Privacy Policy
Transparency and security are at the heart of the Kiweal experience. Here are our commitments and terms.
Data Security
We use bank-grade encryption and secure infrastructure (Supabase, Stripe).
No Selling Data
We never sell your personal information to third parties.
Your Rights
Full control over your data, including the right to access and deletion.
1. Introduction
Kiweal ("we", "our") is committed to protecting the privacy of its users. This policy describes how we collect, use, and protect your personal data in accordance with GDPR.
Data Controller:
Kiweal
30 rue de Courcelles, 51100 Reims, France
Email: support@kiweal.com
2. Data Collected
2.1 Registration Data
- First and last name, email address, password (hashed).
2.2 Profile Data
- Display name, shipping address, phone number (optional).
2.3 Verification Data (KYC)
Via Stripe Identity: ID document, photo (selfie), and verification result. Kiweal does not store original identity documents.
2.4 Transaction Data
- Purchase/sale history, amounts, dates, and shipping addresses.
2.5 Browsing Data
- IP address, pages visited, browser and device type.
3. Processing Purposes
| Purpose | Legal Basis |
|---|---|
| Account management | Contract performance |
| Transaction processing | Contract performance |
| Identity verification (KYC) | Legal obligation |
| Fraud prevention | Legitimate interest |
| Service improvement | Legitimate interest |
5. Data Retention
- Active account: Duration of relationship + 3 years.
- Transactions: 10 years (accounting obligations).
- Connection logs: 1 year.
6. Your Rights
Under GDPR, you have the right to access, rectify, erase, and port your data. You may also object to certain processing activities.
Contact: support@kiweal.com (response within 30 days).
7. Security
We use HTTPS encryption (TLS 1.3), bcrypt hashing for passwords, and regular infrastructure audits.
10. Minors
Kiweal is strictly reserved for persons 18 years and older.