Legal
Privacy Policy
MVP placeholder— align with GDPR / local law and your hosting & payment processors before launch.
1. Data we collect
Account data (e.g. email, display name, role), billing and identity fields required for purchases and seller onboarding, usage of the site, and technical logs (IP, user agent) typical for web applications.
2. Purposes
To provide the marketplace, process orders, comply with legal obligations (including tax and anti-fraud), communicate with you, and improve the product.
3. Legal basis (GDPR-style)
Performance of a contract, legitimate interests (security, analytics), and consent where required (e.g. marketing — not used in this MVP unless you add it).
4. Retention
In this MVP, data lives in an in-memory store and resets when the server restarts. Production systems must define retention for orders, invoices, and KYC documents.
5. Third parties
Future payment providers, email, and hosting will be listed here with appropriate sub-processors and transfer mechanisms (e.g. Standard Contractual Clauses).
6. Your rights
Depending on jurisdiction, you may have rights to access, rectify, delete, restrict, port, or object. Contact details for a DPO / privacy contact will be added for production.