement.
  • Newsletter signups: When you subscribe to our newsletter, we store your email address along with your IP address and browser user-agent at the time of signup. We keep these for abuse prevention and as a record (proof of consent) until you unsubscribe.
  • Opt-in shared grades: If you click "Share this grade" to generate a shortcode link, the grade output is stored for up to 30 days so the link works. After 30 days the shared link expires.

When you delete your account, we remove your personal information from our active systems. Some data may persist in backups for a limited time.

7. Your Rights

You have the right to:

  • Access your data: Contact us to request a copy of your information
  • Correct your data: Update your account information or listings anytime
  • Delete your data: Delete your account and listings through the site, or contact us for help
  • Opt out of emails: Unsubscribe from marketing emails (you'll still receive essential account emails)

To exercise these rights, contact us using the information below.

8. Data Security

We take reasonable measures to protect your information:

  • HTTPS encryption for all data in transit
  • Passwords are hashed, not stored in plain text
  • Access to production systems is restricted
  • We use reputable, security-focused hosting providers

However, no system is 100% secure. We cannot guarantee absolute security of your data.

9. Children's Privacy

JMLogMarket is not intended for users under 18 years old. We do not knowingly collect information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

10. California Residents

If you're a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect and how it's used
  • Right to delete your personal information
  • Right to opt out of sale of personal information (we don't sell your data)
  • Right to non-discrimination for exercising your rights

Contact us to exercise these rights.

11. International Users

JMLogMarket is a United States marketplace directed to users in the United States. Our services and content are intended for U.S. residents, and our data is stored on servers located in the United States.

We do not offer or direct our services to residents of the European Economic Area (EEA), the United Kingdom, or Switzerland, and we do not intend to be subject to the EU/UK General Data Protection Regulation (GDPR). If you access the site from outside the United States, you do so on your own initiative and are responsible for compliance with local laws.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will update the "Last Updated" date at the top of this page.

Continued use of the platform after changes take effect constitutes acceptance of the updated policy.

Questions About Privacy?

If you have questions about this Privacy Policy or want to exercise your rights, contact us.

Email: Jett@jmlogmarket.io
Phone: (606) 923-3591 Jett@jmlogmarket.io
Address: 3339 Ohio River Road, Greenup, KY 41144

Contact Us