Privacy Policy
Last updated: March 2026
1. Who we are
Martiqo is a global marketplace operating within the European Union. We are subject to the General Data Protection Regulation (GDPR).
Data controller contact: [email protected]
2. Information we collect
| Data | How collected | Purpose |
|---|---|---|
| Name & email address | Account registration (email/password or Google OAuth) | Authentication, order notifications, invoices |
| Profile picture | Google OAuth (optional) | Display within the platform |
| Delivery address | Order checkout | Order fulfillment and seller reporting |
| IP address | Automatically recorded on listing and shop page views | Geographic analytics for sellers (country & city of visitor). Not used for advertising or user profiling. |
| Browser User-Agent | Automatically recorded on listing and shop page views | Device-type classification (desktop / phone / tablet) for seller analytics. Not used for browser fingerprinting or cross-site tracking. |
| Browser language preference | Accept-Language header on listing and shop page views | Improves accuracy of unique visitor counting. Not stored individually beyond the anonymised visitor fingerprint. |
| Payment information | Stripe (we never store card data) | Processing payments between buyers and sellers |
| Invoice identity data | Manually entered by shop owners | Generating platform fee invoices |
3. IP address and geographic analytics
When you view a product listing or a seller shop page on Martiqo, we record your IP address, browser User-Agent string, and browser language preference (Accept-Language header). This data is used exclusively to provide anonymised traffic analytics to the seller — specifically the country and city of origin, and whether the visit came from a desktop, phone, or tablet device.
Geographic resolution is performed locally using the MaxMind GeoLite2-City database, which is stored on our own servers. No data is transmitted to MaxMind or any third party during this lookup.
Raw IP addresses and User-Agent strings are retained for a maximum of 14 months, after which they are automatically and permanently deleted. Aggregated monthly statistics derived from this data — which contain no IP address, User-Agent, or any other personal identifier — are retained indefinitely to provide sellers with historical performance trends.
The legal basis for this processing is our legitimate interest (GDPR Art. 6(1)(f)) in providing sellers with traffic analytics to improve their listings. This processing does not result in any automated decision-making or profiling of individual users, and the data is never used for advertising or shared with third parties.
4. How we use your information
- Authenticate you via Google Sign-In or email/password.
- Personalize your experience (display your name & avatar).
- Process orders and payments between buyers and sellers.
- Send order status and payment notifications by email.
- Generate platform fee invoices and subscription receipts.
- Provide sellers with anonymised traffic and conversion analytics.
- Improve the platform by analysing aggregate usage patterns.
We do not sell your data, use it for advertising, or share it with partners except as strictly required to deliver the service (Stripe for payments, Google for OAuth, Cloudflare for CDN and image hosting).
5. Third-party processors
- Stripe — payment processing. Stripe's privacy policy applies to payment data.
- Google — OAuth authentication (if used). Google's privacy policy applies.
- Cloudflare — CDN and image storage. IP addresses pass through Cloudflare's network.
- MaxMind GeoLite2 — geo database stored locally on our servers. No data is transmitted to MaxMind during IP lookups.
6. Data retention
- Account profile and order history — retained until you delete your account.
- Raw IP addresses and User-Agent strings — automatically deleted after 14 months.
- Aggregated analytics (no personal data) — retained indefinitely.
- Stripe payment records — subject to Stripe's retention policies and applicable financial regulations.
7. Your rights
Under GDPR you have the right to access, rectify, erase, restrict, and port your personal data. You also have the right to object to processing based on legitimate interest. To exercise any of these rights, email [email protected]. We will respond within 30 days.
If you believe we have not handled your data correctly, you have the right to lodge a complaint with the data protection supervisory authority in your country of residence.