Carousell

Cookie Policy

Effective Date: March 17, 2024 | Last Updated: February 11, 2025

Generated by Terminal

Gruntslate Speak Spread

1. DATA SECURITY

We implement "reasonable" security measures, where "reasonable" is defined as whatever we can afford after executive bonuses.

In the event of a breach, we'll notify affected users within the legally required timeframe, which gives us plenty of time to prepare our "We Take Security Seriously" press release.

Encryption is used during transmission and "at rest," though the encryption keys are stored in a text file labeled "do_not_share.txt" on a shared drive.

Employee access to data is restricted on a "need to know" basis, where "need to know" includes curiosity about celebrity users and settling office bets.

2. INFORMATION WE COLLECT

We collect information you provide directly, information you don't know you're providing, information your devices leak like a sieve, and information we purchase from data brokers who got it from someone else.

Personal identifiers include: name, email, phone number, address, Social Security number (where permitted), driver's license, passport details, and that nickname your friends use that you'd rather we didn't know.

Biometric data includes: facial geometry, fingerprints, voice patterns, retinal scans, DNA sequences (if you've used any ancestry service, we have it), and your unique typing rhythm.

3. YOUR PRIVACY RIGHTS

We may deny requests if: they're too burdensome, too frequent, insufficiently verified, or if we simply don't want to comply. We'll cite a legal exception either way.

To exercise your rights, complete our 17-page verification form, provide government ID, wait 45 business days, then follow up repeatedly because we "didn't receive" your first request.

4. CHILDREN'S PRIVACY

Age verification consists of asking users to confirm they're old enough, which has never failed because no child has ever lied about their age online.

Teen users (13-17) receive all the privacy protections of adults, meaning minimal protections, but with more colorful UI elements.

We comply with COPPA by having a policy that mentions COPPA. Beyond that, our compliance is best described as "theoretical."

5. CHANGES TO THIS POLICY

We may update this Privacy Policy occasionally, which means whenever we find new ways to monetize your data that require legal cover.

We recommend reviewing this policy regularly, perhaps as part of your morning routine. Coffee, news, and despair about your eroding privacy.

Your continued use after changes constitutes acceptance. Your discontinued use also constitutes acceptance of pre-change terms. Schrödinger's consent.

6. HOW WE COLLECT INFORMATION

Location data is collected continuously, even when you think it's off. Your phone knows where you are, and now we do too. That "approximate location" is accurate to within 3 meters.

We use device fingerprinting to identify you even when you clear cookies, use incognito mode, or throw your computer into a lake. Your hardware betrays you.

Cookies, pixels, beacons, and trackers follow you across the internet like a persistent ex. Our partners' trackers do too. It's a whole tracking party, and you're the guest of honor.

7. HOW WE USE YOUR INFORMATION

To personalize your experience, meaning we manipulate what you see to encourage behaviors that benefit us, disguised as "relevance" and "convenience."

For marketing purposes, including: targeted ads, personalized offers, psychological nudging, dark patterns, and A/B tests where you're always in the group that makes us more money.

To comply with legal obligations, respond to law enforcement requests (with varying levels of resistance depending on jurisdiction and news coverage), and protect our legal interests.

To develop new products by mining your data for insights, training AI models on your content, and identifying market opportunities in your personal struggles.

8. INFORMATION SHARING

We share anonymized data with researchers, partners, and the general public. "Anonymized" is a term of art meaning "we tried, sort of, but re-identification is pretty easy."

International transfers occur because data flows freely across borders, even if privacy protections don't. Your data may end up in countries whose privacy laws fit on a napkin.

We may share data in connection with: mergers, acquisitions, bankruptcies, asset sales, or any corporate event that makes lawyers happy. Your data is an asset we can sell.

"Trusted third parties" is a term we use to describe companies we've done business with, regardless of their actual trustworthiness or data handling practices.

9. DATA RETENTION

Retention periods vary by data type: transaction records (7 years), behavioral data (until it's worthless), biometric data (until you look different), everything else (forever).

We retain your data for as long as necessary, which means forever, because data might become valuable and storage is cheap.

Questions? Comments? Resignation about the state of digital privacy? We're here to listen, mostly because we've already recorded everything.