DRAFT — not legal advice. This document is a structural placeholder pending review by qualified legal counsel. Bracketed fields (e.g. [COMPANY_LEGAL_NAME]) must be completed and every clause verified before it is relied upon.

Privacy Policy

Last updated: [DRAFT — DATE PENDING]

This Privacy Policy explains how [COMPANY_LEGAL_NAME] (“Volotix”) collects, uses, discloses, and safeguards your personal data when you use our marketplace. It should be read together with our Terms of Service.

1. Data We Collect

Account data (name, email, phone), identity/KYC documents where required (e.g. [ID_DOCUMENT_TYPES]), booking and transaction data, messages between Guests and Hosts, device/usage data, and [OTHER_DATA_CATEGORIES].

2. How We Use Your Data

To provide and operate the Services, process bookings and payments, verify identity, prevent fraud, provide support, communicate with you, comply with legal obligations, and improve the platform, on the legal bases described in [LEGAL_BASES].

3. Payment Data

Payments are processed by third-party gateways ([SUPPORTED_GATEWAYS]). Volotix does not store full card numbers. Payment credentials are handled by the gateway under its own privacy terms ([GATEWAY_PRIVACY_LINKS]).

4. Identity Verification (KYC)

Identity documents are encrypted at rest and retained only as long as necessary for verification, fraud prevention, and legal obligations. Following account deletion, identity records are purged after [KYC_RETENTION_PERIOD]. See Data Retention below.

5. Sharing & Disclosure

We share data with Hosts/Guests as needed to complete a booking, with service providers (payment gateways, hosting, email/SMS, error monitoring) under contract, and with authorities where legally required, per [DISCLOSURE_TERMS]. We do not sell personal data.

6. Cookies & Tracking

We use cookies and similar technologies for authentication, security, and analytics as described in [COOKIE_POLICY].

7. Data Retention

We retain personal data for as long as your account is active and as required thereafter for legal, tax, and dispute-resolution purposes. Deleted accounts are anonymized and sensitive records purged on a schedule per [RETENTION_SCHEDULE].

8. Security

We apply technical and organizational measures including encryption of sensitive data, access controls, and monitoring. Details and any breach-notification commitments are in [SECURITY_TERMS].

9. Your Rights

Subject to [APPLICABLE_PRIVACY_LAW], you may have rights to access, correct, delete, or port your data, and to object to or restrict certain processing. Requests: [PRIVACY_CONTACT].

10. International Transfers

Where data is processed outside [HOME_JURISDICTION], we rely on [TRANSFER_SAFEGUARDS].

11. Children

The Services are not directed to individuals under [MIN_AGE], and we do not knowingly collect their data.

12. Changes to This Policy

We may update this Policy; material changes will be notified via [NOTICE_METHOD].

13. Contact

Privacy questions or requests: [PRIVACY_CONTACT]. Data controller: [DATA_CONTROLLER_DETAILS].