Privacy Policy

Last updated: June 2026

1. Who we are — and whose data this is

Empasa is a product of Empasa Technology, an independent software company. Empasa is a tool for marketplace operators, and two kinds of data are involved:

  • Your operator account data (email, name, billing) — for this, Empasa Technology is the data controller.
  • Your marketplace’s data (synced from Sharetribe) — for this, you, the operator, are the controller and Empasa is a data processor acting on your behalf and under your instruction. End-users of your marketplace never interact with Empasa directly, and we never sell or share marketplace data.

2. What we store, and why

  • Account information — email address, name, and password hash when you register.
  • Marketplace users, listings, and transactions — synced via the official Sharetribe Integration API to power analytics, operator workflows, and the automations you configure.
  • Reviews — for reputation analytics.
  • Messages — for communication metrics only; message content is not displayed in dashboards.
  • Image metadata — to link listings to their images (not the images themselves; see below).
  • Listing view events and search embeddings — for view counters, “popular” badges, and semantic search.
  • Emails sent via the platform — an audit trail you can inspect: who was contacted, when, about what.
  • Payment information — processed by Stripe. We store your Stripe customer ID but never your card details.

Data minimization: only data needed for the features you have enabled is synced and processed.

3. What we deliberately do NOT store

  • Raw IP addresses. The listing-view beacon hashes IPs (SHA-256) at ingestion, before anything touches the database.
  • Marketplace images. Original Sharetribe image URLs remain authoritative; we store metadata only. Operator-requested processed images (e.g. background removal) live in a private, per-marketplace container.
  • Payment card data. Payments stay entirely on Stripe/Sharetribe rails.
  • Plaintext credentials. Integration API secrets, tenant Stripe keys, and tenant SendGrid API keys (per-team email config and affiliate program) are encrypted with AES-256-GCM before storage; the encryption key never resides in the database.

4. AI features and your data

  • AI features (Copilot, semantic search, listing generation) operate only on your connected marketplace’s own data, scoped to your tenant.
  • Models are accessed via Azure OpenAI; under Azure’s data-privacy terms, prompts and data are not used to train models.
  • AI write-actions (e.g. “fix this listing”) always require explicit operator confirmation, are logged with before/after snapshots, and are reversible.

5. Isolation between marketplaces

Every stored record is scoped to your team and integration. There is no cross-tenant querying, no shared search index, and no cross-marketplace benchmarking on identifiable data. File storage uses one private container per integration.

6. Where your data is stored

The application, PostgreSQL databases, and Redis run in Heroku’s EU region (Dublin); file storage is Microsoft Azure, North Europe region (Dublin). All stored data stays in the EU. AI requests are processed transiently by Azure OpenAI endpoints (UK South and East US 2) and are not retained for training. We use Stripe (US-based, EU-US Data Privacy Framework certified) for payment processing.

7. Data retention and deletion

  • Disable a feature — that feature’s processing stops and its data stops accumulating.
  • Delete an integration — cascade delete of all mirrored data, credentials, embeddings, receipts, and the storage container for that marketplace.
  • Delete your account/team — cascade delete of everything above, for all integrations.
  • Temporary files (exports, batch uploads) — auto-deleted after 7 days / 24 hours respectively.

If you cancel your subscription and request deletion, marketplace data is removed within 30 days. Account records may be retained for up to 12 months for legal and accounting purposes. Data exports are available on request.

8. Your rights — and your end-users’ rights

Under GDPR and applicable data protection law, you have the right to:

  • Access the data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Export your data in a machine-readable format.
  • Withdraw consent where processing is based on consent.

Because you are the controller of your marketplace’s data, end-user rights requests (access, erasure, rectification) flow through you. When an end-user is deleted in Sharetribe, the deletion propagates to Empasa through the event sync: the mirrored record is marked deleted and removed from all derived indexes. Operators can additionally request full manual purges at any time.

To exercise these rights, contact us at emanuel@empasa.io.

9. Sub-processors

  • Heroku (Salesforce) — application hosting, PostgreSQL, Redis (EU region).
  • Microsoft Azure — file storage (North Europe) and Azure OpenAI (AI features).
  • SendGrid (Twilio) — email delivery for the emails you configure.
  • Stripe — Empasa’s own subscription billing.
  • Sentry — error monitoring (no marketplace data in events, by policy).
  • Sharetribe — marketplace data access via their Integration API (you authorize this connection).

10. Cookies

We use essential cookies only: session authentication (HTTP-only JWT cookie). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

11. Changes to this policy

We may update this policy as the product evolves. Significant changes will be communicated via email to active account holders.

12. Contact

For privacy questions or data requests: emanuel@empasa.io

Company information: empasa.io