Privacy Policy (GDPR)

1. Data Controller

This website is managed by [OWNER_NAME], based in France.

Contact for privacy requests: [CONTACT_EMAIL]

2. Data We Collect

• Identity data: name, email, account details.
• Order data: shipping address, purchased items, order status.
• Payment data: processed by Stripe (we do not store full card data).
• Technical/security data: IP-based location, timestamps, and basic request metadata for fraud prevention and platform safety.

3. Why We Process Data

• To provide marketplace services and fulfill orders.
• To process payments and payouts.
• To prevent fraud, abuse, and unauthorized access.
• To comply with legal and tax obligations.

4. Legal Bases (GDPR)

• Contract performance (order and account operations).
• Legal obligation (accounting/compliance).
• Legitimate interest (security, abuse prevention, service reliability).
• Consent where required by law.

5. Data Processors

We use third-party processors including Stripe (payments), Vercel (hosting), and Redis database providers. These providers process data under their own compliant terms.

6. Data Retention

We keep data only as long as necessary for service delivery, legal obligations, and dispute resolution. Retention periods should be finalized in your internal policy.

7. Your Rights

Under GDPR, you may request access, correction, deletion, restriction, portability, or objection to processing. You may also lodge a complaint with the CNIL in France.