Privacy Policy
Last updated: February 2026
1. Who We Are
Nairel is an online marketplace operated from the United Kingdom. This policy explains how we collect, use, store, and protect your personal data when you use our platform at nairel.netlify.app.
2. Data We Collect
Account data: email address, username (handle), and hashed password when you register.
Profile data: seller storefront information, profile details you choose to add.
Transaction data: order history, amounts, product details, and Stripe checkout session IDs. We do not store your full payment card details — these are handled by Stripe.
Communications: messages sent between buyers and sellers on the platform.
Usage data: pages visited, search queries, device type, and IP address for security and analytics.
Listing data: product titles, descriptions, images, and pricing that sellers provide.
3. How We Use Your Data
We use your data to: provide and improve the marketplace; process transactions and payouts; communicate with you about orders, disputes, and account activity; prevent fraud and enforce our terms; personalise your experience (e.g., search results, recommendations); and comply with legal obligations.
4. Legal Basis (GDPR)
Contract: processing necessary to provide our services to you (account management, transactions).
Legitimate interest: fraud prevention, platform security, service improvement.
Legal obligation: tax records, regulatory compliance.
Consent: marketing communications (you can opt out at any time).
5. Data Sharing
Stripe: payment processing and seller payouts. Stripe's privacy policy applies to data they process.
Buyers & sellers: necessary transaction details are shared between buyer and seller to fulfil orders (e.g., shipping address with seller).
Service providers: hosting (Railway, Netlify), email delivery, and analytics providers who process data on our behalf.
We do not sell your personal data to third parties.
6. Data Security
Passwords are hashed using industry-standard algorithms. Authentication uses signed JWT tokens. All data in transit is encrypted via HTTPS/TLS. Access to production systems is restricted. Payment data is handled by Stripe's PCI DSS Level 1 compliant infrastructure.
7. Data Retention
We retain your account data for as long as your account is active. Transaction records are retained for 7 years for tax and legal compliance. You may request deletion of your account and personal data at any time by contacting us.
8. Your Rights
Under UK GDPR and the Data Protection Act 2018, you have the right to: access your personal data; rectify inaccurate data; request erasure of your data; restrict or object to processing; data portability; and withdraw consent at any time. To exercise these rights, contact support@nairel.com.
9. Cookies
We use essential cookies for authentication and session management. We may use analytics cookies to understand how users interact with the platform. You can control cookie preferences in your browser settings.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email to registered users. The “last updated” date at the top of this page indicates when the policy was last revised.
11. Contact
For privacy enquiries, contact us at support@nairel.com.