Privacy Policy

Data controller and contact

Eliot lite SARL is the controller responsible for the processing described in this policy. If you have questions or want to exercise your rights, contact us at hello@project-e5.com or by mail at Eliot lite SARL, Privacy Office, CS 20015, 254 Rue de Vendôme, 69003 Lyon, France.

Information we collect

Depending on your relationship with us we may process the following categories of data:

• Account identifiers: names, business contact details, email addresses, and Supabase user IDs created when you register or are invited to the platform.
• Role information: assignment history for Agents and Store Partners, payout preferences, and audit logs that record when accounts are activated, suspended, or updated.
• Identity and verification data: date of birth or age confirmation, country of residence, identity document details, issuing country, document images, selfie or liveness images, verification status, rejection reasons, and records showing when consent was given for onboarding checks.
• Payout information: payout account or bank account details provided in account settings, payout preferences, payment status, and finance notes needed to administer approved payouts in USD.
• Transactional records: sales, payouts, and commission adjustments submitted by finance or operations teams as part of marketplace participation.
• Support interactions: messages you send to our support or compliance teams, including follow-up notes that document the status of your request.
• Usage data: technical logs captured automatically when you access the platform (such as IP address, device details, browser type, time stamps, and error diagnostics). We use this data to monitor performance, detect suspicious activity, and improve security.

For identity verification, we may process identity documents, selfie or verification images, date of birth, address data, payout details, and compliance review notes. These are used only for onboarding, marketplace compliance, fraud prevention, payout administration, support, dispute handling, and legal obligations.

Why we use your data

We process personal data for the following purposes:

• to create and administer accounts for Agents, Store Partners, finance, and admin staff;
• to check eligibility, verify identity, review documents and selfies, and prevent duplicate or fraudulent onboarding;
• to operate the marketplace, manage commissions, and calculate payouts;
• to store payout information, administer approved payouts in USD, and resolve payout support requests;
• to secure access, monitor suspicious logins, and enforce role-based permissions;
• to respond to support requests and document regulatory obligations;
• to send essential service communications, policy updates, and incident notifications;
• to comply with legal obligations such as bookkeeping, tax reporting, and court orders.

Our legal bases include performance of a contract, compliance with legal obligations, and legitimate interests in maintaining a secure, reliable platform. We only rely on consent for optional communications that you can opt out of at any time.

Security and storage

Access to personal data is restricted by role-based permissions enforced through Supabase row-level security policies and server-side session validation. Sensitive credentials are encrypted and only decrypted when strictly necessary. Identity documents, selfie images, and related verification files are stored in restricted private storage buckets and are accessible only to authorised compliance, operations, and admin staff who need access for onboarding, fraud prevention, payout review, support, or legal obligations. We store data in the European Union and apply industry-standard safeguards such as TLS encryption in transit, hashed passwords, audit logging, and regular access reviews.

We retain data only for as long as necessary to deliver the service, meet contractual obligations, or comply with legal retention periods. Identity verification files for rejected, withdrawn, or incomplete applications are deleted or anonymised when they are no longer needed, normally within 12 months, unless security, fraud prevention, dispute handling, or legal obligations require a longer period. When data is no longer required it is securely deleted or anonymised.

Sharing and international transfers

We do not sell personal data. We share information with trusted processors that help us run the platform (cloud hosting, private file storage, email delivery, analytics limited to operational metrics, customer support tooling, identity verification, payout administration, banking, and fraud prevention). Each processor is bound by a data processing agreement and only receives the minimum data required. When data is transferred outside the European Union, we use safeguards such as the EU Standard Contractual Clauses or rely on adequacy decisions.

Your rights

You have the right to access, correct, delete, and restrict the processing of your personal data, as well as the right to data portability and to object to processing based on legitimate interests. If you gave consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

Submit your request by emailing hello@project-e5.com. We will respond within one month and may request additional information to verify your identity before fulfilling sensitive requests.

Opt-out instructions

Updates to this policy

We may update this privacy policy to reflect changes in our services or legal obligations. Significant updates will be announced through the platform or by email. The revision date at the top of this page indicates the latest version.