Privacy Policy

Last updated: 23 June 2026

This policy explains what personal data is collected on Dentaire MarketPlace (https://dentairemarketplace.com), why, on what basis, how long it is kept, and what your rights are. It complies with Regulation (EU) 2016/679 (GDPR).

1. Data controller

The data controller is the publisher of Dentaire MarketPlace, a natural person publishing the site on a non-professional basis (see the Legal Notice).

Contact for any data-related question: dentairemarketplace@gmail.com

2. Data collected and purposes

Depending on your use, the following data is processed:

Email address (required) — account creation and security, login, account-related emails. Basis: performance of the service.
Password (hashed, never in clear text) — authentication. Basis: performance of the service.
Name or alias (optional) — public display on the profile and listings. Basis: consent / legitimate interest.
Profile picture (optional) — profile personalization. Basis: consent.
University, year of study, student status (optional) — to contextualize listings. Basis: consent.
Phone, bio (optional) — connecting members. Basis: consent.
Listings (title, description, price, photos, university) — marketplace display. Basis: performance of the service.
Technical data (IP address, logs, connection data) — security, abuse prevention, proper operation. Basis: legitimate interest.

The "optional" fields are not required to use the basic service and are left to your choice (data minimization).

Photos: if you post photos, remember to remove any visible personal information. Image metadata (EXIF) may be stripped by the platform on upload.

3. Data visibility

A member's name/alias, avatar, university and listings are public.
Email and phone are not displayed publicly; they are only accessible when connecting logged-in members.

4. Content moderation (transfer outside the EU)

To prevent the publication of illegal content, listing texts may be analyzed automatically by a moderation service provided by OpenAI (United States), in addition to human moderation.

Purpose: detection of prohibited content (article 7 of the Terms).
Data transmitted: the listing text (not your contact details).
Transfer outside the EU: this processing involves a transfer to the United States, governed by standard contractual clauses and/or the Data Privacy Framework.

5. Processors and hosting

Your data is processed by the following providers, bound by a data processing agreement (DPA):

Supabase — database, authentication, image storage. Location: European Union (Ireland).
Vercel — website hosting. Location: United States.
OpenAI — automatic moderation of listings. Location: United States.
Cloudflare (Turnstile) — anti-bot protection at sign-up. Location: United States.

Most of your data (accounts, listings, images) is hosted in the European Union. Transfers to the United States are governed by the safeguards provided for by the GDPR (standard contractual clauses / Data Privacy Framework).

6. Retention periods

Account and profile: kept while the account is active. Deleted when the account is deleted.
Listings: kept while published, then according to your choice (archive / delete).
Technical logs: limited duration, for security purposes.

7. Your rights

In accordance with the GDPR, you have the following rights:

Access to your data;
Rectification (editable directly from your profile);
Erasure ("right to be forgotten") — account deletion is available directly in your account area and erases your data;
Portability of your data;
Objection and restriction of processing;
Withdrawal of consent at any time for optional data.

To exercise these rights: dentairemarketplace@gmail.com. You may also lodge a complaint with your data protection authority (CNIL in France, AEPD in Spain, CNPD in Portugal).

8. Cookies

Dentaire MarketPlace uses only strictly necessary cookies (login session, security). These cookies are exempt from consent. No advertising or third-party analytics cookies are set to date. If an analytics tool were added, a consent banner would be implemented.

9. Minimum age

The service is reserved for people aged 18 or over. No data is knowingly collected from minors.

10. Security

Technical and organizational measures are in place to protect your data (hashed passwords, restricted access, EU hosting, anti-bot protection). In the event of a data breach posing a risk, the persons concerned and the competent authority will be informed in accordance with the GDPR.

11. Changes

This policy may be updated. The last-updated date appears at the top of the document.

2. Data collected and purposes

Depending on your use, the following data is processed:

Email address (required) — account creation and security, login, account-related emails. Basis: performance of the service.

Password (hashed, never in clear text) — authentication. Basis: performance of the service.

Name or alias (optional) — public display on the profile and listings. Basis: consent / legitimate interest.

Profile picture (optional) — profile personalization. Basis: consent.

University, year of study, student status (optional) — to contextualize listings. Basis: consent.

Phone, bio (optional) — connecting members. Basis: consent.

Listings (title, description, price, photos, university) — marketplace display. Basis: performance of the service.

Technical data (IP address, logs, connection data) — security, abuse prevention, proper operation. Basis: legitimate interest.

The "optional" fields are not required to use the basic service and are left to your choice (data minimization).

Photos: if you post photos, remember to remove any visible personal information. Image metadata (EXIF) may be stripped by the platform on upload.

4. Content moderation (transfer outside the EU)

To prevent the publication of illegal content, listing texts may be analyzed automatically by a moderation service provided by OpenAI (United States), in addition to human moderation.

Purpose: detection of prohibited content (article 7 of the Terms).

Data transmitted: the listing text (not your contact details).

Transfer outside the EU: this processing involves a transfer to the United States, governed by standard contractual clauses and/or the Data Privacy Framework.

5. Processors and hosting

Your data is processed by the following providers, bound by a data processing agreement (DPA):

Supabase — database, authentication, image storage. Location: European Union (Ireland).

Vercel — website hosting. Location: United States.

OpenAI — automatic moderation of listings. Location: United States.

Cloudflare (Turnstile) — anti-bot protection at sign-up. Location: United States.

7. Your rights

In accordance with the GDPR, you have the following rights:

Access to your data;

Rectification (editable directly from your profile);

Erasure ("right to be forgotten") — account deletion is available directly in your account area and erases your data;

Portability of your data;

Objection and restriction of processing;

Withdrawal of consent at any time for optional data.

To exercise these rights: dentairemarketplace@gmail.com. You may also lodge a complaint with your data protection authority (CNIL in France, AEPD in Spain, CNPD in Portugal).