Privacy Policy
Last updated: March 2026
1. Data Controller
Eleplated operates this marketplace platform. For all data protection enquiries, please contact us at contact@eleplated.shop.
2. Data We Collect
We collect the following categories of personal data when you use Eleplated:
- Profile information — name, email address, profile photo, and business details you provide on registration.
- Listing data — photos, descriptions, pricing, and condition details for items you list for sale.
- Messages — in-platform communications between buyers and sellers.
- Transaction data — purchase history, payment references, and shipping or pickup arrangements.
- Usage data — pages visited, search queries, device information, and IP address for analytics and fraud prevention.
3. Purposes and Legal Basis
| Purpose | Legal basis |
|---|---|
| Operating the marketplace | Performance of contract (Art. 6(1)(b) GDPR) |
| Processing payments | Performance of contract (Art. 6(1)(b) GDPR) |
| Fraud prevention and security | Legitimate interest (Art. 6(1)(f) GDPR) |
| Analytics and product improvement | Legitimate interest (Art. 6(1)(f) GDPR) |
| Transactional email notifications | Performance of contract (Art. 6(1)(b) GDPR) |
| Marketing communications | Consent (Art. 6(1)(a) GDPR) |
4. Data Retention
We retain your personal data for as long as your account is active. After account deletion, we retain data for up to 2 years for legal, fraud prevention, and dispute resolution purposes. Anonymised analytics data may be retained indefinitely.
5. Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request correction of inaccurate or incomplete data.
- Right to erasure — request deletion of your data where no legal basis for retention exists.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interest, including direct marketing.
- Right to restrict processing — request that we limit how we use your data in certain circumstances.
To exercise any of these rights, contact us at contact@eleplated.shop. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.
6. Cookies
We use the following categories of cookies:
- Functional cookies — required for authentication, session management, and core platform features. These cannot be disabled without breaking the service.
- Analytics cookies (PostHog) — used to understand how users interact with the platform. Data is anonymised and processed on EU infrastructure.
- Error monitoring (Sentry) — captures technical errors to help us maintain service reliability.
You can manage your cookie preferences via the banner shown on your first visit.
7. Third-Party Processors
We share data only with processors necessary to operate the platform:
- Supabase — database and authentication infrastructure, hosted within the EU.
- Stripe— payment processing. Subject to Stripe's own privacy policy and PCI-DSS compliance.
- Resend — transactional email delivery for notifications and receipts.
- PostHog — product analytics with EU data residency.
- Sentry — application error monitoring.
All processors are bound by data processing agreements and comply with GDPR requirements.
8. Contact
For any questions about this policy or our data practices, contact us at contact@eleplated.shop.