Privacy Policy
Effective date: 16 May 2026 ยท Last updated: 16 May 2026
This policy explains how DigitalMarket ("we", "us") collects, uses, and protects your personal data at digitalmarketstore.shop. We follow GDPR principles globally and Egyptian Personal Data Protection Law No. 151/2020 for users in Egypt.
1. Data we collect
| Category | Examples | When collected |
|---|
| Identity | Name, email, phone | Registration |
| Account | Password hash (we never see plaintext), role, 2FA status | Throughout use |
| Profile | Shop name, bio, avatar, payment info (Instapay, bank) | Seller profile creation |
| KYC | National ID number + photo, selfie, DOB, address | KYC submission |
| Orders | Items, prices, dates, payment method, proof image | Each order |
| Usage | Pages, products clicked, time on site, searches | Continuously (via GA4 โ cookie-gated) |
| Device | IP address, browser, OS, screen size | Each request |
| Errors | Crash reports, stack traces | When something breaks (via Sentry) |
2. Why we collect it
- Operate the marketplace โ match buyers and sellers, process orders, issue downloads.
- Verify identity โ prevent fraud, comply with AML rules (KYC).
- Communicate โ order confirmations, refunds, KYC decisions, abandoned-cart reminders (newsletter only if opted in), announcements.
- Improve the product โ usage analytics.
- Enforce Terms โ investigate disputes, ban abusers.
- Legal obligations โ tax records, court orders.
3. Who can see what
| Data | Visible to |
|---|
| Seller profile (name, bio, avatar, ratings, Instapay) | Everyone (public) |
| Buyer profile (name, email) | Buyer + admin + sellers they purchase from |
| KYC documents (ID, selfie, DOB, address) | Only admin (encrypted, owner-only Storage) |
| Order history | Buyer + involved sellers + admin |
| Reviews | Public, attributed to your display name |
| Wishlist, recently viewed, cart | Only you (stored in your browser) |
4. Third parties we share data with
- Firebase / Google Cloud (USA, EU) โ our backend. Firebase privacy.
- Google Analytics 4 โ anonymous usage. Loads only after cookie consent. IP anonymized.
- Sentry โ error reports. Sensitive fields scrubbed. Loaded 2 seconds after page.
- Resend / SendGrid โ transactional emails (orders, refunds, KYC).
- Kashier โ our licensed card payment processor. When you pay by card, your payment details are entered on and processed by Kashier's secure PCI-DSS-compliant page; we receive only the order ID, amount, status, and a transaction reference โ never your full card number or CVV. Kashier privacy policy.
- reCAPTCHA v3 (Google) โ bot prevention.
- We do not sell your data to anyone, ever.
5. How long we keep it
- Account data: while active + 1 year after deletion (for legal disputes).
- Orders: 7 years (Egyptian tax record requirement).
- KYC documents: 5 years (AML rules).
- Analytics: 26 months (GA4 default).
- Wishlist / cart / browse history: only in your browser; cleared with browser data.
6. Your rights (GDPR + Egyptian PDPL)
You have the right to:
- Access โ copy of all data we hold about you.
- Rectify โ correct inaccurate data (use profile editor or email us).
- Erase โ delete your account and data ("right to be forgotten"). Some retained where legally required.
- Restrict / Object โ stop processing for marketing (decline cookies, unsubscribe).
- Portability โ data in machine-readable format (JSON).
- Withdraw consent โ change cookie preferences anytime.
- Complain โ file with Egypt's Personal Data Protection Centre or your EU data protection authority.
To exercise rights: email support@digitalmarketstore.shop. We respond within 30 days.
7. Cookies
- Essential (always on): your session, cart, preferences (currency, language, dark mode).
- Analytics (opt-in via banner): Google Analytics 4.
- Error monitoring (opt-in via banner): Sentry.
Decline the cookie banner and analytics/error tracking won't load.
8. Data security
- All connections HTTPS (TLS 1.3).
- Passwords hashed by Firebase Authentication โ never stored plaintext.
- KYC documents stored in private Cloud Storage with owner-only read rules.
- Firestore security rules: users can only read/write their own data (with admin overrides).
- Optional 2FA via SMS โ strongly recommended for sellers.
- Sentry + Firebase Security Rules monitor for fraud.
9. International transfers
Our infrastructure (Firebase) is hosted in the United States and EU. By using the Service from outside, you consent to data transfer under Standard Contractual Clauses or equivalent safeguards.
10. Children
DigitalMarket is not directed at children under 18. We do not knowingly collect data from minors. If you believe a child registered, contact us โ we'll delete the account.
11. Changes
We may update this policy. Material changes (new data uses, new third parties) will be announced via email at least 14 days before they take effect.
12. Contact / Data Protection Officer
Privacy inquiries: support@digitalmarketstore.shop (use "Privacy" or "GDPR" in subject for faster routing).
ยฉ 2026 DigitalMarket. All rights reserved.