Eburutu Mart
Back to Home

Privacy Policy

Last updated: 7 April 2025

1. Who We Are

EburutuMart (we, us, our) is a free online marketplace connecting buyers and sellers within the African diaspora community. EburutuMart is operated as a sole trader / small business based in the United Kingdom.

Data Controller contact: info@eburutumart.com

We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Data We Collect

We collect only the data necessary to operate the marketplace:

  • Account registration: your name and email address.
  • Seller profiles: business/display name, a short bio, and an optional profile avatar you upload.
  • Listings: product titles, descriptions, prices, category, location (city / region only), and listing images you upload.
  • Communications: messages sent between buyers and sellers through the platform.
  • Technical data: server logs (IP address, browser type, pages visited) retained automatically by Hostinger and basic aggregate traffic statistics.

What we do NOT collect:

  • Payment card details or bank information — EburutuMart does not process payments.
  • Government-issued ID numbers.
  • Sensitive personal data (race, health, religion, etc.) — please do not submit these.

3. How We Use Your Data

PurposeLegal Basis (UK GDPR)
Create and manage your accountContract (Art. 6(1)(b))
Display listings and seller profiles to buyersContract (Art. 6(1)(b))
Send transactional emails (email verification, password reset)Contract (Art. 6(1)(b))
Facilitate buyer–seller messagingContract (Art. 6(1)(b))
Prevent fraud and abuseLegitimate interests (Art. 6(1)(f))
Comply with legal obligationsLegal obligation (Art. 6(1)(c))
Improve the platform using aggregate analyticsLegitimate interests (Art. 6(1)(f))

4. Cookies & Tracking

We use only the following cookies:

  • Session cookie — keeps you logged in during your visit (essential, deleted when you close your browser or log out).
  • CSRF token — protects form submissions from cross-site attacks (essential, session-scoped).

We do not use advertising cookies, Facebook Pixel, Google Analytics, or any third-party tracking scripts.

5. Third-Party Services

We share data with the following trusted processors only to the extent necessary:

  • Hostinger — website hosting and server infrastructure.
  • Supabase — cloud database and file storage. Supabase is SOC 2 Type II certified.

We do not sell, rent, or share your personal data with any other third parties for marketing purposes.

6. Data Retention

  • Active accounts: data is retained for as long as your account is open.
  • Deleted accounts: personal data is erased within 30 days of account deletion, except where retention is required by law.
  • Server logs: retained for up to 90 days for security purposes.
  • Email verification tokens: expire and are deleted within 24 hours of creation.

7. Your Rights Under UK GDPR

You have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten") — ask us to delete your data.
  • Restriction — ask us to limit how we use your data.
  • Portability — receive your data in a machine-readable format.
  • Object — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, email us at info@eburutumart.com. We will respond within one calendar month as required by UK GDPR.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection.

8. Data Security

We take reasonable technical and organisational measures to protect your data, including:

  • HTTPS encryption for all data in transit.
  • Passwords are hashed and never stored in plain text.
  • Database access is restricted to authorised application services only.
  • File uploads are stored in private Supabase Storage buckets with signed URLs.

No method of transmission over the internet is 100% secure. In the unlikely event of a data breach that poses a risk to your rights, we will notify you and the ICO within 72 hours as required by law.

9. Children's Privacy

EburutuMart is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, please contact us immediately and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify registered users by email. Continued use of EburutuMart after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

For any privacy-related questions or to exercise your rights, please contact us at:

EburutuMart
Email: info@eburutumart.com