Selyct

Legal

Privacy Policy

Last updated: June 2026 · Draft policy for beta launch.

Selyct is committed to protecting your personal data and complying with the GDPR and applicable EU/Irish data protection law.

1. Data we collect

  • Personal data: name, email, password hash, country, display name, handle.
  • Identity data: phone number, optional address.
  • Verification data: government ID image, selfie/liveness capture, possession-verification media for high-value items.
  • Payment data (placeholder): when payments go live, payment tokens and limited transaction metadata processed by a payment provider. Selyct does not store full card numbers.
  • Trust data: verification status, trust score, trust events, dispute and fraud signals.
  • Marketplace data: listings, messages, offers, orders, reviews.
  • Analytics data: only collected when you have accepted analytics cookies; otherwise no analytics tracking is performed.
  • Security/technical data: truncated user agents and hashed IP addresses used for audit logs, rate limiting and fraud prevention.

2. How we use your data

To operate the marketplace, verify members, prevent fraud, process transactions, resolve disputes, provide support, comply with legal obligations, and improve the product.

3. Sharing

We share data with verification, payment and infrastructure providers under contract, and with regulators or authorities where legally required. We do not sell your personal data.

4. Cookies

See our Cookie Policy. You can change your preferences at any time via the cookie preferences link in the footer.

5. Data retention

  • Account data: kept while your account is active.
  • Verification documents: kept only as long as needed for fraud prevention and legal compliance, then deleted or pseudonymized.
  • Transactions, disputes and fraud records: retained as required for transaction integrity, regulatory and tax obligations (typically up to 7 years).
  • Audit and security logs: retained for the period needed for security investigations and legal compliance, then deleted.
  • IP addresses are stored hashed; user agents are truncated where practical.

6. Your rights (GDPR placeholders)

You may request:

  • Access — a copy of your personal data (request a data export).
  • Correction — fix inaccurate data from your account settings or by contacting us.
  • Deletionrequest account deletion.
  • Portability — request a machine-readable export of your own data.
  • Restriction — limit certain processing while we review a request.
  • Withdraw consent — e.g. analytics or marketing cookies, via the cookie preferences link.

7. Right-to-erasure limitations

We may be unable to fully erase certain records that are required for fraud prevention, ongoing or past disputes, completed transactions, audit-log integrity, tax/accounting, or other legal obligations. In those cases we will pseudonymize personal identifiers where appropriate, keeping only what is needed for the lawful basis.

8. Security

Encryption in transit and at rest, least-privilege access controls, audit logging of sensitive admin actions, rate limiting, and human review of high-risk events.

9. Contact

Privacy questions: privacy@selyct.com. You also have the right to lodge a complaint with your local data-protection authority.

This is a draft policy published during Selyct's beta. Final terms will be reviewed by legal counsel prior to full public launch.