Privacy Policy
GDPR compliant — Last updated: May 2026
1. Data controller
Strainwall ([address to be completed]) is the controller of your personal data. Contact: [email protected]
2. Data collected
We collect: identity and email (via Clerk), transaction history, shipping information provided by sellers, ratings and reviews, and KYC documents where applicable. We do not collect payment data — this is handled directly by Paylike (PCI DSS certified).
3. Purposes
Your data is used for: (i) performance of the service contract (order and escrow management); (ii) fraud prevention (KYC); (iii) transactional communications (Resend); (iv) platform improvement (Umami — GDPR-compliant analytics, cookie-free).
4. Retention periods
Account data: duration of registration + 3 years. Transaction data: 10 years (accounting obligation). KYC data: 5 years after the last transaction. Technical logs: 90 days.
5. Recipients
Your data may be shared with: Clerk (authentication), Supabase (database, EU), Cloudflare (CDN/R2, EU), Paylike (payments, EU), Resend (transactional emails). No data is sold to third parties.
6. Your rights
Under GDPR, you have the following rights:
• Access — obtain a copy of your personal data.
• Rectification — correct inaccurate data.
• Erasure — request deletion of your account and data.
• Restriction — temporarily restrict processing.
• Objection — object to processing based on legitimate interest.
• Portability (Art. 20 GDPR) — receive your data in a structured, machine-readable format (JSON). Available via Import Center → Export my data.
To exercise your rights: [email protected]. You may also contact your national data protection authority.
7. Security
Data is encrypted in transit (TLS 1.3) and at rest. Access is controlled by Row Level Security (Supabase RLS) and strong authentication (Clerk MFA). API keys are stored in environment variables and never exposed client-side.
8. Cookies
Strainwall does not use advertising cookies. A session cookie (HttpOnly, Secure) is used by Clerk for authentication. Umami analytics is cookie-free and collects no personal identifiers.