Privacy Policy

This Privacy Policy explains how Listingator.com (“we”, “us”, “our”) collects, uses, and protects personal data when you use our web application. We aim to comply with the EU General Data Protection Regulation (GDPR).

1. Who we are

Data Controller: Oleksandr Dordiuk, conducting business activity under the name “Listingator – Oleksandr Dordiuk”, operating the online service Listingator.com, entered in the Central Registration and Information on Economic Activity (CEIDG) register, Poland.
NIP: 8943245363, REGON: 529825656.
Contact for privacy matters: contact@listingator.com.
The correspondence address will be published once available.

2. Data we process

• Account data: email, name (if provided), and technical authentication tokens.
• Listing data: title, description, price, quantity, tags, product type, listing status, and one image per listing.
• Template data: saved listing templates (title, description, price, quantity, tags, product type) for quick listing creation.
• Subscription data: subscription plan type, status, limits (number of listings and templates), and usage statistics.
• Payment data: we do NOT store credit card numbers or full payment details. Payment processing is handled by Stripe, which stores your payment information securely. We only receive a subscription status and customer identifier from Stripe.
• Technical data: IP address, device/browser type, and logs for security and stability.

3. Purposes and legal bases

• Providing the service (creating/editing/storing listings and templates) — performance of a contract (Art. 6(1)(b) GDPR).
• Processing subscriptions and payments (managing your subscription plan, enforcing usage limits) — performance of a contract (Art. 6(1)(b) GDPR).
• Security and abuse prevention — our legitimate interests (Art. 6(1)(f) GDPR).
• Account communications (system emails, password reset, subscription notifications) — performance of a contract (Art. 6(1)(b) GDPR).
• Compliance with legal obligations (tax records, invoicing) — legal obligation (Art. 6(1)(c) GDPR).

4. Sources of data

We obtain personal data directly from you when you register and use the application forms.

5. Recipients / processors

• Supabase — database (Postgres), object storage for files, and authentication.
• Stripe — payment processing, subscription management, and secure storage of payment methods. Stripe Inc., 510 Townsend Street, San Francisco, CA 94103, USA. Stripe is PCI DSS compliant and uses Standard Contractual Clauses for international data transfers.
• Vercel — frontend hosting and delivery of the application's static assets.

We do not sell personal data and we do not share it with advertising networks.

6. International transfers

Data may be processed outside the EU/EEA depending on our providers’ infrastructure. Where applicable, appropriate safeguards are used (e.g., Standard Contractual Clauses).

7. Retention

• Account: for as long as your account is active. You can delete your account at any time via the "Account" page settings. Upon deletion, we permanently erase your personal data and associated content (listings, images, etc.) immediately or within up to 30 days (unless we must retain specific data by law).
• Listings, templates, and images: for as long as they remain in your account or until you delete them.
• Subscription and payment data: for as long as your subscription is active, plus up to 7 years after termination for accounting and tax compliance purposes.
• Security logs: typically up to 90 days.

8. Your rights

You have the right to access, rectification, erasure, restriction, objection, data portability, and to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with a supervisory authority.

9. Security

We implement technical and organizational measures such as TLS, access controls, and backups. No online service can guarantee absolute security.

10. Cookies and local storage

We use technically necessary cookies/tokens for session and interface functionality. No analytics or marketing cookies are used at this time.

11. Payment processing (Stripe)

For paid subscriptions, we use Stripe as our payment processor. When you subscribe to a paid plan:

• You are redirected to Stripe's secure checkout page where you enter your payment information directly.
• We do NOT see or store your credit card numbers, CVV codes, or full payment details.
• Stripe securely stores your payment method and processes recurring subscription payments.
• We receive only: subscription status (active/canceled), plan type, customer identifier, and billing cycle information.
• You can manage your payment methods and cancel subscriptions through the Stripe Customer Portal, accessible from your account settings.

Provider: Stripe Inc., 510 Townsend Street, San Francisco, CA 94103, USA. Stripe is certified as PCI Service Provider Level 1, the highest level of security certification in the payments industry. For data transfers outside the EEA, Stripe uses Standard Contractual Clauses approved by the European Commission.

Learn more: Stripe Privacy Policy

12. Analytics

We use Vercel Analytics to collect basic usage metrics (page views, page load times, country, device/browser type). This helps us understand performance and improve the service.

Vercel Analytics does not use cookies and does not create individual user profiles. Information is processed in aggregated and anonymized form.

Provider: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Data may be processed on servers in the USA or the EU. Vercel relies on Standard Contractual Clauses for data transfers outside the EEA.

13. Children's data

The service is not intended for individuals under 16 years of age. We do not knowingly collect their data.

14. Changes to this Policy

We may update this Policy. The new version becomes effective upon publication on this page. For material changes, we will notify you in the app or via email.

15. Contact

Privacy contact: contact@listingator.com.
Data Controller: Listingator – Oleksandr Dordiuk.