PRIVACY POLICY

For Aiydyn: A Multi-Vendor Marketplace for Natural & Organic Skin and Hair Products

Last Updated: January 2026

---

1. INTRODUCTION AND SCOPE

Aiydyn (“Company,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring you have a positive experience on our website, mobile application, and all associated services (collectively, the “Services”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and other global privacy regulations.

This Privacy Policy applies to all users of the Services, including buyers, sellers, and visitors. Please read this policy carefully. If you do not agree with our privacy practices, you must cease using the Services immediately.

By accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. Your use of the Services constitutes your consent to our collection, use, and disclosure of your personal information as described herein.

---

2. INFORMATION WE COLLECT

Aiydyn collects personal information from multiple sources to operate the Services effectively, protect against fraud, and improve user experience.

2.1 Information You Provide Directly

Account Registration Information:

• Full name
• Email address
• Phone number
• Mailing address
• Date of birth (for age verification)
• Password and security questions
• Profile photo and biographical information
• Gender (optional)
• Location and neighborhood type

Payment Information:

• Billing address
• Credit card number (processed through secure payment processors)
• Debit card information
• PayPal account details
• Bank account information (for seller payouts)
• Payment method type and expiration date

Seller-Specific Information:

• Business name and legal business structure
• Business tax identification number (EIN/Tax ID)
• Bank account information for deposits
• Business address and registration documents
• Product descriptions and ingredient lists
• Shop policies and certifications
• Proof of organic, cruelty-free, or other certifications
• Identification documents for verification purposes
• Business financial information (annual revenue, business stage)
• Details about other sales channels

Buyer Profile Information:

• Saved addresses (shipping and billing)
• Purchase history
• Wishlist and saved items
• Reviews and ratings posted
• Favorites and collections
• Product preferences and interests
• Browsing and search history
• Communication preferences
• Customer service inquiries and correspondence

Customer Support and Communications:

• Inquiries submitted through contact forms
• Email correspondence
• Chat messages with customer support or sellers
• Complaint reports and dispute information
• Feedback and survey responses
• Content you upload (photos, documents, messages)

Biometric Data (for sellers):

• Facial recognition data (for identity verification)
• Fingerprint data (if two-factor authentication enabled)
• Collected with explicit consent only

2.2 Information Collected Automatically

Browser and Device Information:

• IP address and geolocation data
• Device type, model, and operating system
• Browser type and version
• Unique device identifiers
• Device settings and specifications
• Mobile device ID (IDFA, Android Advertising ID)

Service Usage Information:

• Pages visited and time spent on each page
• Clickstream data and navigation patterns
• Search queries and keywords used
• Transaction history and purchase details
• Products viewed and interaction with product listings
• Items added to cart (whether purchased or not)
• Seller interactions and messages
• Return and refund requests
• Account settings changes
• Features used and frequency of use
• Error logs and technical issues
• Session duration and activity

Cookies and Similar Technologies:

• First-party cookies for login, preferences, and cart functionality
• Third-party cookies for analytics and advertising
• Session cookies (temporary, deleted when browser closes)
• Persistent cookies (retained for extended periods)
• Web beacons and pixel tags
• Local storage data and IndexedDB
• Device fingerprinting information

Analytics and Tracking:

• Google Analytics data (page views, user flow, demographics)
• Heatmap and user behavior tracking
• A/B testing data
• Conversion tracking pixels
• Advertising tracking pixels (Facebook, Google, TikTok)
• Video view data and interaction metrics

Location Information:

• GPS coordinates (if location services enabled)
• IP-based approximate location
• Country, state, and city information
• Location data from payment processing
• Shipping address location information

2.3 Information from Third-Party Sources

Payment Processors:

• Transaction verification data
• Fraud risk scores
• Payment confirmation information
• Billing verification results

Identity Verification Services:

• Government-issued identification data (for sellers)
• Background check information (where permitted by law)
• Address verification results
• Age and identity verification data

Shipping and Logistics Providers:

• Delivery status updates
• Tracking information
• Return and refund status

Advertising and Marketing Partners:

• Demographic information and interests
• Purchase behavior data from other sites
• Audience segmentation data
• Advertising interaction data

Service Providers:

• Email service providers (newsletter data)
• Customer support platforms
• Security and fraud prevention services
• Cloud storage providers

Public Sources:

• Publicly available business information
• Public social media profiles
• Public records and databases (for seller verification)

Affiliates and Business Partners:

• Information from related company services
• Data sharing between integrated platforms
• Partner marketplace data

Other Users:

• Information provided about you in reviews or messages
• Complaints or disputes involving you
• User-generated content mentioning you

---

3. HOW WE USE YOUR INFORMATION

Aiydyn uses collected personal information for various lawful purposes. The legal basis for processing varies depending on the type of information and your location.

3.1 Providing and Improving the Services

• Creating and maintaining your account
• Processing orders, payments, and refunds
• Fulfilling orders and processing returns
• Providing customer support and responding to inquiries
• Troubleshooting technical issues
• Conducting surveys and gathering feedback
• Improving website functionality and user experience
• Testing new features and products
• Analyzing usage patterns to enhance Services
• Personalizing your experience and content recommendations

3.2 Communication

• Sending transactional emails (order confirmations, shipping updates, receipts)
• Notifying you of policy changes or legal updates
• Responding to customer support requests
• Sending account verification emails
• Notifying you of suspicious account activity
• Sending password reset links and account recovery information
• Resolving disputes and complaints
• Marketing communications (with your consent where required)
• Newsletter subscriptions (opt-in basis)
• Promotional emails about sales and new products (based on preferences)
• Administrative communications regarding Terms and Conditions changes

3.3 Fraud Prevention and Security

• Detecting, preventing, and investigating fraud
• Verifying seller and buyer identities
• Monitoring for suspicious transactions
• Preventing unauthorized access to accounts
• Protecting against security threats and malicious activity
• Conducting security audits and assessments
• Complying with anti-money laundering (AML) and Know Your Customer (KYC) requirements
• Investigating policy violations and terms breaches

3.4 Legal Compliance and Protection

• Complying with legal obligations and court orders
• Responding to government and law enforcement requests
• Complying with tax reporting requirements (including 1099 reporting for sellers)
• Establishing, exercising, or defending legal claims
• Complying with subpoenas and regulatory investigations
• Protecting our legal rights and enforcing contracts
• Preventing and addressing violations of Terms and Conditions

3.5 Marketing and Advertising

• Creating targeted advertising campaigns
• Personalized product recommendations and suggestions
• Segmenting users for marketing purposes
• A/B testing marketing messages
• Measuring advertising effectiveness
• Retargeting users who have visited the Services
• Creating lookalike audiences for advertising
• Email marketing and promotional communications
• Behavioral targeting based on browsing history
• Cross-device advertising tracking

3.6 Analytics and Business Intelligence

• Understanding user demographics and preferences
• Analyzing marketplace trends and seller performance
• Measuring traffic and engagement metrics
• Creating reports and statistical analysis
• Identifying popular products and categories
• Benchmarking performance against industry standards
• Informing product development decisions

3.7 Seller-Specific Uses

• Verifying seller identity and eligibility
• Monitoring seller compliance with policies
• Processing seller payouts and payments
• Calculating seller commission fees and charges
• Creating seller performance metrics and ratings
• Preventing seller fraud and policy violations
• Providing seller analytics and performance data
• Supporting seller customer service

3.8 Buyer-Specific Uses

• Processing purchases and shipments
• Managing returns and refunds
• Dispute resolution between buyers and sellers
• Protecting buyer safety and preventing fraud
• Age verification for restricted product categories
• Customer recommendation personalization

---

4. LEGAL BASIS FOR PROCESSING

Depending on your location, Aiydyn relies on different legal bases to process your personal information:

4.1 European Economic Area, UK, and Switzerland Users (GDPR/UK GDPR)

For users in the EEA, UK, and Switzerland, we process personal information based on the following legal bases:

Contractual Necessity:

• Processing required to fulfill our Services agreement with you
• Creating and managing your account
• Processing transactions and payments
• Providing customer support

Legitimate Interests:

• Improving and personalizing the Services
• Fraud prevention and security
• Analytics and business improvements
• Direct marketing (unless you opt out)
• Protecting our legal rights
• Detecting and preventing abuse

Consent:

• Marketing communications and newsletters
• Biometric data processing for sellers
• Non-essential cookies and tracking technologies
• Extended data retention beyond contractual necessity

Legal Obligation:

• Complying with tax laws and reporting requirements
• Responding to legal requests and government investigations
• Know Your Customer (KYC) compliance
• Anti-money laundering (AML) requirements

Vital Interests:

• Protecting health, safety, or security in emergency situations

4.2 California Residents (CCPA/CPRA)

California residents have specific rights under the CCPA and CPRA. We collect and process personal information for the following business purposes:

• Providing, maintaining, and improving our Services
• Developing new features and products
• Personalizing user experience
• Detecting and preventing fraud and security incidents
• Complying with legal obligations
• Communicating with you about your account
• Marketing and advertising
• Analytics and business intelligence
• Customer service and support

4.3 Other U.S. Residents

For users outside California but in other U.S. states, we process personal information to:

• Fulfill contractual obligations
• Comply with legal requirements
• Pursue legitimate business interests
• Obtain your consent where required

4.4 Other Global Residents

For users in other countries, we process personal information according to the applicable privacy laws in their jurisdiction and the legal bases accepted under those laws.

---

5. HOW WE SHARE YOUR INFORMATION

Aiydyn shares personal information with third parties only when necessary to provide the Services, comply with legal obligations, or protect our interests. We do not sell personal information to third parties for their own marketing purposes.

5.1 Buyers and Seller Transactions

Seller Information Shared with Buyers:

• Shop name and location
• Business registration information (if public)
• Seller ratings and reviews
• Product descriptions and images
• Shipping and return policies
• Business contact information (as directed by seller)
• Communications regarding orders

Buyer Information Shared with Sellers:

• Name and shipping address (necessary for order fulfillment)
• Email address (for order communication)
• Phone number (if provided)
• Order history and purchase details
• Message communications
• Return and dispute information
• Payment confirmation (not full payment details)

5.2 Service Providers and Processors

We share personal information with third-party service providers who assist in operating the Services:

Payment Processing:

• Stripe, PayPal, or other payment gateways
• Banks and financial institutions
• Fraud detection services
• Card networks and processors

Shipping and Logistics:

• FedEx, UPS, DHL, USPS, or other carriers
• Shipping software providers
• Tracking services

Hosting and Technology:

• Cloud hosting providers (AWS, Google Cloud, etc.)
• Content delivery networks
• Technical support providers
• Website analytics providers (Google Analytics)
• Security and monitoring services

Marketing and Analytics:

• Google Ads and Analytics
• Facebook Pixel and tracking
• TikTok tracking
• Email marketing platforms
• Marketing automation tools
• Conversion tracking services
• Advertising networks

Customer Support:

• Third-party customer support platforms
• Chat and messaging services
• Help desk software providers

Data Analysis:

• Analytics and business intelligence firms
• Market research companies
• Consulting firms
• Statistical analysis services

5.3 Legal Requirements and Protection

We may disclose personal information when required or permitted by law:

• Complying with court orders and subpoenas
• Responding to government and law enforcement requests
• Enforcing our Terms and Conditions
• Protecting the safety and security of users and the public
• Investigating and preventing fraud or illegal activity
• Establishing, exercising, or defending legal claims
• Complying with tax reporting obligations

5.4 Business Transfers

If Aiydyn is involved in a merger, acquisition, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction. We will provide notice if such a transfer occurs and if privacy practices change materially.

5.5 Aggregated and De-Identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably identify you with third parties for analytics, marketing, research, and other business purposes. This information does not constitute personal information under privacy laws.

5.6 Other Third Parties (with Restrictions)

Affiliates and Related Companies:

• Information sharing among Aiydyn subsidiaries and affiliates
• Used for operation, fraud prevention, and business development
• Shared only for purposes consistent with this Privacy Policy

Business Partners:

• Strategic partners and integration partners
• Co-marketing partners
• Technology integration partners

Additional Disclosures:

• User consent for specific third-party sharing
• Information provided in response to user choices
• Public information displayed in user profiles

---

6. DATA RETENTION

Aiydyn retains personal information only as long as necessary to provide the Services, comply with legal obligations, or fulfill the purposes for which it was collected. Retention periods vary by information type and legal requirements.

6.1 Account Information

Active Accounts:

• Retained for the duration your account is active
• Retained for 12 months after account closure (for dispute resolution and legal claims)
• Longer retention if required by law

Deleted Accounts:

• Most personal information deleted within 30 days
• Some information retained for legal compliance (up to 7 years)
• Aggregated data retained indefinitely

6.2 Transaction and Payment Information

• Retained for 7 years for accounting and tax purposes
• Required for dispute resolution (3 years minimum)
• Longer retention if required by law or for legal claims
• Payment card details deleted after transaction authorization

6.3 Seller Information

Seller Account Information:

• Retained while account is active
• Retained for 7 years after account termination for legal and tax compliance
• Identification documents: 3-5 years minimum
• Business verification documents: 3 years minimum

Seller Shop Data:

• Product listings retained until deletion by seller
• Shop reviews and ratings retained indefinitely
• Sales history retained for 7 years

6.4 Customer Support and Communications

• Support tickets and emails: 3 years
• Chat communications: 1-2 years
• Complaint and dispute files: 5-7 years
• Longer retention if needed for legal claims

6.5 Cookies and Tracking Data

Analytics Cookies:

• First-party cookies: duration of session + 2 years
• Third-party analytics: varies (typically 1-3 years)

Advertising Cookies:

• Duration of advertising campaign + 30 days
• User opt-out preference honored indefinitely

Performance and Functional Cookies:

• Session cookies deleted upon browser close
• Preference cookies retained for up to 2 years

6.6 Marketing and Newsletter Data

• Newsletter subscriber lists: retained while subscribed
• Unsubscribe requests honored: retained for 3 years to prevent re-adds
• Inactive subscriber removal: after 12-24 months of inactivity

6.7 Log Files and Technical Data

• Server logs: retained for 90 days
• Error logs and crash reports: 30 days
• Security logs: 1-2 years
• Backup data: retained per backup schedule (typically 30-90 days)

6.8 Legal Hold and Compliance

• Data subject to legal holds or investigations retained longer
• Regulatory compliance data (KYC, AML): 3-7 years
• Tax records: 7 years minimum
• Labor and employment records: 3-7 years depending on jurisdiction

6.9 Data Deletion Rights

You may request deletion of your personal information subject to exceptions:

• Data required for legal compliance
• Data needed to fulfill contracts
• Data needed for dispute resolution
• Data retained for legitimate business purposes

Deletion timelines vary by jurisdiction and legal requirements.

---

7. YOUR PRIVACY RIGHTS AND CHOICES

Aiydyn respects your privacy rights and provides mechanisms to exercise control over your personal information.

7.1 Rights for EEA, UK, and Switzerland Users (GDPR)

Right to Access:

• Request a copy of personal information we hold about you
• Understand what data we collect and how it’s used
• Submit requests through account settings or privacy request form
• Response timeline: 30 days (extendable to 60 days for complex requests)

Right to Rectification:

• Correct inaccurate personal information
• Update incomplete data
• Edit information through account settings
• Request correction of data held by third parties

Right to Erasure (“Right to be Forgotten”):

• Request deletion of personal information
• Applies when data is no longer necessary
• Exceptions: legal obligations, legal claims, legitimate interests
• Timelines vary by retention requirements

Right to Restrict Processing:

• Limit how we use your personal information
• Request suspension of processing while accuracy is verified
• Restrict marketing or profiling activities
• Data retained but processing limited to specified purposes

Right to Data Portability:

• Receive personal information in machine-readable format
• Transfer data to another service provider
• Request direct transmission to new provider
• Available for data provided by you or generated through your activities

Right to Object:

• Object to processing for direct marketing
• Object to processing based on legitimate interests
• Object to profiling and automated decision-making
• Automatic opt-out of marketing communications

Rights Related to Automated Decision-Making and Profiling:

• Know when decisions affecting you are made automatically
• Request human review of automated decisions
• Challenge automated decisions about you
• Opt-out of automated profiling where possible

Right to Withdraw Consent:

• Withdraw consent for any processing based on consent
• Withdraw at any time without penalty
• Withdrawal does not affect lawfulness of prior processing
• Consent management tools available in account settings

7.2 Rights for California Residents (CCPA/CPRA)

Right to Know:

• Know what personal information we collect
• Know the sources of collection
• Know how we use your information
• Know who we share information with
• Submit “right to know” requests through account settings or privacy request form

Right to Delete:

• Request deletion of personal information
• Exceptions: business purposes, legal obligations, other legal bases
• Consumer-directed deletion requests: response within 30-45 days
• Some information may be retained for legal compliance

Right to Correct:

• Request correction of inaccurate personal information
• Submit through account settings or privacy request form
• We will correct or note dispute in records

Right to Opt-Out:

• Opt-out of “sale” or “sharing” of personal information
• Opt-out of targeted advertising
• Opt-out of automated decision-making with legal effect
• “Do Not Sell or Share My Personal Information” link available
• Opt-out applies to future sharing; doesn’t retroactively cover past sharing

Right to Limit Use and Disclosure:

• Limit use of sensitive personal information
• Limit sharing with third parties
• Limit use for inference and profiling
• “Limit the Use of My Sensitive Personal Information” link available

Right to Non-Discrimination:

• No discrimination for exercising privacy rights
• Cannot deny, discourage, or penalize your rights exercise
• Cannot provide different service levels for exercising rights
• May offer financial incentives for data collection (if legally compliant)

Automated Decision-Making Rights:

• Know when decisions are made automatically
• Request human review of significant decisions
• Challenge automated decisions
• Right to explanation of automated decision

Right to Access Opt-Out Preference Signals:

• Honor global privacy control signals
• Respect browser-based opt-out preferences
• Treat opt-out signals as explicit opt-out requests

7.3 Rights for Other U.S. State Residents

Depending on your state of residence, you may have additional privacy rights under emerging state-level privacy laws. We comply with applicable state privacy regulations, including:

• Virginia Consumer Data Protection Act (VCDPA)
• Colorado Privacy Act (CPA)
• Connecticut Data Privacy Act (CTDPA)
• Utah Consumer Privacy Act (UCPA)
• Montana Consumer Data Privacy Act (MCDPA)
• Delaware Personal Privacy Act (DPDPA)
• Iowa Online Privacy Act (IOPA)

These laws generally provide similar rights to CCPA/CPRA residents.

7.4 Rights for Other Global Residents

Other countries have their own privacy laws and associated rights:

Canada (PIPEDA):

• Right to access and correct personal information
• Right to request deletion
• Right to opt-out of marketing communications
• Right to file complaints with privacy commissioner

Brazil (LGPD):

• Right to access, correct, and delete personal information
• Right to data portability
• Right to opt-out of automated decision-making
• Right to contest processing decisions

Australia (Privacy Act):

• Right to access and correct personal information
• Right to complaint with privacy commissioner
• Right to opt-out of direct marketing
• Right to request reason for denial of requests

Other Jurisdictions:

• We comply with local privacy laws
• Similar rights generally provided under most global privacy laws
• Contact us for information about your specific jurisdiction

7.5 How to Exercise Your Rights

Submit a Privacy Request:

1. Access your account settings → Privacy & Data
2. Select the right you wish to exercise
3. Provide necessary information to verify identity
4. Submit your request

Verification Process:

• We will verify your identity before processing requests
• May require confirmation of email or phone number
• May request government ID for seller verification
• Authorization agents may submit requests on your behalf (with proper documentation)

Request Response:

• Confirmation within 10 days of receipt
• Substantive response within 30-45 days
• Extensions available for complex requests (additional 30 days)
• If unable to fulfill, explanation provided

Opting Out of Marketing:

Email Marketing:

• Click “unsubscribe” link in any marketing email
• Request through account settings
• Processing: immediate to 10 business days

Targeted Advertising:

• “Do Not Sell or Share My Personal Information” link in footer
• Opt-out settings in account preferences
• Browser-based opt-out tools
• Network Advertising Initiative (NAI) opt-out
• Digital Advertising Alliance (DAA) opt-out

Location-Based Marketing:

• Disable location services on your device
• Opt-out through account settings

Cookies and Tracking:

• Cookie consent banner preferences
• Browser cookie settings
• “Limit Tracking” option on iOS devices
• Do Not Track browser signals (honored where applicable)

---

8. COOKIES, PIXELS, AND TRACKING TECHNOLOGIES

Aiydyn uses various tracking technologies to operate the Services, analyze usage, and deliver personalized advertising.

8.1 What are Cookies?

Cookies are small text files stored on your device that contain information about your browsing activity and preferences. They enable us to recognize you across visits, remember your choices, and improve your experience.

Types of Cookies:

Strictly Necessary Cookies:

• Functionality cookies for login and authentication
• Session management cookies
• Security and fraud prevention cookies
• Payment processing cookies
• Shopping cart functionality
• Legal compliance cookies
• Status: Not requiring consent, deployed automatically

Performance and Analytics Cookies:

• Google Analytics tracking
• Traffic analysis and page performance
• User behavior analysis
• Heatmaps and session recording
• Error tracking and crash reports
• Engagement metrics
• Status: Requiring explicit consent in EEA/UK (GDPR)

Functional Cookies:

• Language and regional preferences
• Accessibility settings
• User interface customization
• Time zone preferences
• Saved filters and search history
• Remember-me functionality
• Status: May require consent depending on jurisdiction

Targeting/Advertising Cookies:

• Facebook pixel for retargeting
• Google Ads conversion tracking
• TikTok pixel tracking
• Display advertising
• Behavioral advertising
• Cross-site tracking for ad delivery
• Status: Requiring explicit consent under GDPR, opt-out available under CCPA

8.2 What are Tracking Pixels?

Tracking pixels (also called web beacons or pixel tags) are tiny, invisible images embedded in web pages, emails, and advertisements that track user activity and behavior. When loaded, pixels send information to external servers about:

• Whether an email was opened
• Whether an ad was clicked
• Conversion events (purchases, signups)
• Page visits and time spent
• Device information and browser details
• Cross-device tracking for advertising

Pixel Providers:

• Google Ads and Google Analytics
• Facebook/Meta pixel
• TikTok pixel
• Amazon Pixel
• LinkedIn insight tag
• Pinterest tag
• Third-party ad networks

8.3 Consent and Control

For GDPR Users (EEA, UK, Switzerland):

• Cookie consent banner appears on first visit
• Explicit consent required for non-essential cookies and pixels
• Consent preferences saved for future visits
• Easy opt-out or preference changes anytime
• Refusing consent does not prevent access to Services
• Different consent options available for cookie categories

For CCPA Users (California):

• Privacy policy clearly discloses use of cookies and pixels
• “Do Not Sell or Share My Personal Information” link available
• Opt-out request honored for third-party data sharing
• Global privacy control signals respected

For Other U.S. Users:

• Cookie policy disclosure available
• Opt-out mechanisms provided where required
• Advertising opt-out options available

Managing Your Cookies:

1. Browser Settings: Control cookies in browser preferences
2. Cookie Banner: Adjust consent preferences anytime
3. Account Settings: Manage tracking preferences
4. Opt-Out Tools: Use industry opt-out platforms
5. Device Settings: Enable “Limit Ad Tracking” (iOS) or “Opt out of Ads Personalization” (Android)

8.4 Third-Party Tracking

Third-party companies may place cookies or pixels on our Services to:

• Provide analytics and performance measurement
• Deliver targeted advertising
• Track conversions and user journeys
• Conduct market research and surveys
• Provide customer support and feedback tools

Third-Party Trackers Include:

• Google (Google Analytics, Google Ads, YouTube)
• Meta/Facebook (Facebook pixel, Instagram tracking)
• TikTok (TikTok pixel)
• Amazon (Amazon Pixel)
• Display advertising networks
• Email service providers
• Customer support platforms
• Survey and feedback tools

Third-Party Data Sharing:

• Pixels transmit your data to third parties
• Third-party data use governed by their privacy policies
• Third-party data sharing disclosed in our Privacy Policy
• You may opt-out by following third-party opt-out procedures

---

9. DATA SECURITY AND PROTECTION

Aiydyn implements comprehensive security measures to protect personal information from unauthorized access, disclosure, alteration, and destruction.

9.1 Security Measures

Encryption:

• HTTPS/TLS encryption for all data in transit
• SSL certificates for website security
• Encrypted storage for sensitive data
• End-to-end encryption for certain communications
• AES-256 encryption for stored payment data (outsourced to PCI-compliant processors)

Access Controls:

• Role-based access control (RBAC)
• Multi-factor authentication (MFA) for accounts
• Biometric authentication options
• Principle of least privilege for employee access
• Regular access audits
• Immediate revocation of access for terminated employees

Network Security:

• Firewalls and intrusion detection systems
• Web application firewalls (WAF)
• DDoS protection
• Regular vulnerability scanning
• Penetration testing
• Security monitoring 24/7

Data Protection:

• Data minimization principles
• Pseudonymization where appropriate
• Anonymization of analytics data
• Regular data backups
• Disaster recovery procedures
• Data recovery testing

Physical Security:

• Secure data centers with restricted access
• Video surveillance of facilities
• Environmental controls (temperature, humidity)
• Biometric access controls
• Security guards and staff training

9.2 Employee and Vendor Security

Employee Training:

• Privacy and security training for all employees
• Data handling best practices
• Recognition of phishing and social engineering
• Annual compliance training
• Specialized training for data processors

Background Checks:

• Background checks for employees with data access
• Ongoing monitoring for suitability
• Confidentiality agreements with all employees

Vendor Management:

• Data processing agreements with all vendors
• Vendor security assessments
• Regular compliance audits of vendors
• Restrictions on data subcontracting
• Vendor incident notification requirements

9.3 Data Breach Response

If a data breach occurs, Aiydyn will:

Immediate Actions:

• Investigate and contain the breach
• Notify law enforcement if required
• Secure affected systems
• Assess scope and impact

User Notification:

• Notify affected users without unreasonable delay
• Provide clear information about the breach
• Explain steps we’re taking to address the breach
• Offer free credit monitoring where appropriate
• Provide resources and support

Regulatory Notification:

• Notify relevant data protection authorities (DPA)
• Notification within 72 hours where required by GDPR
• Notification within legally required timeframes
• Provide regulators with breach details

Documentation and Transparency:

• Maintain breach incident records
• Document investigation findings
• Share details with affected individuals
• Communicate with affected sellers/buyers

9.4 Limitations on Security

No security system is completely impenetrable. While Aiydyn implements comprehensive security measures, we cannot guarantee absolute security. Your use of the Services is at your own risk. You are responsible for:

• Maintaining password confidentiality
• Using secure passwords and changing them regularly
• Enabling two-factor authentication
• Reporting suspicious activity
• Keeping devices and software updated
• Avoiding public WiFi for sensitive transactions

---

10. INTERNATIONAL DATA TRANSFERS

Aiydyn operates Services that may involve transferring personal information to countries outside your country of residence, including countries with different privacy laws.

10.1 Data Transfer Mechanisms

For Transfers from EEA/UK to Non-EEA Countries:

Standard Contractual Clauses (SCCs):

• Appropriate safeguards for data transfers
• Incorporated into service agreements
• Data importer bound by SCCs
• Supplementary safeguards implemented

Binding Corporate Rules (BCRs):

• Applicable for transfers between affiliated companies
• Prior approval from regulators
• Internal policies ensuring adequate protection

Adequacy Decisions:

• Transfers to countries with adequacy decisions
• EU-approved countries with adequate protection
• US under limited Data Privacy Framework (limited scope)

Derogations:

• Explicit user consent for transfers
• Contractual necessity for service provision
• Legitimate interests with safeguards
• Public interests

10.2 International Data Flows

Data Locations:

• Primary data center: [Specify location]
• Secondary/backup locations: [Specify locations]
• Data processing by vendors in multiple countries
• Payouts to sellers may involve transfers to seller’s country

Countries Receiving Data:

• United States (payment processors, analytics, cloud hosting)
• Canada (cloud hosting, customer support)
• European Union (affiliate operations)
• [Other countries as applicable]

Special Restrictions:

• No transfers to countries with inadequate data protection (unless with SCCs or other safeguards)
• No transfers to countries subject to U.S. sanctions restrictions (Cuba, North Korea, Iran, Syria)

10.3 Your Consent

By using the Services, you consent to:

• Transfer of your personal information internationally
• Processing in countries with different privacy laws
• Storage in countries outside your country of residence
• Subject to applicable legal safeguards

If you do not consent to international transfers, certain Services may not be available.

---

11. CHILDREN’S PRIVACY

Aiydyn does not knowingly collect personal information from children under 13 years of age.

11.1 Age Requirements

• Users under 13: Strictly prohibited from creating accounts
• Users 13-18: May use Services with parental consent (COPPA compliance)
• Users 18+: May use Services without restrictions (or 16+ in some EEA countries)
• All users must represent they meet age requirements

11.2 Parental Consent

Parents or legal guardians who permit minors to use the Services:

• Accept responsibility for the minor’s use
• Agree to be bound by this Privacy Policy
• Grant permission for data collection as described
• Acknowledge risks associated with online use
• Can request information about the minor’s account
• Can request closure of the minor’s account
• Can request deletion of the minor’s personal information

11.3 COPPA Compliance (U.S. Users)

For users under 13 in the United States:

• Parent/guardian explicit consent required for account creation
• Parental contact information collected for verification
• Limited data collection (only necessary for Services)
• No directed marketing to children
• Parental access rights to child’s information
• Parental deletion rights

11.4 Special Protections for Minors

For minors (13-17) using the Services:

• No targeting with behavioral advertising
• No profiling without parental consent
• Limited sale/sharing of personal information
• Accessible privacy tools and explanations
• Right to request deletion of content posted as minor
• Age-appropriate privacy controls

---

12. SELLER-SPECIFIC PRIVACY INFORMATION

12.1 Seller Data Handling

Data Collected from Sellers:

• Identity verification information
• Payment and tax information
• Business details and certifications
• Shop policies and product information
• Performance metrics and analytics
• Customer communications data

How Seller Data Is Used:

• Identity and seller eligibility verification
• Payment processing and payouts
• Tax reporting (Form 1099-K for certain thresholds)
• Compliance monitoring
• Fraud prevention
• Performance analytics and reporting
• Platform operation and improvement

Data Shared with Buyers:

• Shop name and location
• Business registration information
• Ratings and reviews
• Product descriptions
• Shop policies and contact information

Data Retained:

• Account information: 7 years after account closure
• Identification documents: 3-5 years
• Payment and tax records: 7 years
• Shop history: 7 years (for dispute resolution)

12.2 Verification and Compliance Data

Information Required:

• Government-issued identification
• Business verification documents
• Tax identification number
• Bank account information
• Business registration documents

Verification Processes:

• Identity verification using third-party providers
• Background checks (where legally permitted)
• Address verification
• Business legitimacy verification
• AML/KYC compliance checks

Data Retention:

• Verification documents: 3-5 years
• Verification results: 7 years
• Compliance records: 7 years

Data Deletion:

• Identification documents deleted after retention period
• Verification results retained for dispute resolution
• Tax records retained per legal requirements
• Information may be retained for legal claims

---

13. THIRD-PARTY SERVICES AND LINKS

13.1 Third-Party Websites and Services

The Services may contain links to third-party websites and services that are not operated by Aiydyn. This Privacy Policy does not apply to third-party sites, and we are not responsible for their privacy practices.

When you click a third-party link:

• You leave the Aiydyn Services
• Third-party privacy policy applies
• Aiydyn is not responsible for third-party data handling
• You should review third-party privacy policies
• Third-party data collection is their responsibility

Third-Party Integrations:

• Payment processors (Stripe, PayPal)
• Shipping providers (FedEx, UPS, USPS)
• Analytics providers (Google Analytics)
• Advertising networks (Google Ads, Facebook)
• Email providers (SendGrid, Mailchimp)
• Customer support platforms

13.2 Social Media Integration

If you link your Aiydyn account to social media accounts:

• Social media data may be imported to your account
• Profile information may be publicly visible
• Social sharing is your responsibility
• Data sharing governed by social platform policies

---

14. CALIFORNIA-SPECIFIC DISCLOSURES

14.1 CCPA/CPRA Disclosures

Personal Information We Collect (Last 12 Months):

Category	Examples	Purpose
Identifiers	Name, email, phone, address	Account creation, transactions, verification
Commercial Information	Purchase history, products viewed, returns	Transaction processing, recommendations
Biometric Information	Facial recognition, fingerprints	Identity verification (sellers only)
Internet Activity	Browsing history, IP address, cookies	Analytics, advertising, fraud prevention
Geolocation Data	City, state, GPS location (if enabled)	Shipping, localized services, analytics
Professional Information	Business name, tax ID, seller details	Seller verification, payout processing
Inferences	Interests, preferences, age group	Personalization, targeted advertising

Sources of Personal Information:

• Directly from you (forms, account creation)
• Automatically from your device and browsing
• From payment processors and shipping providers
• From advertising and analytics partners
• From public records and databases
• From other users (reviews, messages)

Business Purposes for Collection:

• Providing Services and customer support
• Processing transactions and payments
• Personalizing user experience
• Marketing and advertising
• Fraud prevention and security
• Compliance with legal obligations
• Business analytics and improvement

Do Not Sell or Share My Personal Information:

• Click “Do Not Sell or Share My Personal Information” link (footer)
• Submit privacy request through account settings
• Request through our Privacy Request Form
• Response timeline: 30-45 days
• No discrimination for exercising rights

Limit the Use of My Sensitive Personal Information:

• Available link in footer: “Limit Use of My Sensitive Personal Information”
• Restrict use to Services necessary provision and legal compliance
• No behavioral advertising with sensitive information
• 30-45 day response timeline

Data Retention:

• See Section 6 for detailed retention periods
• Different timelines for different data types
• Longer retention for legal compliance requirements
• Deletion available upon request (with exceptions)

14.2 Shine the Light (Civil Code §1798.83)

California residents may request information about third-party disclosure of personal information for direct marketing purposes once per calendar year.

To Request:

• Email: privacy@aiydyn.com
• Mail: Aiydyn Privacy Department, [Address]
• Include “California Privacy Request” in subject line
• Provide name and address

Response:

• Within 30 days
• Lists categories of information shared
• Lists third parties receiving information
• Information current as of last update (updated annually)

---

15. GDPR-SPECIFIC DISCLOSURES

15.1 Data Controller Information

Aiydyn Limited (or entity) acts as Data Controller for processing personal information under GDPR.

Contact Information:

• Aiydyn Privacy Department
• Email: privacy@aiydyn.com
• Address: [Your EU Address]
• Phone: [Your Phone Number]

EU Data Protection Officer:

• Name/Title: [DPO Name or external provider]
• Email: dpo@aiydyn.com
• Available for data subject inquiries

15.2 Legal Basis for Processing

See Section 4.1 for detailed legal bases under GDPR.

15.3 Data Subject Rights

See Section 7.1 for comprehensive data subject rights under GDPR.

15.4 Complaints to Supervisory Authority

If you believe Aiydyn violates GDPR, you have the right to lodge a complaint with your local data protection authority:

• Contact your national DPA
• Ireland: Data Protection Commission (DPC)
• Germany: State DPA in your Bundesland
• France: CNIL
• Spain: AEPD
• [Provide links to relevant DPAs]

---

16. NEVADA PRIVACY RIGHTS

Nevada residents have the right to request that Aiydyn not sell their personal information to third parties.

Do Not Sell My Personal Information (Nevada):

• Email: privacy@aiydyn.com
• Include “Nevada Privacy Request” in subject
• Request will be processed without discrimination
• Right applies to information sold for monetary consideration
• Some exceptions apply for business purposes

---

17. PRIVACY POLICY MODIFICATIONS

17.1 Updates to This Policy

Aiydyn may modify this Privacy Policy at any time. Changes become effective when posted to the Services unless otherwise specified.

Notification of Changes:

• Major changes: Email notification to registered email address
• Website notice announcing updates
• Updated version clearly marked with revision date
• Summary of changes provided when material

17.2 Your Consent to Changes

Your continued use of the Services following policy changes constitutes your acceptance of the revised Privacy Policy. If you disagree with changes, you must cease using the Services.

17.3 Version History

• Version 1.0: January 2026 – Initial publication

---

18. CONTACT US

If you have questions or concerns about this Privacy Policy, data practices, or wish to exercise your privacy rights:

Email:
privacy@aiydyn.com
(Response within 10 business days)

Mailing Address:
Aiydyn Privacy Department
[Your Business Address]
[City, State ZIP Code]

Privacy Request Form:
[Link to online privacy request form]

Customer Support:
support@aiydyn.com
(For non-privacy customer support inquiries)

Data Protection Officer (GDPR):
dpo@aiydyn.com
(For GDPR-specific inquiries and data subject rights)

Telephone:
[Your Phone Number]
(Available during business hours)

Response Commitment:

• Email inquiries: Response within 10 business days
• Privacy requests: Response within 30-45 days per applicable law
• Data subject inquiries: Response within 30 days (GDPR)
• Complaints escalation available if response unsatisfactory

---

19. ADDITIONAL INFORMATION

19.1 Links to Relevant Policies

This Privacy Policy should be reviewed in conjunction with:

• Terms and Conditions
• Cookie Policy
• Return and Refund Policy
• Seller Agreement
• Community Guidelines

19.2 Regulatory Compliance

Aiydyn complies with:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• California Privacy Rights Act (CPRA)
• California Online Privacy Protection Act (CalOPPA)
• Children’s Online Privacy Protection Act (COPPA)
• Virginia Consumer Data Protection Act (VCDPA)
• Colorado Privacy Act (CPA)
• Connecticut Data Privacy Act (CTDPA)
• Utah Consumer Privacy Act (UCPA)
• All applicable state and international privacy laws

19.3 Data Minimization

Aiydyn is committed to collecting only the personal information necessary for the identified purposes. We regularly review data collection practices to ensure minimization principles are followed.

---

ACKNOWLEDGMENT

By using Aiydyn, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

This Privacy Policy was last updated January 2026.