Auctorya

    RGPD & Politique de confidentialité

    Last updated: April 12, 2026

    Auctorya ("we," "us," "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the General Data Protection Regulation (GDPR) and applicable French data protection laws.

    1. Data Controller

    Auctorya SAS
    42 Rue de la Transparence, 75001 Paris, France
    Email: privacy@auctorya.com

    2. Data We Collect

    • Account data: name, email address, password (hashed), role (buyer/seller).
    • Profile data: display name, avatar, bio (optional).
    • Transaction data: purchase history, payment information (processed by our payment provider).
    • Content data: uploaded ebooks and associated metadata.
    • Usage data: pages visited, search queries, device information, IP address.

    3. How We Use Your Data

    • To provide and maintain the Auctorya marketplace.
    • To process purchases and manage seller payouts.
    • To compute and display AI transparency scores on ebooks.
    • To communicate with you about your account and transactions.
    • To improve our services through anonymized analytics.

    4. Legal Basis for Processing

    We process your data based on: (a) contractual necessity for providing marketplace services, (b) your consent for marketing communications, (c) legitimate interest for platform security and fraud prevention, and (d) legal obligations for tax and regulatory compliance.

    5. Cookie Policy

    Auctorya uses the following types of cookies:

    • Essential cookies: required for authentication and basic platform functionality.
    • Analytics cookies: help us understand how users interact with the platform (anonymized).
    • Preference cookies: remember your settings like language and display preferences.

    You can manage cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

    6. Your Rights (GDPR)

    Under the GDPR, you have the following rights:

    • Right of access: request a copy of your personal data.
    • Right to rectification: correct inaccurate personal data.
    • Right to erasure: request deletion of your personal data ("right to be forgotten").
    • Right to restriction: limit how we process your data.
    • Right to data portability: receive your data in a structured, machine-readable format.
    • Right to object: object to processing based on legitimate interest.
    • Right to withdraw consent: withdraw consent at any time for consent-based processing.

    Vous pouvez supprimer votre compte à tout moment depuis les paramètres de votre compte. Vos données personnelles seront effacées immédiatement, à l'exception des données de transactions conservées 10 ans conformément aux obligations légales françaises.

    7. Data Retention

    • Account data: retained for the duration of your account plus 3 years after deletion.
    • Transaction data: retained for 10 years as required by French commercial law.
    • Usage data: anonymized after 13 months.
    • Uploaded content: deleted within 30 days of account closure or content removal.

    8. Data Security

    We implement industry-standard security measures including encryption in transit (TLS), encrypted storage, access controls, and regular security audits to protect your data.

    9. International Transfers

    Your data is stored in EU data centers. If any data transfer outside the EU is necessary, we ensure appropriate safeguards are in place (Standard Contractual Clauses).

    10. Data Requests

    To exercise any of your rights, please contact our Data Protection Officer at privacy@auctorya.com. We will respond within 30 days as required by the GDPR.

    11. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the platform.