Are you a vendor? Get listed

Privacy Policy

Last updated: April 11, 2026

1. Introduction

Zwieg.mt ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise process your personal data when you use our website, mobile application, and related services (collectively, the "Services").

We comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws. Please read this policy carefully to understand our privacy practices.

2. Information We Collect

2.1 Vendor Information

When you create a vendor listing, we collect:

  • Business name, description, and category
  • Contact email, phone number, and website
  • Business location and coordinates
  • Business photos and videos
  • Service offerings and amenities
  • Pricing, promotions, and business hours
  • Social media links
  • Stripe customer ID (for premium payments)

2.2 User Account Information

If you create an account, we collect:

  • Email address and phone number
  • Authentication credentials (managed by Supabase Auth)
  • Profile preferences and settings
  • Role information (vendor, admin, user)

2.3 Customer Inquiry Information

When customers submit inquiries through vendor profiles, we collect:

  • Customer name and email address
  • Phone number (optional)
  • Event date and guest count
  • Inquiry message

2.4 Payment Information

For premium listing purchases, payment information is collected and processed by Stripe. We do not store full credit card details. We retain:

  • Stripe customer ID
  • Last 4 digits of card (provided by Stripe)
  • Subscription status and billing dates
  • Payment history and receipts

2.5 Automatic Information

When you visit our Services, we automatically collect:

  • IP address and device information
  • Browser type and version
  • Pages visited and time spent
  • Search queries and filters used
  • Referral source
  • Cookies and similar tracking technologies

3. How We Use Your Data

We use your personal data for:

  • Creating and managing your vendor listing
  • Processing premium listing payments via Stripe
  • Sending confirmations and transactional emails
  • Managing customer inquiries for your business
  • Admin review and approval of listings
  • Communicating with you about your account
  • Improving and personalizing the Services
  • Analytics and usage monitoring
  • Legal compliance and fraud prevention
  • Responding to your data requests

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on:

  • Contractual obligation: Processing necessary to provide Services
  • Legitimate interest: Improving Services, analytics, fraud prevention
  • Consent: Marketing emails and optional data collection
  • Legal compliance: Tax, financial, and regulatory requirements

5. Data Sharing

We share your data with:

5.1 Service Providers

  • Stripe: Payment processing (credit card data handled by Stripe)
  • Resend: Email delivery service
  • Supabase: Database and authentication provider

5.2 Admins

Zwieg.mt admins can view vendor information for approval, management, and support purposes.

5.3 Public Visibility

Your approved vendor listing (name, description, images, services, location, contact email) is displayed publicly on Zwieg.mt and shared with customers who view your profile.

5.4 Legal Requirements

We may disclose data when required by law, court order, or government request.

6. Data Retention

  • Active listings: Data retained while listing is approved and active
  • Soft-deleted listings: Data retained for 90 days before permanent deletion (for recovery)
  • Payment records: Retained for 7 years (tax/legal requirements)
  • Customer inquiries: Retained as long as needed for business purposes
  • Analytics data: Aggregated and anonymized after 1 year

7. Your Rights

Under GDPR and CCPA, you have the following rights regarding your personal data:

7.1 Right to Access

You can request a copy of all personal data we hold about you. We will provide this within 30 days.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

7.3 Right to Erasure

You can request deletion of your personal data. We will comply unless legal obligations require retention (e.g., tax records). Deleted data is soft-deleted and permanently removed after 90 days.

7.4 Right to Data Portability

You can request your data in a portable format (CSV/JSON) so you can transfer it to another service.

7.5 Right to Object

You can object to processing of your data for marketing or analytics purposes.

7.6 Right to Withdraw Consent

If processing is based on consent, you can withdraw it at any time.

8. Exercising Your Rights

To exercise any of your rights, please submit a request to: privacy@zwieg.mt

Please include:

  • Your name and email address
  • Description of your request
  • Proof of identity (we may ask)

We will respond within 30 days. If we need more information, we may extend this timeline.

9. Data Security

We implement industry-standard security measures:

  • SSL/TLS encryption for data in transit
  • Encryption at rest for sensitive data
  • Role-based access control (RBAC)
  • Row-level security (RLS) in database
  • Regular security audits and updates
  • Limited admin access to personal data

However, no system is completely secure. If you believe your data has been compromised, please contact us immediately at privacy@zwieg.mt

10. International Data Transfers

Your data may be processed in multiple countries. For transfers outside the EU, we use:

  • Standard contractual clauses (SCCs) approved by the EU
  • Adequacy decisions where applicable
  • Your explicit consent when necessary

11. Children's Privacy

Our Services are not intended for individuals under 18. We do not knowingly collect personal data from children under 13 (or the applicable age of digital consent in their jurisdiction).

If we become aware that we have collected data from a child under 13, we will delete it immediately. Please contact us if you believe this has occurred.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or prominent notice on the website. Your continued use of the Services constitutes acceptance of the updated policy.

13. Contact Us

For privacy concerns, questions, or data requests:

Email: privacy@zwieg.mt

Address: Zwieg.mt, Malta

Response time: We aim to respond within 30 days

For EU residents, you have the right to lodge a complaint with your local data protection authority.