Privacy Policy

Effective Date: January 1, 2025
Controller: Kopkap (Sole Proprietorship registered in the Netherlands)

1. WHO WE ARE

Kopkap is a Dutch-registered sole proprietorship operating a digital marketplace for responsible rehoming and the ownership transfer of companion animals.

Kopkap acts as the Data Controller under the General Data Protection Regulation (GDPR).

Contact: support@kopkap.com

2. WHAT DATA WE COLLECT

2.1 Account Information

Full name
Email address
Phone number
Date of birth (age verification 18+)
Profile information

2.2 Identity & Verification Data

When required for payments:

Identity verification data processed via Stripe
Facial recognition / biometric verification handled exclusively by Stripe's certified identity providers
Government-issued ID documents
Business registration documents (for professional users)

2.3 Payment & Transaction Data

Payment method details (stored by Stripe, not by Kopkap)
Transaction history
Bank account details for payouts

2.4 Listing & Animal Information

Animal details, photos, and videos
Location data (city/region only)
Pricing and description

2.5 Communication Data

Messages exchanged via the platform
Chat logs (Firebase Realtime Database)
Support correspondence

2.6 Device & Usage Data

IP address
Device type and operating system
Browser type and version
App usage analytics
Firebase Analytics and Crashlytics data

3. HOW WE USE YOUR DATA

We process personal data for the following purposes:

3.1 Contract Performance

Account creation and authentication
Processing listings and transactions
Facilitating secure communication between users
Payment processing via Stripe

3.2 Legal Compliance

Age verification (18+ requirement)
Identity verification (KYC/AML via Stripe)
Fraud prevention
Tax compliance (VAT for business users)
Retention of financial records (7 years under Dutch law)

3.3 Legitimate Interest

Platform security and abuse detection
AI-based content moderation
Analytics and performance improvement
Customer support

3.4 Consent (Where Applicable)

Marketing communications (opt-in)
Push notifications (opt-in)
Non-essential cookies

4. DATA SHARING & THIRD PARTIES

We may share data with:

4.1 Service Providers

Stripe: Payment processing, identity verification (biometric data handled exclusively by Stripe)
Firebase (Google): Real-time chat, push notifications, analytics
AWS S3 / CloudFront: Media storage and CDN
Agora.io: Live streaming functionality
Pusher: Real-time messaging infrastructure

4.2 Other Users

Your public profile information (name, rating, listings) is visible to other users.

4.3 Legal Authorities

We may disclose data when required by law or to protect legal rights.

5. DATA RETENTION

Account data: Retained while account is active + 30 days after deletion
Financial records: 7 years (Dutch legal requirement)
Chat logs: Retained while account is active
Identity verification data: Managed by Stripe under their retention policy
Anonymized analytics: Indefinite retention for statistical purposes

6. YOUR RIGHTS (GDPR)

Under GDPR, you have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate data
Erasure: Request deletion (subject to legal retention requirements)
Restriction: Limit processing in certain circumstances
Portability: Receive your data in machine-readable format
Object: Object to processing based on legitimate interest
Withdraw consent: For marketing or optional features

To exercise your rights, contact: support@kopkap.com

7. INTERNATIONAL DATA TRANSFERS

Your data may be processed outside the European Economic Area (EEA) by our service providers:

United States: Stripe, Firebase, AWS (Standard Contractual Clauses apply)
Singapore: Agora.io (adequacy decision or SCCs)

We ensure appropriate safeguards are in place.

8. SECURITY

We implement technical and organizational measures including:

Encryption in transit (HTTPS/TLS)
Encryption at rest (database and file storage)
Access controls and authentication
Regular security audits

9. CHILDREN'S PRIVACY

The platform is restricted to users aged 18 and above. We do not knowingly collect data from minors.

10. ARTIFICIAL INTELLIGENCE

Kopkap may use AI technologies to:

Detect fraudulent or prohibited content
Improve search relevance
Generate listing descriptions (user-approved)
Provide automated customer support

Users retain responsibility for verifying AI-generated information.

11. COOKIES

We use cookies for essential functionality, analytics, and user preferences.

See our separate Cookie Policy for details.

12. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Significant changes will be communicated via email or in-app notification.

13. CONTACT & COMPLAINTS

Email: support@kopkap.com

Legal inquiries: legal@kopkap.com

Data Protection Officer: compliance@kopkap.com

Supervisory Authority:
You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):
https://autoriteitpersoonsgegevens.nl