Privacy Policy

Connecto ("we", "us", or "our") operates connecto.website. This Privacy Policy explains how we collect, use, and protect your personal information when you use our platform.

1. Information We Collect

• Account information: name, email address, and password (stored as a bcrypt hash) when you register.
• Google OAuth data: your name, email, and profile picture if you sign in with Google.
• Transaction data: purchase history, product listings, and order details.
• Uploaded files: product files, images, and chat attachments you upload to the platform.
• Usage data: IP address, browser type, pages visited, and session data for security and analytics.

2. How We Use Your Information

• To provide and operate the Connecto marketplace.
• To process payments securely via Stripe (we never store your card details).
• To send password reset emails and important account notifications.
• To protect against fraud, abuse, and unauthorized access.
• To improve our platform based on usage patterns.

3. Payment Processing

All payment processing is handled by Stripe. Connecto never receives, stores, or processes your raw credit card or bank details. Stripe's Privacy Policy is available at stripe.com/privacy.

4. Cookies

We use essential session cookies to keep you logged in and to protect against CSRF attacks. We do not use advertising cookies or third-party tracking cookies. By using this site, you consent to the use of these essential cookies.

5. Data Sharing

We do not sell your personal data. We share data only with:

• Stripe — for payment processing.
• Google — when you choose to sign in with Google.
• Hostinger — our hosting provider who stores data on our behalf.
• Law enforcement — when required by law or to protect user safety.

6. Data Retention

Account data is retained for as long as your account is active. You may request deletion of your account and associated data by contacting us. Transaction records may be retained for up to 7 years for legal and accounting purposes.

7. Your Rights (GDPR / DPDPA)

If you are in the EU or India, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and data.
• Object to processing of your data.
• Data portability — receive your data in a machine-readable format.

To exercise these rights, contact us at the email below.

8. Security

We use HTTPS encryption, bcrypt password hashing, CSRF protection, and session security best practices to protect your data. However, no system is 100% secure and we cannot guarantee absolute security.

9. Children

Connecto is not directed at children under 13. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or a notice on the platform.

11. Contact

For privacy-related questions or requests, contact us at: support@connecto.website