1. What We Collect
[PLACEHOLDER] We collect information you provide when you create an account (name, email address, password hash), information about your role (seller or buyer), and payment-related metadata passed to us by Stripe (we do not store raw card numbers). We also collect project metadata (project name, status, timestamps), artifact metadata (filename, SHA-256 hash, file size — not file contents in plaintext), audit events (who did what and when in each project), and proof-of-delivery certificate records.
2. How We Use Your Information
[PLACEHOLDER] We use the information we collect to operate and improve the Service; authenticate you and secure your account; facilitate digital delivery workflows between sellers and buyers; generate proof-of-delivery certificates and audit trails; send transactional emails (e.g., invitations, delivery notifications, certificate issuance); process payments via Stripe; and comply with legal obligations.
We do not sell your personal information to third parties. We do not use your data for advertising.
3. Storage and Security
[PLACEHOLDER] Files uploaded to the Service are stored in private, access-controlled cloud storage buckets. Buyers never receive a seller's service credentials or direct bucket access; file delivery is mediated through the platform. Artifacts are identified by their SHA-256 hash; hashes are stored and displayed but the original file is only accessible to authorized parties after the release step.
Database access is governed by row-level security (RLS) policies so that each user can only access records belonging to projects they are part of. Data is encrypted in transit (TLS) and at rest.
4. Third-Party Services
[PLACEHOLDER] We use the following third-party service providers, each of which has its own privacy policy:
Supabase — database, authentication, and file storage infrastructure. Vercel — hosting and edge delivery. Resend — transactional email delivery. Stripe — payment processing (we pass only what Stripe requires; we never store raw card data).
5. Data Retention
[PLACEHOLDER] We retain account data for as long as your account is active and for a reasonable period after closure to comply with legal obligations. Delivery records, audit trails, and proof-of-delivery certificates may be retained indefinitely to support dispute resolution and record-keeping purposes. You may request deletion of your personal data; however, anonymized audit records and certificate records may be retained.
6. Your Rights
[PLACEHOLDER] Depending on your jurisdiction, you may have rights to access, correct, delete, or export the personal data we hold about you; to object to or restrict certain processing; and to withdraw consent where processing is based on consent. To exercise these rights, contact us at [privacy@euploia.com — placeholder]. We will respond within the timeframe required by applicable law.
7. Cookies
[PLACEHOLDER] We use essential session cookies required for authentication and to maintain your logged-in state. We do not currently use tracking or advertising cookies. If this changes, we will update this policy and, where required, seek your consent.
8. Contact
[PLACEHOLDER] For questions about this Privacy Policy or our data practices, contact us at [privacy@euploia.com — placeholder address].