Privacy Policy
Last updated: 9 June 2026
1. Data controller
Mobilo, Mixail Petridi 63, 85100 Rhodes, Greece · mobiloshopapp@gmail.com
2. Data we collect
Email, full name, date of birth, optional phone, shipping address, IBAN (sellers only, stored by Stripe), listing photos, purchase history, in-app chat messages, IP, device type, and basic browsing analytics.
3. Identity verification via Stripe Identity
To perform commercial actions, we ask you to complete identity verification via Stripe Identity. Your ID document and selfie are processed directly by Stripe and are NOT stored on our servers. We receive only the status ("verified / not verified").
4. Legal basis (GDPR Art. 6)
Contract (6.1.b), legal obligations for tax/AML (6.1.c), legitimate interests in security and fraud prevention (6.1.f), and your consent for marketing and optional cookies (6.1.a).
5. Cookies & tracking
We use essential cookies (login, cart, anti-CSRF). Optional analytics cookies are enabled only with your consent via the cookie banner. We do not use third-party advertising cookies.
6. Processors & data transfers
We work with: Stripe (payments, KYC), Cloudflare R2 (listing photos), Resend (transactional emails), shipping carriers (ACS/ELTA where applicable), Anthropic/Google (AI assistant, no personal data shared). All operate within the EU/EEA or under valid Adequacy Decisions.
7. Data retention
Account data: as long as your account is active + 90-day grace period. Sales invoices: 5 years (tax law). Stripe Identity data: as required by Stripe for AML.
8. Your rights
Access, rectification, erasure, restriction, portability, objection, and consent withdrawal. Exercise rights via Profile → Export data or Delete account, or email mobiloshopapp@gmail.com. You can also lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr).
9. Children
The service is not intended for anyone under 18. We do not knowingly collect data from minors.
10. Security
All traffic is served over HTTPS with HSTS. Passwords are stored encrypted (bcrypt). Sensitive tokens and payment data are never retained on our servers. We offer biometric sign-in (WebAuthn) and rate-limiting on all sensitive endpoints.
© 2026 Mobilo · Μιχαήλ Πετρίδη 63, 85100 Ρόδος · mobiloshopapp@gmail.com