Privacy Policy
Last updated: April 5, 2026 · Version 1.0
1. Who We Are
Reliq (“we,” “us,” or “Company”) operates the digital asset marketplace at reliq.cloud. We are the data controller for the personal data described in this policy.
2. Data We Collect
2.1 Account Information
When you register, we collect your email address and, if you sign up via GitHub OAuth, your GitHub username, display name, and avatar URL. If you complete identity verification, we facilitate collection of government-issued ID through our partner Persona — Reliq does not store identity documents directly.
2.2 Profile Data
You may optionally provide your full name, bio, LinkedIn URL, Twitter handle, and website. Seller profiles include listing history and seller ratings.
2.3 Listing Data
When creating a listing, we collect asset details including title, description, tech stack, metrics, pricing, and connected service data (GitHub repository metadata, analytics). Code repositories are accessed read-only through GitHub OAuth and are not stored on our servers.
2.4 Transaction Data
We record transaction status, offer amounts, escrow references, transfer checklists, dispute documentation, and communication between parties. Financial transactions are processed by Escrow.com and Stripe — we do not store payment card information.
2.5 Usage Data
We collect analytics events (page views, listing views, search queries) to improve the Platform. We use Sentry for error tracking, which may capture technical data such as browser type, IP address, and stack traces.
2.6 Cookies
We use essential cookies for authentication and session management. Analytics cookies are only set with your explicit consent. You can manage cookie preferences at any time.
3. Why We Process Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Account creation and authentication | Contract performance |
| Listing creation and marketplace operation | Contract performance |
| Transaction processing and escrow facilitation | Contract performance |
| Due diligence report generation | Contract performance |
| Identity verification (KYC) | Legal obligation / Legitimate interest |
| Email notifications and communication | Legitimate interest (opt-out available) |
| Platform improvement and analytics | Consent |
| Fraud prevention and security | Legitimate interest |
4. Where Your Data Is Stored
Your data is stored in Supabase (PostgreSQL) with hosting in the EU (Frankfurt region) for European users. Application hosting is on Vercel (global edge network). All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
Our sub-processors include: Supabase (database), Vercel (hosting), Escrow.com (transactions), Stripe (subscriptions), Persona (KYC), Sentry (error tracking), and Betterstack (logging). Data Processing Agreements are in place with all sub-processors.
5. Data Retention
- Account data: Retained while your account is active, plus 30 days after deletion request
- Transaction records: Retained for 7 years after transaction completion (legal/financial compliance)
- Due diligence reports: Expire 90 days after generation; archived for 7 years
- Analytics events: Aggregated after 12 months; raw data deleted after 24 months
- Audit logs: Append-only, retained indefinitely for legal compliance
6. Your Rights (GDPR / EEA Users)
Under the General Data Protection Regulation, you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your data (“right to be forgotten”), subject to legal retention requirements
- Portability — receive your data in a machine-readable format
- Restriction — limit processing in certain circumstances
- Objection — object to processing based on legitimate interest
- Withdraw consent — for consent-based processing (e.g., analytics)
To exercise any right, email privacy@reliq.cloud. We will respond within 30 days. If we cannot comply, we will explain why.
7. Asset Transfers Involving User Data
If a digital asset listed on Reliq includes user data (e.g., registered users of a SaaS product), the seller must warrant that such data was lawfully collected, disclose its presence in the listing, and provide documentation of consent. The buyer assumes data controller obligations upon transfer. Reliq facilitates the transfer but is not a data controller for end-user data contained within listed assets.
8. International Data Transfers
When data is transferred outside the EU/EEA, we rely on Standard Contractual Clauses (SCCs) or adequacy decisions. For US-based sub-processors, we verify participation in the EU-US Data Privacy Framework where applicable.
9. Security
We implement industry-standard security measures including: encrypted storage, row-level security (RLS) on all database tables, HMAC-signed webhooks, encrypted OAuth tokens, rate limiting, and regular security audits. Despite these measures, no system is 100% secure.
10. Children
The Platform is not directed at individuals under 18. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, contact us at privacy@reliq.cloud.
11. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via email at least 30 days before taking effect. The “Last updated” date at the top reflects the current version.
12. Contact
Data protection inquiries: privacy@reliq.cloud
If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.