Skip to main content

    Privacy Policy

    Last updated: March 2026

    Data Controller

    The data controller for this service is Studio505 AB, a Swedish limited company (aktiebolag) with its registered address at Jordabalksvägen, 226 57 Lund, Sweden (organisation number: 559578-9974). You can reach us at privacy@uefnmarketplace.com.

    We are committed to protecting your privacy and ensuring compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

    1. Information We Collect

    Information You Provide

    • Account Information: Name, email address, username, and password
    • Profile Information: Bio, avatar, website, country (optional), and other details you choose to share
    • Payment Information: Processed securely through Stripe; we don't store full card details
    • Communications: Messages, support requests, and feedback
    • Commission Messages & Files: Text messages, images, and files exchanged between buyers and sellers within commission contract workspaces. These are stored to facilitate delivery, dispute resolution, and quality assurance.
    • Thumbnail Uploads: Images you upload to the AI thumbnail generation tool for processing
    • Discord Account Data: If you choose to link your Discord account, we store your Discord user ID, username, and linked status for the purposes of role synchronisation and notifications

    Information Collected Automatically

    • Usage Data: Pages visited, features used, time spent, and interactions with the platform
    • Device Information: Browser type, operating system, screen resolution, language settings, and device identifiers
    • Network Information: IP address, approximate geolocation derived from IP, ISP, and connection type
    • Browser Fingerprint: We collect technical browser characteristics (canvas fingerprint, WebGL renderer, installed fonts, audio context, hardware concurrency) to detect fraud, prevent abuse, and enforce rate limits. This data is hashed and never linked to identifiable information without cause.
    • Log Data: Access times, referring URLs, HTTP request metadata, and error logs
    • Ad Interaction Data: Impressions, clicks, and conversions related to sponsored asset placements. This data is used to measure campaign performance and is aggregated in seller analytics dashboards.
    • Seller Analytics Data: Revenue timelines, per-asset view/download/conversion metrics, and follower counts collected to power the seller analytics dashboard
    • Cookies & Local Storage: See our Cookie Policy for full details

    2. Why We Collect Fingerprints & IP Data

    We collect browser fingerprints and IP addresses for the following strictly-defined purposes:

    • Fraud Prevention: Detecting and blocking abusive signups, fake reviews, and fraudulent purchases
    • Rate Limiting: Enforcing fair-use limits on API calls and platform actions to protect all users
    • Security Monitoring: Identifying compromised accounts and unauthorized access attempts
    • Abuse Detection: Preventing ban evasion and multi-account abuse

    Fingerprint and IP data is not used for advertising, not sold to third parties, and is retained only as long as necessary for the security purposes described above (maximum 12 months).

    3. Legal Basis for Processing (GDPR)

    We process your personal data based on the following legal grounds:

    • Contract: To fulfill our contract with you (e.g., providing services, processing purchases, managing commission escrow)
    • Consent: Where you have given explicit consent (e.g., marketing communications, Discord account linking)
    • Legitimate Interests: For fraud prevention, rate limiting, security monitoring, ad performance measurement, and improving services
    • Legal Obligation: To comply with legal requirements

    4. How We Use Your Information

    We use collected information to:

    • Provide, maintain, and improve the Service
    • Process transactions, subscriptions, and commission escrow payments
    • Send notifications, updates, and marketing communications (with consent)
    • Respond to inquiries and provide customer support
    • Monitor and analyze usage patterns and trends
    • Detect, prevent, and address fraud, abuse, and security incidents
    • Enforce rate limits and fair-use policies
    • Measure and report ad campaign performance to sellers
    • Facilitate commission dispute resolution
    • Synchronise roles and deliver notifications via linked Discord accounts

    5. Information Sharing

    We may share your information with:

    • Service Providers: Third parties that help us operate (e.g., Stripe for payments, hosting providers, Resend for email delivery)
    • Other Users: Your public profile and seller information
    • Commission Counterparties: When you participate in a commission, the other party can see messages and files you share within the contract workspace
    • Legal Requirements: When required by law or to protect our rights
    • Business Transfers: In connection with a merger or acquisition

    We do not sell your personal information to third parties.

    6. Data Security

    We implement appropriate technical and organizational security measures to protect your information, including encryption in transit and at rest, access controls, IP-based rate limiting, browser fingerprinting for fraud detection, and regular security assessments. However, no method of transmission over the Internet is 100% secure.

    7. Data Retention

    We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. When you delete your account, we will delete or anonymize your personal data within 30 days, unless retention is required by law. Security logs (including IP and fingerprint data) are retained for up to 12 months. Commission messages and files are retained for 90 days after contract completion for dispute resolution purposes, then permanently deleted.

    8. Your Rights Under GDPR

    If you are located in the European Economic Area (EEA), you have the following rights:

    • Right of Access: Request a copy of your personal data
    • Right to Rectification: Request correction of inaccurate data
    • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
    • Right to Restrict Processing: Request limitation of how we use your data
    • Right to Data Portability: Receive your data in a structured, machine-readable format
    • Right to Object: Object to processing based on legitimate interests
    • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

    To exercise these rights, visit your account settings or contact us at privacy@uefnmarketplace.com.

    9. Your Rights Under CCPA (California Residents)

    If you are a California resident, you have the following rights under the CCPA:

    • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected
    • Right to Delete: Request deletion of your personal information
    • Right to Opt-Out: Opt out of the sale of your personal information (note: we do not sell personal information)
    • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

    To exercise these rights, visit your account settings or contact us at privacy@uefnmarketplace.com.

    Do Not Sell My Personal Information: UEFNMarketplace does not sell personal information to third parties for monetary or other valuable consideration.

    10. International Data Transfers

    Your information may be transferred to and processed in countries other than your own. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

    11. Children's Privacy

    Our Service is not intended for children under 16 (or 13 in the United States). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

    12. Cookies and Tracking Technologies

    We use cookies, localStorage, and similar technologies to enhance your experience and maintain platform security. You can manage your cookie preferences through our cookie consent banner or by visiting our Cookie Policy.

    13. Automated Decision-Making

    We use automated systems (including fingerprint analysis and IP reputation checks) to detect and block abusive activity. These systems may automatically restrict access when abuse is detected. You may contact us to request human review of any automated decision that affects your account.

    14. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

    15. Contact Us

    For privacy-related inquiries or to exercise your rights, please contact us:

    16. Supervisory Authority

    If you are not satisfied with our response, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at www.imy.se, or with the supervisory authority in your country of residence within the EU/EEA.