Zartevo

Legal

Privacy Policy

Last updated April 22, 2026. How we collect, use, and protect your personal data.

Contents

  1. Data Controller
  2. Data We Collect
  3. Legal Basis for Processing
  4. How We Use Your Data
  5. Data Sharing & Third Parties
  6. Cookies & Tracking
  7. Data Retention
  8. Security
  9. International Transfers
  10. Your Rights (GDPR)
  11. Children's Privacy
  12. Changes to This Policy
  13. Contact & DPO

1. Data Controller

The data controller responsible for your personal data is Twistyest MM SL, operating the Zartevo marketplace. For any privacy-related enquiries, you can reach us at info@zartevo.com.

This policy applies to all users of Zartevo — buyers, vendors, and visitors — and complies with the EU General Data Protection Regulation (GDPR) and applicable Spanish data protection law (LOPDGDD).

2. Data We Collect

We collect the following categories of personal data:

Account dataName, username, email address, password hash, avatar, locale, role.
Vendor profileBrand name, headline, bio, website, social links, business type, legal name, tax ID / VAT number, fiscal address, payout details.
Transaction dataOrder history, purchase amounts, product licenses, download records, refund requests.
Payment dataStripe customer and account IDs. We do not store full card numbers — all card data is handled by Stripe.
Communication dataSupport tickets, emails, and dispute messages you send us.
Technical dataIP address, browser type, device info, referring URL, session tokens.
Usage dataPages visited, search queries, clicks, and interactions within the platform.
Affiliate & referral dataReferral codes, attribution cookies, referred user IDs.
Security dataLogin events, 2FA activity, failed authentication attempts.

3. Legal Basis for Processing

We process your personal data on the following legal grounds under GDPR Article 6:

  • Contract performance — to create and manage your account, process purchases, issue licenses, and handle payouts.
  • Legal obligation — to comply with tax, anti-money laundering, and consumer protection laws applicable in Spain and the EU.
  • Legitimate interests — to prevent fraud, secure the platform, improve our services, and operate the affiliate program.
  • Consent — for non-essential cookies and optional marketing communications. You may withdraw consent at any time.

4. How We Use Your Data

  • Create and maintain your account and vendor profile.
  • Process payments, issue digital licenses, and manage refunds.
  • Send transactional emails (order confirmations, payout notices, password resets).
  • Provide customer support and resolve disputes.
  • Detect and prevent fraud, abuse, and policy violations.
  • Comply with tax reporting and legal obligations.
  • Improve platform functionality through aggregated analytics.
  • Track affiliate and referral attribution.
  • Send marketing communications, only where you have opted in.

We do not sell your personal data to third parties. We do not use your data for automated decision-making that produces legal or similarly significant effects without human review.

5. Data Sharing & Third Parties

We share data only with the following categories of recipients:

  • Stripe — for payment processing and vendor payouts. Stripe acts as an independent data controller for card data. Stripe Privacy Policy.
  • Google OAuth — if you choose to sign in with Google. We only receive your name, email, and profile picture from Google.
  • Infrastructure providers — hosting and database providers operating under data processing agreements (DPAs) compliant with GDPR.
  • Tax & legal authorities — when required by law, court order, or to protect the rights and safety of users or the platform.

Vendors can see the display name and email associated with an order only when needed to fulfil support obligations. Buyers' full personal data is never sold or exposed to vendors beyond what is necessary.

6. Cookies & Tracking

Zartevo uses the following types of cookies:

Strictly necessarySession authentication, CSRF protection, shopping cart. Cannot be disabled.
FunctionalLanguage preference, theme, UI state. Enabled by default.
AnalyticsAggregated usage statistics to improve the platform. Opt-out available.
Affiliate attributionReferral cookie to track vendor and buyer recruitment. 30-day expiry.
MarketingOnly set with explicit consent. Used for targeted advertising where enabled.

You can manage cookie preferences through your browser settings. Disabling strictly necessary cookies will prevent the platform from functioning correctly.

7. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this policy:

  • Account data — retained for the life of the account and deleted within 90 days of a verified deletion request, subject to legal holds.
  • Transaction & tax data — retained for a minimum of 7 years to comply with Spanish and EU tax law obligations.
  • Security logs — retained for 12 months to support fraud investigation and dispute resolution.
  • Support communications — retained for 3 years after the last interaction.

8. Security

We apply industry-standard technical and organisational measures to protect your personal data, including:

  • Passwords stored as bcrypt hashes — never in plain text.
  • 2FA TOTP secrets encrypted at rest using AES-256-GCM.
  • All data in transit encrypted via TLS.
  • Role-based access controls limiting internal access to personal data.
  • Security event logging for all authentication and payout activity.

Despite these measures, no system is completely secure. In the event of a data breach that poses a high risk to your rights, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Article 33.

9. International Transfers

Zartevo is based in Spain (EU). Some of our infrastructure and third-party processors may be located outside the EU/EEA. Where data is transferred internationally, we ensure appropriate safeguards are in place — such as the EU Standard Contractual Clauses (SCCs) or adequacy decisions — as required by GDPR Chapter V.

10. Your Rights (GDPR)

Under the GDPR and Spanish LOPDGDD, you have the following rights regarding your personal data:

AccessRequest a copy of all personal data we hold about you.
RectificationCorrect inaccurate or incomplete data.
ErasureRequest deletion of your data (“right to be forgotten”), subject to legal retention obligations.
RestrictionAsk us to limit processing of your data in certain circumstances.
PortabilityReceive your data in a structured, machine-readable format.
ObjectionObject to processing based on legitimate interests or for direct marketing.
Withdraw consentWithdraw consent at any time where processing is consent-based.

To exercise any of these rights, contact us at info@zartevo.com. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Spanish data protection authority: Agencia Española de Protección de Datos (AEPD).

11. Children's Privacy

Zartevo is not directed at persons under 18 years of age. We do not knowingly collect personal data from anyone under 18. If you believe a minor has created an account, please contact us at info@zartevo.com and we will delete the account promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the platform at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact & DPO

For any questions, data requests, or privacy concerns, contact us at:

Twistyest MM SL

General enquiries: info@zartevo.com

GDPR data requests: info@zartevo.com

For complaints, you may also contact the Agencia Española de Protección de Datos (AEPD).

See also our Terms of Use and Refund Policy.

Zartevo

The premium digital asset marketplace. Buy and sell themes, plugins, templates, and much more.

TwitterGitHubDiscord
Zartevo - The marketplace for premium digital assets | Product Hunt

Platform

  • Marketplace
  • Pricing
  • Blog
  • Roadmap

Vendors

  • Start selling
  • Commissions
  • License SDK
  • Support

Legal

  • Terms of Use
  • Privacy
  • Licenses
  • Refund Policy

Support

  • Help Center
  • Contact
  • Service Status
  • Community

Company

  • Careers
  • About
  • Blog
  • Become an affiliate

Copyright 2026 Zartevo. All rights reserved.

Zartevo on Product Hunt

Language: English