Minimal buyer profiles
Google sign-in can be added without collecting addresses, phone numbers, or government IDs during discovery.
Privacy and security posture
Trust is part of the product, not a settings page.
The app is designed to coordinate transfers without becoming an unnecessary permanent paper trail. These are the defaults the implementation is built around.
Short-lived transfer details
Product URLs and request notes belong in a retention-limited table with a scheduled purge job.
Private FFL verification
License uploads should be stored outside the public app, reviewed by admins, then reduced to verification status and audit metadata.
Clear disclosure boundaries
FFLs receive the product URL and buyer reply email first. More sensitive pickup details should be shared only after approval.