Privacy Policy

1. Who We Are

VoloMarket (“we”, “us”, “our”) operates the volomarket.net General Aviation marketplace. This policy explains how we handle personal data collected through the platform. For questions, contact privacy@volomarket.net.

2. Data We Collect

• Account data: email address, full name, and optional avatar photo provided during registration.
• Profile data: pilot licence number (optional, for Verified Pilot badge), bio, and contact preferences.
• Listing data: photos, descriptions, prices, and location data you enter for your listings.
• Message data: the content of messages exchanged between buyers and sellers on the platform.
• Usage data: pages visited, search queries, and interaction events (e.g. listing views, saves) collected via server logs and first-party analytics.
• Device data: IP address, browser type, and operating system, collected automatically when you access the Service.

3. How We Use Your Data

• To create and manage your account.
• To display your listings to other users.
• To facilitate messaging between buyers and sellers.
• To send transactional emails (password reset, listing alerts).
• To detect and prevent fraud and abuse.
• To improve platform performance through aggregated analytics.
• To comply with legal obligations.

We do not sell your personal data to third parties. We do not use your data for targeted advertising.

4. Legal Basis (GDPR)

We process your data under the following legal bases as defined by the EU General Data Protection Regulation (GDPR 2016/679):

• Contract performance — to provide the platform services you signed up for.
• Legitimate interests — to improve security, detect abuse, and analyse aggregate usage.
• Legal obligation — to comply with applicable EU and national laws.
• Consent — for optional features such as marketing emails, which you may withdraw at any time.

5. Data Storage and Security

All data is stored on Supabase infrastructure hosted in eu-central-1 (Frankfurt, Germany), within the European Economic Area (EEA). Data is encrypted at rest and in transit using industry-standard TLS 1.2+. We apply role-based access controls and row-level security policies to limit data access.

6. Data Retention

Account data is retained for as long as your account is active. If you delete your account, your personal data is purged within 30 days, except where retention is required by law (e.g. transaction records required for tax purposes, retained for 7 years).

7. Your Rights Under GDPR

As a data subject in the EEA, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate data.
• Erasure — request deletion of your data (“right to be forgotten”).
• Portability — receive your data in a structured, machine-readable format.
• Restriction — ask us to restrict processing in certain circumstances.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — at any time for consent-based processing.

To exercise any of these rights, email privacy@volomarket.net. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.

8. Third-Party Services

• Supabase — database, authentication, and file storage (EU-hosted). Supabase processes data on our behalf as a data processor.
• Mapbox — used for location autocomplete and map previews. Queries are sent to Mapbox servers; see Mapbox Privacy Policy.

9. Cookies

VoloMarket uses only technically necessary cookies required to operate the Service. We do not use tracking, advertising, or third-party analytics cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email or an in-app notice at least 14 days before the change takes effect.

11. Contact

For any privacy-related questions or data requests: privacy@volomarket.net