.png&w=828&q=75)
Legal
Privacy Policy
Last Updated: May 29, 2026
Effective Date: May 29, 2026
1. Introduction
This Privacy Policy (“Policy”) describes how SuitCycle, operated by SuitCycle LLC, a limited liability company organized under the laws of the State of Indiana (“SuitCycle,” “we,” “us,” or “our”), collects, uses, discloses, and protects your personal information when you access or use the SuitCycle website located at suitcycle.shop, including any related subdomains, mobile interfaces, features, and services we provide (collectively, the “Platform”).
SuitCycle is an online marketplace that allows registered users to list, buy, and sell new and pre-owned technical competitive swimwear (“tech suits”) and related items. This Policy applies to all visitors, registered users, buyers, and sellers who access or interact with the Platform in any capacity.
By creating an account, accessing, or using the Platform, you acknowledge that you have read and understood this Privacy Policy. This Policy is incorporated into and subject to our Terms of Service. Capitalized terms not defined in this Policy have the meanings given in our Terms of Service.
2. Information We Collect
We collect information in three ways: information you provide to us directly, information collected automatically when you use the Platform, and information we receive from third parties.
2.1 Information You Provide
Account Information. When you register, we collect your name, email address, and a password. You may also provide a display name and upload a profile picture. If you choose to sign in using a third-party authentication provider such as Google, we receive basic profile information from that provider, which typically includes your name, email address, and profile image. We do not receive your password or other credentials from the third-party provider.
Team Information. If you apply to create a team through SuitCycle Teams, we collect your name, email address, team or club name, and any information you include in your application. If you join a team as a member, we associate your account with that team and record your membership, role, and the date you joined.
Seller Information. To list an item for sale, you must provide a shipping address (used as the origin for shipping rate calculation and label generation). If you opt into SuitCycle Pro or receive payouts, we collect additional information required by our payment processor, which may include your legal name, date of birth, address, bank account details, and tax identification number (such as a Social Security Number or Employer Identification Number). This information is collected by and stored with our payment processor, Stripe, and is not stored on SuitCycle’s own servers.
Listing Information. When you create a listing, you provide product details such as brand, size, suit type, age category, condition (SuitScore tier), description, asking price, and photographs of the item.
Buyer Information. When you make a purchase, you provide a shipping address for delivery. Payment information (such as credit card or debit card details) is collected and processed directly by our payment processor, Stripe, and is not transmitted to or stored on SuitCycle’s own servers.
Communications. When you send messages to other users through the Platform’s messaging system (including team group chats), contact our support team, submit a report, or open a dispute, we collect the content of those communications, including any photographs or images you attach. Disputes, reports, and support tickets may include uploaded photo evidence (up to five images), which we collect and store to investigate and resolve the matter.
Reviews and Ratings. When you leave a review or rating for another user following a transaction, we collect the content of that review, including the rating, written feedback, and the categories you rate.
Two-Factor Authentication. When you authenticate on a new device, we collect and temporarily store a verification code sent to your email address. We also store a record of your trusted devices (a device identifier and the date it was authorized) to streamline future logins.
Membership and Billing. If you subscribe to SuitCycle Pro, we collect your subscription selection (monthly or annual) and billing history. Payment details for subscriptions are collected and processed by Stripe.
Referral Information. If you participate in our referral program, we associate your unique referral code with any new accounts that register using it.
Support Requests. When you submit a support ticket through our contact form, we collect your name, email address, the reason category you select, the content of your inquiry, and any photos you attach (up to five images).
2.2 Information Collected Automatically
When you access or use the Platform, certain information is collected automatically through cookies and similar technologies:
Device and Usage Information. We collect information about the device and browser you use to access the Platform, including your IP address, browser type and version, operating system, referring URL, pages viewed, and the dates and times of your visits.
Session Information. We use session cookies to maintain your authenticated state after login. Our authentication system (NextAuth) stores a session token in an HTTP-only cookie on your browser.
Error and Performance Data. We use Sentry, a third-party error-tracking service, to collect diagnostic information when errors occur on the Platform. This may include technical details about the error, the page where it occurred, and limited device or browser information. This data is used solely for identifying and resolving technical issues.
Hosting and Infrastructure Data. Our hosting provider, Vercel, may collect standard server access logs including IP addresses, request timestamps, and page URLs as part of normal web hosting operations.
2.3 Information from Third Parties
Payment Processor. Stripe may provide us with limited transaction information, such as confirmation that a payment was successful, the transaction amount, and a partial card identifier (e.g., the last four digits). We do not receive or store your full payment card details.
Shipping Provider. Shippo, our shipping integration partner, provides us with shipping rates, tracking numbers, tracking status updates, and delivery confirmation information associated with your orders.
Authentication Provider. If you sign in using Google, Google provides us with basic profile information (such as your name, email address, and profile image) to create or access your account. We do not receive your Google password.
3. How We Use Your Information
We use the information we collect for the following purposes:
To Operate the Marketplace. Processing transactions, facilitating communication between buyers and sellers, generating shipping labels, calculating shipping rates, and managing order fulfillment and delivery tracking.
To Manage Your Account. Creating and maintaining your account, authenticating your identity (including two-factor authentication and trusted device management), processing subscription billing for SuitCycle Pro, and managing your referral code and vouchers.
To Operate SuitCycle Teams. Processing team applications, managing team membership and rosters, applying team-based fee discounts, attributing qualifying purchases to a team, calculating and tracking coach revenue-share earnings, and operating team group chats.
To Communicate with You. Sending transactional emails related to your account and orders (order confirmations, shipping notifications, delivery reminders, review prompts, two-factor authentication codes, password resets, dispute updates, and support responses). These communications are sent through Resend, our email delivery provider, from noreply@suitcycle.shop. We may also send Pro membership communications such as welcome emails, voucher notifications, and billing updates.
To Enforce Our Policies. Reviewing reported content (listings, messages, profiles, and reviews), investigating potential violations of our Terms of Service or community guidelines, issuing warnings, and taking enforcement actions such as content removal, account restriction, or account suspension.
To Provide Customer Support. Responding to support tickets, resolving disputes between buyers and sellers under our Buyer Protection program, and processing refunds.
To Improve the Platform. Monitoring for and resolving errors and technical issues (via Sentry), analyzing usage patterns to improve functionality, and developing new features.
To Comply with Legal Obligations. Fulfilling tax reporting requirements (such as issuing IRS Form 1099-K to sellers who meet applicable thresholds), responding to legal process, and complying with applicable laws and regulations.
4. How We Share Your Information
We do not sell your personal information, and we do not share your personal information with third parties for their own advertising or marketing purposes. We share your information only in the following circumstances:
4.1 With Other Users
When you participate in the marketplace, certain information is shared with other users as a necessary part of the transaction:
- Sellers can see your shipping address after you complete a purchase so they can ship the item.
- Buyers can see the seller’s display name, profile picture, public profile (including seller ratings and active listings), and general shipping origin (city and state, as displayed by the shipping rate calculator).
- Messaging participants can see your display name and profile picture within the Platform’s messaging system.
- Team members and coaches. If you join a team, the team’s coach and assistant coaches can see your display name, profile picture, and the date you joined through the team roster. Coaches cannot see your purchase history, payment details, or other personal financial information. Messages you post in a team group chat are visible to all active members of that team. If a team is set to public, the team’s profile page displays the team name, description, coach name, member count, and members’ active listings to anyone who views it; teams set to private do not display a member list.
- Public profile information — including your display name, profile picture, member-since date, seller ratings, and active listings — is visible to all visitors of the Platform.
4.2 With Service Providers
We share your information with third-party service providers who perform services on our behalf. These providers are contractually obligated to use your information only to provide services to us and in accordance with this Policy.
| Provider | Service | Information Shared |
|---|---|---|
| Stripe | Payment processing, seller payouts, subscription billing | Name, email, payment details (collected directly by Stripe), bank account and tax ID for sellers, transaction amounts |
| Shippo | Shipping rate calculation, label generation, tracking | Sender and recipient names and shipping addresses, package dimensions and weight |
| Resend | Transactional email delivery | Email address, name, and the content of transactional emails (order updates, verification codes, support responses, etc.) |
| Supabase | Database hosting, file storage (profile pictures and listing images) | Account data, listing data, order data, messages, profile pictures, listing photographs |
| Sentry | Error tracking and diagnostics | Technical error data, browser and device information, IP address |
| Vercel | Web hosting and deployment | Standard server access logs (IP address, request URLs, timestamps) |
| Optional third-party sign-in (OAuth) | Authentication request and basic profile information, only if you choose to sign in with Google |
4.3 For Legal Reasons
We may disclose your information if we believe in good faith that disclosure is necessary to: comply with applicable law, regulation, or legal process (such as a subpoena or court order); protect the rights, property, or safety of SuitCycle, our users, or the public; detect, prevent, or address fraud, security issues, or technical problems; or enforce our Terms of Service.
4.4 In a Business Transfer
If SuitCycle is involved in a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Platform before your information becomes subject to a different privacy policy.
6. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes described in this Policy, maintain your account, comply with legal obligations, resolve disputes, and enforce our agreements.
Account Data. Retained for as long as your account remains active. If you request account deletion, we will delete or anonymize your personal information within thirty (30) days, subject to the exceptions below.
Transaction Records. Order history, payment records, and related transaction data are retained for a minimum of seven (7) years after the transaction date to comply with tax reporting and financial record-keeping obligations.
Communications. Messages exchanged between users through the Platform’s messaging system are retained for as long as the associated accounts remain active. Support ticket records are retained for a minimum of three (3) years.
Listings. Active listing data is retained for as long as the listing is live. Sold or expired listing data is retained as part of the transaction record.
Error Logs. Diagnostic and error-tracking data collected by Sentry is retained according to Sentry’s data-retention settings, typically 90 days.
Trusted Device Records. Records of trusted devices are retained until the device authorization expires (90 days of inactivity) or the user revokes the trusted device.
Team Data. Team membership records, rosters, and coach earnings/attribution records are retained for as long as the team is active. If you leave a team or a team is dissolved, related records may be retained as part of transaction and earnings history for the period required by our financial record-keeping and tax obligations.
Draft Listings. Incomplete draft listings are automatically deleted after 30 days.
Cart Data. Items in a user’s cart are automatically removed after 30 days.
Post-Deletion Retention. Even after account deletion, we may retain certain information where required by law (such as tax records), where necessary to resolve an ongoing dispute, or in anonymized or aggregated form that cannot reasonably be used to identify you.
7. Data Security
We implement reasonable administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:
- Passwords are hashed and salted before storage; we never store plaintext passwords.
- Authentication sessions use HTTP-only, secure cookies to prevent client-side script access.
- Two-factor authentication is enforced on new or unrecognized devices.
- Verification codes expire after 10 minutes and are single-use.
- Payment card information is collected and processed directly by Stripe (a PCI DSS Level 1 certified payment processor) and never touches SuitCycle’s servers.
- The Platform is served over HTTPS (TLS encryption in transit) via Vercel.
- Database access is restricted and managed through Supabase’s infrastructure security controls.
- Profile pictures and listing images are stored in access-controlled storage buckets.
- Administrative functions are restricted to authorized personnel and protected by role-based access controls.
No method of electronic transmission or storage is completely secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately.
8. Children’s Privacy
SuitCycle is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. The age categories available on listings (such as “12 and Under” and “13 and Over”) refer to the intended fit of the swimwear product based on World Aquatics (FINA) competition categories, not to the age of the user creating the account or making a purchase.
If you are under the age of 13, you may not create an account or use the Platform. If you are between the ages of 13 and 17, you may use the Platform only with the involvement and consent of a parent or legal guardian.
If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe a child under 13 has provided personal information to us, please contact us at the address provided in Section 13 of this Policy.
9. Your Privacy Rights
Depending on your jurisdiction, you may have certain rights regarding your personal information. SuitCycle is committed to honoring applicable privacy rights and provides the following mechanisms for exercising them.
9.1 Rights Available to All Users
Regardless of your location, all SuitCycle users may:
- Access your personal information by logging into your account and reviewing your profile, listings, orders, messages, and account settings.
- Update or correct your personal information through your account settings.
- Delete your account by contacting our support team. Upon account deletion, we will delete or anonymize your personal information in accordance with the retention periods described in Section 6.
- Revoke trusted devices through your account security settings.
9.2 California Residents — CCPA/CPRA
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”), provides you with the following additional rights:
Right to Know. You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collecting it, and the categories of third parties with whom we share it.
Right to Delete. You have the right to request deletion of your personal information, subject to certain legal exceptions (such as tax record-keeping requirements).
Right to Correct. You have the right to request correction of inaccurate personal information.
Right to Non-Discrimination. We will not discriminate against you for exercising your CCPA rights.
Right to Opt Out of Sale or Sharing. SuitCycle does not sell your personal information and does not share it for cross-context behavioral advertising purposes. Because we do not engage in these practices, there is no need to opt out, but we disclose this for transparency.
Categories of Personal Information Collected (per CCPA definitions):
| CCPA Category | Examples from SuitCycle |
|---|---|
| Identifiers | Name, email address, account username, IP address, device identifiers |
| Customer Records (Cal. Civ. Code 1798.80) | Name, address, phone number (if provided), payment information (via Stripe) |
| Commercial Information | Purchase and selling history, listing details, cart contents |
| Internet or Electronic Network Activity | Browsing history on the Platform, pages viewed, error logs |
| Geolocation Data | General location derived from IP address; shipping addresses |
| Professional Information | Not collected |
| Education Information | Not collected |
| Inferences | Not generated |
| Sensitive Personal Information | Account login credentials; precise geolocation (shipping address) |
To exercise your CCPA rights, contact us using the information in Section 13. We will verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf.
9.3 European Economic Area, United Kingdom, and Switzerland — GDPR
If you are located in the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland, the General Data Protection Regulation (“GDPR”) and equivalent local laws provide you with the following rights:
Right of Access. You have the right to obtain confirmation of whether we process your personal data and to access that data.
Right to Rectification. You have the right to correct inaccurate or incomplete personal data.
Right to Erasure (“Right to Be Forgotten”). You have the right to request deletion of your personal data, subject to legal exceptions.
Right to Restriction of Processing. You have the right to request that we restrict processing of your personal data in certain circumstances.
Right to Data Portability. You have the right to receive your personal data in a structured, commonly used, machine-readable format.
Right to Object. You have the right to object to processing of your personal data based on legitimate interests.
Right to Withdraw Consent. Where processing is based on consent, you have the right to withdraw consent at any time.
Legal Bases for Processing.
Performance of a Contract. Processing necessary to fulfill our obligations under the Terms of Service (account management, transaction processing, shipping, dispute resolution).
Legitimate Interests. Processing necessary for the security, improvement, and operation of the Platform (error tracking, fraud prevention, policy enforcement), where those interests are not overridden by your rights.
Legal Obligation. Processing necessary to comply with applicable laws (tax reporting, legal process).
Consent. Where required (e.g., non-essential cookies, marketing communications if applicable).
International Data Transfers. SuitCycle is based in the United States. If you are located outside the United States, your personal data will be transferred to and processed in the United States. We rely on standard contractual clauses, adequacy decisions, or other approved transfer mechanisms where required by applicable law.
To exercise your GDPR rights, contact us using the information in Section 13. You also have the right to lodge a complaint with your local data protection authority.
10. Third-Party Links and Services
The Platform may contain links to third-party websites, services, or resources that are not operated or controlled by SuitCycle. This includes links to carrier tracking pages (such as USPS, UPS, or FedEx), payment processor interfaces (Stripe), and other external resources referenced in our Help Center or communications.
We are not responsible for the privacy practices of any third-party websites or services. We encourage you to review the privacy policies of any third-party service before providing personal information to them.
11. Do Not Track Signals
Some web browsers transmit “Do Not Track” (DNT) signals to websites. There is currently no universally accepted standard for how websites should respond to DNT signals. At this time, SuitCycle does not respond to DNT signals. If a uniform standard is adopted, we will update this Policy to reflect our practices accordingly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated Policy on the Platform with a revised “Last Updated” date and, where appropriate, by sending you an email notification.
Your continued use of the Platform after the effective date of a revised Policy constitutes your acknowledgment of the changes. We encourage you to review this Policy periodically. If you disagree with any changes, you should discontinue use of the Platform and contact us to request deletion of your account.
13. Contact Us
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a privacy concern, you may contact us at:
SuitCycle LLC
5534 St Joe Rd
Fort Wayne, IN 46835