Privacy Policy

Privacy Policy

This Privacy Policy explains how Socvia collects, uses, discloses and protects personal information when you use our website, marketplace and related services (the “Services”). Read carefully. If you do not agree, do not use the Services.

Preface

This Privacy Policy governs how Socvia ehf. and its affiliates collect and process information in connection with the Services. By accessing or using the Services you accept the terms of this Policy. We may update it periodically; substantial changes will be posted with notice.

Children Under the Age of 13

The Services are not directed to children under 13 and we do not knowingly collect personal information from children under 13. If you are under 13, do not provide personal information. If we learn we have collected such information without verified parental consent, we will take reasonable steps to delete it. If you believe we have collected data of a child, contact us immediately.

Data Controller

Where required by applicable law, the data controller for personal information collected through the Services is:

Socvia ehf.
Hafnartorggata 5, 2nd Floor
101 Reykjavík, Iceland

Registered entity responsible for data processing decisions and compliance with Icelandic and EU data protection laws (where applicable).

Short Summary

Quick highlights: We collect information you provide (profile, messages, listings), technical data (IP, device, cookies), and transaction details. We use this data to deliver the Services, secure transactions, prevent fraud, and personalize experiences. We do not sell your personal data. Public content (listings, profiles) is visible to others.

This summary is a short guide — the full policy below contains important details about sharing, retention, cross-border transfer and your legal rights.

Information We Collect

We collect the following categories of information, depending on how you use the Services:

1. Information you provide directly

  • Account registration: name, username, email, phone number (optional), password (hashed), and billing address or tax identifiers if you enable payments or withdrawals.
  • Profile & listings: biography, photos, videos, listing details, metrics you choose to post, and any supporting documents you upload (e.g., verification screenshots, invoices).
  • Communications: messages between users, support tickets, dispute submissions, and other content you send via the Services.

2. Transaction & payment data

When you use purchase or payment features we collect transaction metadata (amounts, currency, timestamps, escrow IDs) and references needed to reconcile payments. Payment card or wallet details are typically processed by third-party payment providers; we store only identifiers and references necessary to manage the transaction.

3. Technical & usage data

  • IP address, approximate geolocation derived from IP, device identifiers, browser, operating system, and screen resolution.
  • Log data such as pages visited, search queries, clicks, timestamps, and feature usage metrics.
  • Cookies, local storage and similar technologies (detailed below).

4. Third-party & public sources

We may enrich and verify data with third-party providers (identity verification, fraud prevention, analytics) or public information (social handles, business registries) to maintain trust and safety on the platform.

Important: any content you publish publicly in listings or profiles becomes visible to the public and is not treated as private data.

How We Collect Information

We collect data directly from you (forms, uploads, messages), automatically via technology (cookies, server logs), and from third parties (payment processors, identity vendors). We describe key mechanisms below:

  • Directly: registration forms, listing creation, messaging, support interactions and uploads.
  • Automatically: cookies, web beacons, server logs, and analytics scripts that track usage and performance.
  • From partners: payment networks, identity verification vendors, ad networks and fraud intelligence providers.

How We Use Your Information

We process personal information for the following purposes and legal bases (where applicable):

Provision of Services

To operate the marketplace, provide features (listings, search, messaging, escrow), process transactions and manage accounts. Legal basis: performance of a contract and legitimate interest.

Fraud prevention & safety

To detect and prevent fraud, abuse and unlawful activity; to investigate and enforce compliance with our terms; and to protect users. Legal basis: legitimate interest and compliance with legal obligations.

Customer support & dispute resolution

To respond to inquiries, handle disputes, provide refunds, and support escrow or transfer processes. Legal basis: performance of contract and legitimate interest.

Communication & marketing

To send transactional messages (order confirmations, security alerts) and — with your consent where required — promotional messages. You can opt out of marketing at any time. Legal basis: consent and legitimate interest for certain communications.

Analytics & product improvement

To analyze usage patterns, improve the Services, and personalize content and recommendations. We aggregate data where possible to reduce privacy risk. Legal basis: legitimate interest.

Sharing Personal Information

We do not sell personal information to third parties. We may share personal information in limited, specific contexts described below:

  • Service providers: vendors that perform services for us (payment processors, hosting, identity verification, analytics). These vendors are contractually limited to use data only as instructed.
  • Transaction counterparties: when you engage in a transaction, necessary details (e.g., shipping or contact email) may be shared with the counterparty to complete the transaction.
  • Legal & safety: to comply with legal processes, enforce our terms, respond to lawful requests, or protect rights, property and safety (including preventing fraud).
  • Business transfers: in the event of a merger, acquisition, reorganization or sale, personal data may be transferred as part of business assets — with notice where required.

We require third parties to implement appropriate technical and organizational safeguards, and we limit their use of data to the purposes we authorize.

Cookies, Local Storage & Tracking

We and our partners use cookies, local storage, and similar technologies to operate the Services and to provide a tailored experience. Below are the types we use:

  • Essential cookies: required for authentication, account security, and the escrow flow.
  • Performance & analytics: collect usage statistics to measure and improve features.
  • Functional: remember preferences and UI settings for a smoother experience.
  • Advertising & targeting: where permitted, used to deliver and measure marketing campaigns.

You may manage cookie preferences via your browser settings. Disabling some cookies may reduce functionality. For instructions on controlling cookies, visit aboutcookies.org.

Pixels, Web Beacons & "Do Not Track"

We use pixel tags and web beacons to measure performance and verify delivery of content. These technologies work with cookies to collect non-identifying information about usage. Our Services do not currently respond to Do Not Track signals from browsers.

Data Security, Integrity & Retention

We implement administrative, technical and physical safeguards designed to protect personal data. Measures include TLS encryption in transit, access controls, periodic security audits, and incident response procedures.

Retention: We retain personal data only as long as necessary for business purposes, legal compliance, fraud prevention, and to resolve disputes. Retention criteria include the nature of the data, contractual requirements, legal obligations and legitimate business needs.

When we delete data, residual copies may remain in backups for a limited period and will be securely deleted in line with our policies.

Third-Party Sites & Embedded Content

Our Services may include links to or embeds of third-party websites, social widgets, or payment providers. These third parties have their own privacy practices. We are not responsible for third-party content or privacy practices — review their policies before sharing personal information.

International Data Transfers

Socvia is based in Iceland and may process, store and transfer personal data across international borders for service delivery and operational needs. Where transfers occur outside the EEA or other protected regions, we rely on appropriate safeguards such as standard contractual clauses, adequacy decisions, or other lawful transfer mechanisms.

Sanctions & Restricted Jurisdictions

We may restrict service availability in countries subject to trade restrictions, sanctions, or export controls. Users in sanctioned jurisdictions may be blocked from using certain Services and financial services may be disabled in accordance with applicable laws.

Your Rights & Choices

Depending on your jurisdiction, you may have rights including access, correction, deletion, restriction of processing, objection to processing (including for direct marketing), and data portability. To exercise rights, contact our privacy team; we will verify identity before fulfilling requests.

Special notices for certain regions

  • California residents: rights under the California Consumer Privacy Act (CCPA) may apply, including the right to know categories of personal information disclosed for business purposes.
  • European residents: under the GDPR you may lodge complaints with a supervisory authority and benefit from additional protections (lawful bases, data minimization).
  • Canadian residents: you can request access and corrections under applicable provincial laws.

Updating, Correcting, Removal & Opt-Out

You can update many account details directly in your account settings. For deletion, export, or suppression requests, contact our privacy team and include sufficient details to identify your account. We may need to retain certain data for legal, tax or fraud prevention purposes even after an account is closed.

Marketing opt-out: You may opt out of promotional emails via the unsubscribe link in marketing messages or via account preferences. Transactional/operational messages (security alerts, receipts) cannot be opted out of.

Dispute Handling, Law Enforcement & Legal Requests

We may need to disclose personal information to respond to lawful requests by public authorities, to comply with court orders or to protect our rights. We will seek to limit requests and notify you where permitted and appropriate. We also cooperate with law enforcement and regulatory authorities as required.

Corporate Changes

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to a successor entity. We will notify affected users where required and take steps to ensure continuity of data protection obligations.

Limitations & Liability

We strive to protect personal information but cannot guarantee absolute security. We are not responsible for damages resulting from unauthorized access to data caused by third parties, acts of God, or failures beyond our reasonable control. Our liability is subject to the terms of the Services and applicable law.

Changes to This Policy

We may amend this Privacy Policy periodically. Material changes will be posted with an updated “Last updated” date and may be notified by email or banner where appropriate. Continued use after publication of a revised policy indicates acceptance of the new terms.

Contact, Complaints & Data Requests

For questions about this Privacy Policy, to exercise your rights, or to report a privacy concern, contact our privacy team:

Privacy Team — Socvia ehf.
Hafnartorggata 5, 2nd Floor
101 Reykjavík, Iceland

Email: privacy@socvia.com

Include your account email and a clear description of your request. We will respond in accordance with applicable law and as promptly as possible.

Effective Date

Last updated: November 12, 2025