Privacy Policy

for Nozhove.com and Mobile Applications
Effective Date: January 13, 2025

This Privacy Policy explains how Nozhove.com (“we”, “our”, “us”) collects and processes your personal data in accordance with the General Data Protection Regulation (GDPR) and the applicable laws of the European Union and the Republic of Cyprus.

1. Data Controller

The data controller responsible for your personal data is:

Nozhove.com
Email: kasapskinozhove@gmail.com

2. Personal Data We Collect

2.1 Mandatory Information

When you create an account, we require the following data:

• Email address (used for login, security notifications and account-related communication).

2.2 Optional Information

You may choose to provide additional data within your profile and settings, including:

• Phone number;
• Contact or messenger usernames (for example, Telegram, WhatsApp, Viber, etc.);
• City of residence;
• Postal address (for marketplace or logistics purposes);
• Profile information such as display name, avatar/profile picture, bio or description.

2.3 Data from Third-Party Login Providers (OAuth)

If you choose to register or sign in using external providers, we receive limited data from them:

Google

• Email address;
• Name;
• Profile photo;
• Google user ID.

Telegram

• Telegram user ID;
• Name/username;
• Profile photo (if available).

We may also support other OAuth providers in the future, in which case we will only receive the minimum data required for authentication and account creation.

We do not receive full access to your external accounts (Google, Telegram, etc.).

2.4 Technical and Usage Data

When you use Nozhove.com or its mobile applications, we automatically collect certain technical data, such as:

• IP address;
• Browser type and version, operating system, device identifiers;
• Basic log information (pages visited, actions within the platform);
• Error and crash logs (which may be processed through external error tracking services, if enabled);
• Cookie identifiers (see Section 6).

3. Purposes and Legal Basis of Processing

We process your personal data for the following purposes and under the following legal bases:

• Account registration and authentication (including login via email or third-party providers)
  Legal basis: Art. 6(1)(b) GDPR – performance of a contract.
• Providing platform services (marketplace, internal messenger, wishlists, CRM and related tools within the ecosystem)
  Legal basis: Art. 6(1)(b) GDPR – performance of a contract.
• Processing crypto payments via CryptoCloud (for paid features and tools)
  Legal basis: Art. 6(1)(b) GDPR – performance of a contract.
• Improving and securing the Services (analytics based on aggregated data, detection and prevention of abuse, error monitoring)
  Legal basis: Art. 6(1)(f) GDPR – our legitimate interest in maintaining and improving the platform.
• Communication with users (support, notifications about important changes, security alerts)
  Legal basis: Art. 6(1)(b) and/or (f) GDPR.
• Compliance with legal obligations (record-keeping where required by law)
  Legal basis: Art. 6(1)(c) GDPR – compliance with legal obligations.

4. Payments and Third-Party Processors

We do not directly process or store cryptocurrency payment details such as private keys, seed phrases, or custodial balances. All crypto payments for paid features are processed via a third-party cryptocurrency payment processor:

CryptoCloud (cryptocurrency payment gateway).

In order to process a payment, we may share with CryptoCloud:

• Order or invoice ID;
• Payment amount and currency (e.g., USDT TRC-20);
• Payment status and technical metadata (for example, transaction hash);
• Basic technical information necessary to complete and verify the transaction.

CryptoCloud processes this data in accordance with its own terms and privacy policy. We recommend that you review CryptoCloud’s documentation when making a payment.

5. Use of Third-Party Login Providers

If you choose to sign in via providers such as Google or Telegram:

• You authorize these providers to share certain data with us (see Section 2.3).
• We use this data only to create and authenticate your account on Nozhove.com.
• Authentication exchanges may involve transfers of data outside the EU (e.g., to the United States, where Google is based, or other jurisdictions where Telegram servers operate).

Such transfers rely on the applicable safeguards under the GDPR and the legal frameworks of the respective providers.

6. Cookies and Similar Technologies

Nozhove.com uses only strictly necessary and functional cookies that are required for the operation of the platform. These include, for example:

• Session cookies – to maintain your login session after authentication;
• Security cookies – to protect against fraud, unauthorized access and abuse;
• Preference cookies – to remember non-essential interface preferences (such as chosen language or basic UI settings).

We do not use:

• advertising or marketing cookies;
• third-party tracking cookies for behavioral profiling;
• analytics cookies that require prior consent (such as typical advertising or remarketing tools).

Because we only use cookies that are strictly necessary for the provision of the Services, user consent for cookies is not required under the EU ePrivacy rules and GDPR. You may still configure your browser to block cookies, but some features of the platform may not function correctly without them.

7. Sharing of Personal Data

We do not sell or rent your personal data.

We may share your data with:

• Service providers that host our infrastructure, store data, or provide technical services (for example, hosting providers, email delivery services, error tracking systems);
• Payment processor (CryptoCloud) – in order to process cryptocurrency payments as described above;
• Authentication providers (Google, Telegram, etc.) – in the context of login and account linking;
• Public authorities or law enforcement, where required by applicable law or in response to valid legal requests.

All third-party processors are engaged under appropriate data protection agreements where required by law.

8. International Data Transfers

Some service providers or systems we use may be located outside the European Economic Area (EEA). When your personal data is transferred outside the EEA, we take steps to ensure an adequate level of protection, for example by relying on:

• adequacy decisions of the European Commission;
• standard contractual clauses approved by the European Commission;
• other appropriate safeguards allowed by the GDPR.

9. Data Retention

We retain your personal data only for as long as necessary for the purposes described in this Policy or as required by law:

• Account data is stored for as long as your account remains active;
• Technical logs (such as access logs, error logs) are typically retained for a limited period (for example, 30–180 days), unless a longer retention period is required for security or legal reasons;
• After you request account deletion, we delete or anonymize your personal data within a reasonable period (typically up to 30 days), unless we are required to keep certain information longer for legal, security or anti-abuse reasons.

10. Your Rights Under GDPR

As a data subject, you have the following rights, subject to certain legal conditions:

• Right of access – to obtain confirmation as to whether we process your personal data and, if so, access to that data;
• Right to rectification – to correct inaccurate or incomplete personal data;
• Right to erasure (“right to be forgotten”) – to request deletion of your personal data, where applicable;
• Right to restriction of processing – to limit processing under certain circumstances;
• Right to data portability – to receive the personal data you provided in a structured, commonly used and machine-readable format, and to transmit that data to another controller where technically feasible;
• Right to object – to object to processing based on our legitimate interests;
• Right to withdraw consent – where processing is based on consent (for example, optional profile data).

You also have the right to lodge a complaint with your local data protection authority. For Cyprus, this is the Office of the Commissioner for Personal Data Protection.

To exercise your rights or to submit any privacy-related request, please contact us at: kasapskinozhove@gmail.com

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

12. Third-Party Websites and Links

The platform may contain links to external websites or services that are not operated by us. We are not responsible for the privacy practices of these third-party websites. We recommend that you review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, or how we process personal data. The updated version will be published on this page with an updated “Effective Date”. Continued use of the Services after any changes means that you accept the updated Policy.

14. Contact

If you have any questions about this Privacy Policy or how we process your personal data, please contact us at:
kasapskinozhove@gmail.com

Last updated: January 13, 2025