Privacy Policy

1. Introduction

Opium ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, and protect your personal data in accordance with the Swiss Federal Act on Data Protection (nFADP / nLPD) and, where applicable, the General Data Protection Regulation (GDPR).

By using our platform, you agree to the collection and use of information as described in this policy.

2. Data We Collect

2.1 Account Information

Full name and email address
Password (stored as a secure hash — never readable)
Profile picture (optional)
Subscription plan and billing dates

2.2 Store & Seller Data

Store name, description, logo, and banner
Social media links (optional)
Stripe Connect account identifier for payouts
Uploaded product files and metadata

2.3 Transaction Data

Purchase and sales history
Transaction amounts and dates
Order details and download records

2.4 Technical Data

IP address and browser type
Pages visited and session data
Product view and download counts (aggregated)

3. How We Use Your Data

Manage your account and authentication
Process transactions and payments
Display your products and store to other users
Send transactional emails (order confirmations, subscription updates, payment alerts)
Improve our services and user experience
Prevent fraud, abuse, and ensure platform security
Comply with legal and tax obligations

4. Cookies & Local Storage

We use the following types of browser storage:

Strictly Necessary

Session cookies set by Supabase to keep you authenticated. These are required for the platform to function and cannot be disabled.

Functional

LocalStorage entries to remember your shopping cart contents, UI preferences, and your cookie consent choices (opium_cookie_consent).

Analytics & Marketing

We do not currently use any third-party analytics or advertising cookies. If this changes in the future, we will update this policy and request fresh consent through our cookie banner.

You can manage your cookie preferences at any time via the "Cookie Settings" link in the footer.

5. Data Sharing & Sub-processors

We share your data only where necessary with the following trusted partners:

Supabase — Database, authentication, and file storage (EU-hosted)
Stripe — Payment processing and seller payouts (subject to their own privacy policy)
Resend — Transactional email delivery
Public information — Store names, product listings, and reviews are publicly visible on the platform
Legal obligations — If required by law or a competent authority

We never sell your personal data to third parties.

6. Data Security

We implement technical and organizational security measures including:

Passwords stored as secure hashes (never in plain text)
HTTPS/TLS encryption for all connections
Row-level security on database access
Restricted access to personal data
Regular automated backups

7. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

Right of access — Request a copy of your personal data
Right to rectification — Correct inaccurate or incomplete data
Right to erasure — Request deletion of your data ("right to be forgotten")
Right to portability — Receive your data in a structured, machine-readable format
Right to object — Object to certain types of processing
Right to restriction — Request limited processing in certain circumstances

To exercise any of these rights, contact us at: support@joinopium.com. We will respond within 30 days.

8. Data Retention

Active account data — Retained for as long as your account exists
Transaction records — 10 years for tax and accounting obligations
Security logs — 12 months
Deleted account — Personal data is permanently deleted within 30 days (except where retention is required by law)

9. International Transfers

Your data is primarily stored within the European Union via Supabase. Where transfers to third countries are necessary (for example, Stripe and Resend in the USA), we ensure that appropriate GDPR safeguards are in place, including Standard Contractual Clauses.

10. Minors

Our platform is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected such data, we will delete it promptly.

11. Policy Changes

We may update this policy from time to time. The updated version will be posted on this page with a revised date. For significant changes, we will notify you by email in advance.

12. Contact & Complaints

For any questions about this policy or your personal data:

Email: support@joinopium.com

You also have the right to file a complaint with the PFPDT (Préposé fédéral à la protection des données et à la transparence — Swiss Federal Data Protection Authority): www.edoeb.admin.ch

1. Introduction

By using our platform, you agree to the collection and use of information as described in this policy.

2. Data We Collect

2.1 Account Information

Full name and email address
Password (stored as a secure hash — never readable)
Profile picture (optional)
Subscription plan and billing dates

2.2 Store & Seller Data

Store name, description, logo, and banner
Social media links (optional)
Stripe Connect account identifier for payouts
Uploaded product files and metadata

2.3 Transaction Data

Purchase and sales history
Transaction amounts and dates
Order details and download records

2.4 Technical Data

IP address and browser type
Pages visited and session data
Product view and download counts (aggregated)

3. How We Use Your Data

Manage your account and authentication

Process transactions and payments

Display your products and store to other users

Send transactional emails (order confirmations, subscription updates, payment alerts)

Improve our services and user experience

Prevent fraud, abuse, and ensure platform security

Comply with legal and tax obligations

4. Cookies & Local Storage

We use the following types of browser storage:

Strictly Necessary

Session cookies set by Supabase to keep you authenticated. These are required for the platform to function and cannot be disabled.

Functional

LocalStorage entries to remember your shopping cart contents, UI preferences, and your cookie consent choices (opium_cookie_consent).

Analytics & Marketing

We do not currently use any third-party analytics or advertising cookies. If this changes in the future, we will update this policy and request fresh consent through our cookie banner.

You can manage your cookie preferences at any time via the "Cookie Settings" link in the footer.

5. Data Sharing & Sub-processors

We share your data only where necessary with the following trusted partners:

Supabase — Database, authentication, and file storage (EU-hosted)

Stripe — Payment processing and seller payouts (subject to their own privacy policy)

Resend — Transactional email delivery

Public information — Store names, product listings, and reviews are publicly visible on the platform

Legal obligations — If required by law or a competent authority

We never sell your personal data to third parties.

7. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

Right of access — Request a copy of your personal data

Right to rectification — Correct inaccurate or incomplete data

Right to erasure — Request deletion of your data ("right to be forgotten")

Right to portability — Receive your data in a structured, machine-readable format

Right to object — Object to certain types of processing

Right to restriction — Request limited processing in certain circumstances

To exercise any of these rights, contact us at: support@joinopium.com. We will respond within 30 days.