1. Information We Collect
We collect account details (name, email, phone), marketplace listings, order and wallet records, compliance documents, mutual order reviews, and security logs (IP address, user agent, MFA events). Categories below reflect our record of processing activities.
- Account and profile data — name, email, phone, country, seller profile content, profile media. Lawful basis: Contract performance and legitimate interests for marketplace account operation. Retention: Retain while account is active, then apply PERSONAL_DATA_RETENTION_DAYS unless a legal hold applies.
- Financial account, wallet, escrow, payout, and refund records — wallet balances, ledger transactions, withdrawals, escrow releases, refund cases. Lawful basis: Contract performance, legal obligations, fraud prevention, and accounting record retention. Retention: Retain for FINANCIAL_DATA_RETENTION_DAYS or longer where accounting, tax, or dispute rules require.
- Banking identifiers and payment evidence — account number, IBAN, BIC, routing number, M-Pesa proof screenshots. Lawful basis: Contract performance, legal obligations, fraud prevention, and payout verification. Retention: Retain only as long as needed for verification, payout, dispute, accounting, and anti-fraud controls.
- Compliance and trade documents — seller product documents, buyer compliance documents, shipment proofs, packing images. Lawful basis: Contract performance, legitimate interests, legal obligations, and trade compliance review. Retention: Retain for order/compliance evidence periods and legal holds; quarantine rejected suspicious uploads separately.
- Security, audit, device, and incident records — request IDs, IP address, user agent, MFA timestamps, device fingerprints, breach logs. Lawful basis: Legitimate interests, legal obligations, fraud prevention, and security monitoring. Retention: Retain for AUDIT_LOG_RETENTION_DAYS unless a shorter incident-specific period is documented.
- Backups, generated exports, and operational reports — database backups, financial balance snapshots, DSAR exports, generated reports. Lawful basis: Legal obligations, security resilience, and legitimate interests in disaster recovery. Retention: Follow backup rotation policy and off-server encrypted sync procedures; do not retain DSAR bundles indefinitely.
2. How We Use Your Information
Your information is used to provide and improve platform services, process transactions, support account security, verify compliance requirements, communicate service updates, and fulfill legal obligations.
3. Sharing and Disclosure
We may share data with payment providers, logistics partners, and compliance agencies only as required to deliver services. We do not sell personal information to third parties for marketing purposes.
4. Data Retention
Personal account data is generally retained up to 1095 days after closure unless a legal hold applies. Financial and audit records may be retained up to 2555 days where PSD2, tax, or dispute rules require.
5. International transfers
Payment processors (e.g. Stripe), hosting, and email providers may process data outside the EEA. We rely on appropriate safeguards (including Standard Contractual Clauses) documented in our processor register.
6. Your Rights
You may request access, rectification, erasure, restriction, or portability. Signed-in users can use Privacy & data rights or email contact@dacexports.com. We respond within one month unless an extension is legally documented.
7. Security Measures
We implement administrative, technical, and physical safeguards designed to protect data against unauthorized access, disclosure, alteration, or destruction.