TopV · Marketplace

Privacy Policy

Last updated: April 2026

1. Data Controller

The data controller is Debuskia SASU, RCS Paris 988 455 572, 60 rue François 1er, 75008 Paris. Contact: [email protected].

2. Data Collected on the Marketplace

  • Discord identity (ID, username, avatar) upon OAuth login.
  • Declarative data entered by creators (store name, Tebex slug, description, services).
  • Published reviews (rating, title, content, date) — publicly visible.
  • Anonymised technical data: hashed IP address and hashed user agent, retained for fraud detection purposes.
  • Cookies: a session identifier (NextAuth) and an affiliate click tracking cookie ("reviewToken") limited to 90 days.
  • Server logs (requests, errors) retained for 90 days.

3. Purposes and Legal Basis

  • Service provision (profile creation, review publication) — basis: contract performance.
  • Fraud prevention (detection of fake reviews, duplicates, evasion) — basis: legitimate interest.
  • Audience and editorial performance measurement — basis: legitimate interest, aggregated data.
  • Email notifications (moderation, new message) — basis: legitimate interest, unsubscribe possible at any time.

4. Processors and Recipients

  • OVH SAS (France) — VPS hosting
  • Cloudflare Inc. — CDN, anti-DDoS, Turnstile anti-bot
  • Discord Inc. — OAuth, notifications via webhooks
  • OpenAI L.L.C. / Anthropic PBC — AI classification of product descriptions (text only, anonymised)
  • Resend Inc. — transactional email delivery
  • Sentry Inc. — error monitoring
  • Tebex (Overwolf Ltd.) — product listing via public Headless API (read-only)

5. Transfers Outside the EU

Some processors (Cloudflare, OpenAI, Anthropic, Resend, Sentry, Discord) are located outside the EU. Transfers are framed by the European Commission's standard contractual clauses and, where applicable, by the EU-US Data Privacy Framework.

6. Retention Periods

  • User account: as long as the account is active, deleted on request within 30 days.
  • Published reviews: retained as long as the product exists or until the user requests their removal.
  • IP / user-agent hashes: 12 months maximum.
  • reviewToken cookie: 90 days.
  • Server logs: 90 days.

7. Your Rights

Pursuant to the GDPR and the French Data Protection Act, you have the following rights:

  • Access, rectification, erasure
  • Restriction and objection to processing
  • Data portability
  • Setting post-mortem instructions
  • Lodging a complaint with the CNIL (www.cnil.fr)

To exercise these rights: [email protected]. A response will be provided within one month.

8. Security

TopV implements appropriate technical and organisational measures: TLS 1.3 encryption, hashing of technical identifiers (IP, UA), granular permissions management, admin action logging, encrypted daily backups.

9. Cookies

Only strictly necessary cookies (session, anti-CSRF, affiliate reviewToken) are set without explicit consent. No advertising or profiling cookies are used on the Marketplace.

10. Updates

This policy may evolve. The last-updated date appears at the top of the page. Any substantial change will be notified by email or via the dashboard.