Privacy Policy

Last updated: June 10, 2025

1. Introduction

Zelkra ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services. This policy complies with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Information We Collect

2.1 Personal Information

  • Name and contact information (email address, phone number)
  • Account credentials (username, password)
  • Payment information (processed securely through Stripe)
  • Profile information and preferences
  • Communication history and support requests

2.2 Usage and Analytics Data

  • Website usage patterns and interactions
  • Device information (type, browser, operating system)
  • IP address and approximate location
  • Pages visited, time spent, and navigation patterns
  • Search queries and preferences
  • Cookie data and tracking identifiers

2.3 Business Information

  • Listing details and descriptions
  • Business metrics and performance data
  • Transaction history and escrow information
  • Reviews and ratings

3. Cookies and Tracking Technologies

3.1 Types of Cookies We Use

Necessary Cookies

Essential for website functionality, including authentication, security, and basic operations. These cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website through Google Analytics. Data is anonymized and aggregated.

Marketing Cookies

Used to deliver relevant advertising and track campaign performance. Requires explicit consent.

3.2 Cookie Management

You can manage your cookie preferences through our cookie banner or browser settings. Note that disabling certain cookies may affect website functionality.

4. How We Use Your Information

  • Provide and maintain our marketplace services
  • Process transactions and manage escrow services
  • Communicate with you about your account and transactions
  • Improve our website and services through analytics
  • Prevent fraud and ensure security
  • Comply with legal obligations
  • Send marketing communications (with consent)

5. Legal Basis for Processing (GDPR)

  • Contract: Processing necessary to fulfill our service agreement
  • Legitimate Interest: Improving services, fraud prevention, analytics
  • Consent: Marketing communications, non-essential cookies
  • Legal Obligation: Compliance with applicable laws and regulations

6. Information Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

  • Service Providers: Trusted third parties (Stripe, hosting providers, analytics)
  • Business Transfers: In case of merger, acquisition, or asset sale
  • Legal Requirements: When required by law or to protect rights and safety
  • With Consent: When you explicitly agree to sharing

7. Data Security

We implement industry-standard security measures including encryption, secure servers, access controls, and regular security audits. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

8. Data Retention

  • Account Data: Retained while your account is active
  • Transaction Records: 7 years for legal and tax purposes
  • Analytics Data: Aggregated data retained for 26 months
  • Marketing Data: Until you withdraw consent

9. Your Rights (GDPR and Other Privacy Laws)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a structured format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interest
  • Withdraw Consent: Revoke consent for marketing or cookies

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction. We ensure adequate protection through standard contractual clauses and other approved mechanisms.

11. Children's Privacy

Our services are not intended for children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Third-Party Services

  • Stripe: Payment processing - see Stripe's privacy policy
  • Google Analytics: Website analytics - data anonymized
  • Email Services: Transactional and marketing emails

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of our services constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: