CaserosCaseros
Search listings…
Search

Privacy Policy

Last updated: May 2025

1. Who we are

Caseros is an online marketplace connecting buyers with independent European artisans selling handmade and craft goods. References to "Caseros", "we", "us", or "our" in this policy refer to the operator of this platform. If you have questions about this policy, contact us at filippe.frulli@caseros.eu.

2. Data we collect

We collect and process the following categories of personal data:

Account data

When you register, we collect your email address and, optionally, your name and profile picture. We link your account to a Supabase authentication identifier.

Buyer data

If you make a purchase, we collect shipping addresses (street address, city, postal code, country) and retain a record of your orders, including the items purchased, prices paid, and order status. Payment card data is processed exclusively by Stripe and is never stored on our servers.

Seller data

If you open a shop, we collect your shop name, bio, avatar and banner images, country, preferred currency, and optional social media links. We also process Know Your Customer (KYC) information, which may include your full name, date of birth, address, and — for registered traders — a business registration number and contact details. A verification video may be requested and stored during the approval process.

Communications

Messages exchanged between buyers and sellers through the platform are stored in our database, including read receipts, so that both parties can access their conversation history.

Usage data

We record which listings you have saved as favourites and, if you leave a review, the content and rating of that review.

Technical data

Like most web services, our hosting infrastructure may log IP addresses, browser type, and request timestamps as part of normal server operation. We do not use third-party analytics or advertising trackers.

3. How we use your data

We use your personal data to:

  • Create and manage your account and authenticate your identity.
  • Process orders, calculate taxes, and facilitate payment through Stripe.
  • Transfer seller payouts via Stripe Connect.
  • Deliver buyer–seller messages and platform notifications.
  • Verify seller identities and approve shop applications (KYC).
  • Maintain records required by applicable tax and commercial law.
  • Detect and prevent fraud or abuse of the platform.
  • Respond to support requests.

We process your data on the legal bases of contract performance (to fulfil your orders or seller agreement), legal obligation (tax and KYC requirements), and legitimate interest (platform security and fraud prevention). Where required, we will ask for your explicit consent.

4. Third parties we share data with

We share personal data only with the following third parties and only to the extent necessary:

  • Supabase — provides our authentication service and cloud database hosting. Your data is stored on Supabase's infrastructure, subject to their data processing agreement.
  • Stripe — processes all payments and seller payouts. When you pay for an order or a seller connects a bank account, you interact directly with Stripe's systems under their privacy policy.

We do not sell your personal data to any third party, and we do not use your data for advertising purposes.

5. Data retention

We retain your account data for as long as your account is active. Order records are retained for seven years to meet accounting and tax obligations. KYC records are retained as required by applicable anti-money-laundering regulations.

You may request deletion of your account at any time (see section 6). Where we are required by law to retain certain records, we will retain only the minimum necessary data for the legally required period.

6. Your rights (GDPR)

If you are located in the European Economic Area, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — request deletion of your data, subject to legal retention obligations.
  • Portability — receive your data in a structured, machine-readable format.
  • Restriction — ask us to limit processing of your data in certain circumstances.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, email us at filippe.frulli@caseros.eu. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

7. Cookies

We use cookies solely for authentication and session management. See our Cookie Policy for details.

8. Changes to this policy

We may update this policy from time to time. If changes are material, we will notify you by email or by displaying a notice in the platform. Continued use of Caseros after an update constitutes acceptance of the revised policy.