VoloMarket

Privacy Policy

Last updated: April 21, 2026

1. Who We Are

VoloMarket (“we”, “us”, “our”) operates the volomarket.net General Aviation marketplace. This policy explains how we handle personal data collected through the platform. For questions, contact privacy@volomarket.net.

2. Data We Collect

  • Account data: email address, full name, and optional avatar photo provided during registration.
  • Profile data: pilot licence number (optional, for Verified Pilot badge), bio, and contact preferences.
  • Listing data: photos, descriptions, prices, and location data you enter for your listings.
  • Message data: the content of messages exchanged between buyers and sellers on the platform.
  • Usage data: pages visited, search queries, and interaction events (e.g. listing views, saves) collected via server logs and first-party analytics.
  • Device data: IP address, browser type, and operating system, collected automatically when you access the Service.

3. How We Use Your Data

  • To create and manage your account.
  • To display your listings to other users.
  • To facilitate messaging between buyers and sellers.
  • To send transactional emails (password reset, listing alerts).
  • To detect and prevent fraud and abuse.
  • To improve platform performance through aggregated analytics.
  • To comply with legal obligations.

We do not sell your personal data to third parties. We do not use your data for targeted advertising.

4. Legal Basis (GDPR)

We process your data under the following legal bases as defined by the EU General Data Protection Regulation (GDPR 2016/679):

  • Contract performance — to provide the platform services you signed up for.
  • Legitimate interests — to improve security, detect abuse, and analyse aggregate usage.
  • Legal obligation — to comply with applicable EU and national laws.
  • Consent — for optional features such as marketing emails, which you may withdraw at any time.

5. Data Storage and Security

All data is stored on Supabase infrastructure hosted in eu-central-1 (Frankfurt, Germany), within the European Economic Area (EEA). Data is encrypted at rest and in transit using industry-standard TLS 1.2+. We apply role-based access controls and row-level security policies to limit data access.

6. Data Retention

Account data is retained for as long as your account is active. If you delete your account, your personal data is purged within 30 days, except where retention is required by law (e.g. transaction records required for tax purposes, retained for 7 years).

7. Your Rights Under GDPR

As a data subject in the EEA, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — request deletion of your data (“right to be forgotten”).
  • Portability — receive your data in a structured, machine-readable format.
  • Restriction — ask us to restrict processing in certain circumstances.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — at any time for consent-based processing.

To exercise any of these rights, email privacy@volomarket.net. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.

8. Third-Party Services

  • Supabase — database, authentication, and file storage (EU-hosted). Supabase processes data on our behalf as a data processor.
  • Mapbox — used for location autocomplete and map previews. Queries are sent to Mapbox servers; see Mapbox Privacy Policy.
  • Google Analytics 4 (Google LLC) — aggregated website analytics to understand how visitors use the platform. Only active if you have given analytics consent. See Google Privacy Policy.
  • Stripe — payment processing for transactions and seller payouts. Stripe sets cookies only when you initiate a checkout. See Stripe Privacy Policy.

9. Cookies

VoloMarket uses strictly necessary cookies to operate the Service, and optional analytics cookies to improve the platform. You can manage your preferences at any time using the banner shown on your first visit, or via the Manage Cookie Preferences link in the footer.

CookieCategoryPurposeExpiry
sb-access-tokenStrictly NecessarySupabase authentication session1 hour
sb-refresh-tokenStrictly NecessaryRenews expired access tokens60 days
preferred_currencyStrictly NecessaryStores your preferred display currency1 year
volomarket_vidAnalyticsAnonymous visitor ID for deduplicating listing view counts. Only set with your consent.1 year
_ga, _ga_*AnalyticsGoogle Analytics 4 — identifies unique visitors and sessions. Only set with your consent.2 years
_gidAnalyticsGoogle Analytics 4 — distinguishes users within a 24-hour window. Only set with your consent.24 hours
Stripe cookiesPayment ProcessingSet by Stripe.js only when you initiate a payment checkout. Contractually necessary for payment processing.Session

10. Managing Your Cookie Preferences

You can change your cookie preferences at any time using any of these methods:

  • Click Manage Cookie Preferences in the site footer to open the preferences panel.
  • Clear the volomarket_cookie_consent key from your browser’s localStorage for volomarket.net — this resets your choice and the consent banner will reappear on your next visit.
  • Use your browser’s built-in cookie controls to delete individual cookies at any time.

Withdrawing analytics consent does not affect the lawfulness of any processing carried out before your withdrawal.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email or an in-app notice at least 14 days before the change takes effect.

12. Contact

For any privacy-related questions or data requests: privacy@volomarket.net