Depozza
Legal

Privacy Policy

We collect only what we need to run a safe marketplace, and we never sell your data.

Last updated · June 2026GDPR · EU-hosted

Trust is the product. This page explains exactly what data Depozza collects, why we collect it, who can see it and how you stay in control.

Minimal by design

We ask for the least amount of personal data possible — and delete it when it's no longer needed.

Never sold

No ad networks, no data brokers. Your details power your bookings, nothing else.

Hosted in the EU

Data is encrypted at rest and in transit, on infrastructure operated within the European Union.

What we collect

Account details, identity verification status, listings, messages and booking and payment records.

  • Identity: legal name, date of birth and a redacted ID scan for KYC.
  • Contact: email, phone (optional) and preferred language.
  • Activity: listings, bookings, messages, reviews and access logs.

How we use it

To operate the marketplace, verify users, process payments and insurance, prevent fraud and provide support.

  • Operate bookings, payouts and the conversation between host and renter.
  • Verify identity, prevent fraud and meet EU obligations (DAC7, AML).
  • Improve product reliability and answer your support requests.

Sharing

We share data only with the partners needed to deliver the service — payment, identity and insurance providers — under strict agreements.

  • Payment partner: Stripe (PCI-DSS Level 1).
  • Identity & insurance partners bound by data processing agreements.
  • Authorities only when legally compelled — published in our yearly transparency report.

Your rights

You can access, correct or delete your data and export it at any time, in line with GDPR.

  • Export a copy of your data from Settings → Privacy.
  • Correct or update any field at any time.
  • Request deletion — we erase within 30 days, except records we must keep by law.

How long we keep it

Active accounts: while you keep using Depozza. Closed accounts: 90 days, then anonymised. Tax and payment records: 10 years (EU obligation).

Cookies & analytics

Essential cookies only by default — for sign-in and security. We run privacy-friendly, cookie-free analytics (Plausible). Marketing cookies stay off until you opt in.

Security

TLS 1.3 in transit, AES-256 at rest, scoped access, audit logs and quarterly penetration tests. Spotted an issue? Email security@depozza.eu — we respond within 24h.

International transfers

Your data lives in the EU. Where a sub-processor sits outside (e.g. Stripe US), we rely on Standard Contractual Clauses and the EU–US Data Privacy Framework.

Talk to a human

Data Protection Officer
privacy@depozza.eu
General enquiries
hello@depozza.eu
By post

Depozza S.A., 12 Boulevard Royal, L-2449 Luxembourg

This is a simplified summary for the demo and is not legal advice.