Privacy Policy

Last updated: 23/02/2026.

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Please read this Privacy Policy carefully before using Our Service.

1 - Interpretation and Definitions

1.1 - Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in the singular or in the plural.

1.2 - Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for You to access our Service or parts of our Service.
  • Affiliate means an entity that controls, is controlled by, or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for the election of directors or other managing authority.
  • Application means any software program provided by the Company or Operator that may be made available for download on any electronic device, under the name HiFiHub.
  • Business refers to the Company or Operator as the legal entity that collects users' personal information and determines the purposes and means of the processing of that personal information.
  • Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to HiFiHub S.à r.l.-S, 26a Rue Melicksheck, L-6214 Consdorf, Luxembourg, RCS number: B304990. For the purpose of the GDPR, the Company is the Data Controller.
  • Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
  • Country refers to Luxembourg.
  • Data Controller, for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.
  • Data Processor refers to any natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Data Controller.
  • Device means any device that can access the Service such as a computer, a cellphone, or a digital tablet.
  • Operator (referred to as either "the Operator", "We", "Us" or "Our" in this Agreement) refers to HiFiHub S.à r.l.-S. For the purpose of the GDPR, the Company or Operator is the Data Controller.
  • Personal Data is any information that relates to an identified or identifiable individual. For the purposes of the GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
  • Service refers to the Website, the Application, or both.
  • Service Provider means any natural or legal person who processes the data on behalf of the Company or Operator. It refers to third-party companies or individuals employed by the Company or Operator to facilitate the Service, to provide the Service on behalf of the Company or Operator, to perform services related to the Service, or to assist the Company or Operator in analyzing how the Service is used. For the purpose of the GDPR, Service Providers are considered Data Processors.
  • Third-party Social Media Service refers to any website or social network through which a User can log in or create an account to use the Service.
  • Transaction Data refers to Personal Data exchanged between Buyers and Sellers in the course of a transaction facilitated through the Service, including but not limited to shipping addresses, contact details, and order information.
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • Website refers to the HiFiHub marketplace, accessible from https://hifihub.market/.
  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. Under GDPR, You can be referred to as the Data Subject or as the User.

2 - Contact Us

If you have any questions about this Privacy Policy, You can contact us:

  • By email: customerservice@hifihub.market
  • By visiting this page on our website: https://hifihub.market/p/contact-us

3 - Collecting and Using Your Personal Data

3.1 - Types of Data Collected

3.1.1 - Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

  • Email address
  • First name and last name
  • Phone number
  • Address, Province, ZIP/Postal code, City, Country
  • Bank account information (for Sellers, collected and processed by Stripe Connect)
  • Payment card details (collected and processed directly by Stripe Connect; We do not store or access this information)
  • Identity verification documents (collected and processed directly by Stripe Connect on Our behalf; see Section 3.1.5)
  • Usage Data

3.1.2 - Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

3.1.3 - Transaction Data

When a transaction is concluded between a Buyer and a Seller through the Service, certain Personal Data is exchanged between the parties to enable fulfilment of the transaction. This may include:

  • The Buyer's shipping address and contact details, which are transmitted to the Seller to enable dispatch of the Goods.
  • The Seller's display name, listing information, and contact details, which are made available to the Buyer in connection with the transaction.

This exchange is a necessary part of the performance of the contract between the Buyer and the Seller. Buyers and Sellers are each responsible for handling any Personal Data they receive from the other party in connection with a transaction in compliance with applicable data protection law. Such data must not be used for any purpose other than fulfilling the transaction.

3.1.4 - Information from Third-Party Social Media Services

The Company or Operator may allow You to create an account and log in to use the Service through Third-party Social Media Services, which may include but are not limited to:

  • Google
  • Facebook
  • Apple

If You decide to register through or otherwise grant Us access to a Third-Party Social Media Service, We may collect Personal Data already associated with Your account on that service, such as Your name, email address, and profile information.

You may also have the option of sharing additional information with the Company or Operator through Your Third-Party Social Media Service's account. If You choose to provide such information, You are giving the Company or Operator permission to use, share, and store it in a manner consistent with this Privacy Policy.

3.1.5 - Identity Verification

To comply with applicable financial regulations and to protect the integrity of the marketplace, Sellers may be required to complete an identity verification process before listing Goods or receiving payouts. This verification process is conducted entirely by Stripe Connect, Our third-party Payment Processor, acting as a Data Processor on Our behalf.

Stripe Connect may collect identity documents such as government-issued ID, and may perform checks against applicable databases, in accordance with their own privacy policy and applicable law. We do not store or have direct access to the identity documents submitted. For more information on how Stripe processes this data, please refer to Stripe's Privacy Policy at https://stripe.com/privacy.

3.1.6 - Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:

  • Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service.
  • Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company or Operator, for example, to count users who have visited those pages or opened an email and for other related website statistics.

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser.

We use both Session and Persistent Cookies for the following purposes:

  • Necessary / Essential Cookies Type: Session Cookies Administered by: Us Purpose: These Cookies are essential to provide You with services available through the Service and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts.
  • Cookies Policy / Notice Acceptance Cookies Type: Persistent Cookies Administered by: Us Purpose: These Cookies identify if users have accepted the use of cookies on the Service.
  • Functionality Cookies Type: Persistent Cookies Administered by: Us Purpose: These Cookies allow us to remember choices You make when You use the Service, such as remembering your login details or language preference, to provide You with a more personalised experience.
  • Tracking and Performance Cookies Type: Persistent Cookies Administered by: Third Parties Purpose: These Cookies are used to track information about traffic to the Service and how users interact with it. The information gathered may directly or indirectly identify you as an individual visitor through a pseudonymous identifier associated with the device you use to access the Service.

3.2 - Use of Your Personal Data

The Company or Operator may use Personal Data for the following purposes:

  • To provide and maintain our Service, including to monitor the usage of our Service.
  • To manage Your Account: to manage Your registration as a user of the Service and to provide access to the functionalities available to registered users.
  • For the performance of a contract: the development, compliance, and undertaking of the purchase contract for the Goods You have purchased or of any other contract with Us through the Service.
  • To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication regarding updates, informative communications, or security notifications related to the Service.
  • To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that You have already purchased or enquired about, unless You have opted not to receive such information.
  • To manage Your requests: To attend and manage Your requests to Us.
  • To deliver targeted advertising to You: We may use Your information to develop and display content and advertising (and work with third-party vendors who do so) tailored to Your interests and/or location and to measure its effectiveness. Where required by applicable law, We will obtain Your prior consent before processing Your data for this purpose.
  • For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, in which Personal Data held by Us about our Service users is among the assets transferred.
  • For other purposes: We may use Your information for purposes such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, and to evaluate and improve our Service and your experience.

We may share Your personal information in the following situations:

  • With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, for payment processing, for identity verification, and to contact You.
  • With Platform Infrastructure Providers: Our Service is built on the Sharetribe marketplace platform. Sharetribe processes certain Personal Data on Our behalf as a Data Processor in order to operate the Service. This includes account data, listing data, transaction data, and usage data processed through the Sharetribe infrastructure. Sharetribe's privacy policy is available at https://www.sharetribe.com/privacy-policy/.
  • Between Buyers and Sellers: As described in Section 3.1.3, certain Personal Data is shared between transacting parties to enable fulfilment of Orders.
  • For business transfers: We may share or transfer Your personal information in connection with any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business.
  • With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy.
  • With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions.
  • With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users. Other users will be able to view descriptions of Your activity, communicate with You and view Your public profile.
  • With Your consent: We may disclose Your personal information for any other purpose with Your prior consent.

3.3 - Retention of Your Personal Data

The Company or Operator will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

Transaction Data and data related to completed Orders may be retained for longer periods where required by applicable law, including tax, accounting, and anti-money laundering obligations.

Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

When Your Personal Data is no longer required by law or rights or obligations by Us or You, We will delete the Personal Data. In most cases, Personal Data will be deleted upon termination or expiry of the agreement between You and the Company or Operator, or upon Your written request, subject to any legal retention obligations.

3.4 - Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's or Operator's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your country or other governmental jurisdiction where the data protection laws may differ from those of Your jurisdiction.

The Company or Operator will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy. No transfer of Your Personal Data will take place to an organisation or a country unless there are adequate controls in place, including the security of Your data and other personal information, in accordance with applicable data protection law including the GDPR.

3.5 - Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.

You may update, amend, or delete Your information at any time by signing in to Your Account and visiting the account settings section. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us.

Please note that We may need to retain certain information when we have a legal obligation or lawful basis to do so.

3.6 - Disclosure of Your Personal Data

3.6.1 - Business Transactions

If the Company or Operator is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

3.6.2 - Law Enforcement

Under certain circumstances, the Company or Operator may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

3.6.3 - Other Legal Requirements

The Company or Operator may disclose Your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of the Company or Operator
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of Users of the Service or the public
  • Protect against legal liability

3.7 - Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

4 - Detailed Information on the Processing of Your Personal Data

The Service Providers We use may have access to Your Personal Data. These third-party vendors collect, store, use, process and transfer information about Your activity on Our Service in accordance with their Privacy Policies.

4.1 - Platform Infrastructure

Our Service is built on the Sharetribe marketplace platform, which acts as a Data Processor on Our behalf. Sharetribe processes Personal Data necessary to operate the marketplace, including user accounts, listings, transactions, and messaging. For more information, please refer to Sharetribe's Privacy Policy at https://www.sharetribe.com/privacy-policy/.

4.2 - Analytics

We may use third-party Service Providers to monitor and analyze the use of our Service. They may include, but are not limited to:

  • Google Analytics Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. You can opt-out of having your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy
  • Matomo Matomo is a web analytics service. You can visit their Privacy Policy page here: https://matomo.org/privacy-policy
  • Fathom Fathom is a web analytics service. You can visit their Privacy Policy page here: https://www.fathomhq.com/privacy

4.3 - Email Marketing

We may use Your Personal Data to contact You with newsletters, marketing or promotional materials and other information that may be of interest to You. You may opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us.

We may use Email Marketing Service Providers to manage and send emails to You. They may include, but are not limited to:

  • Mailchimp Mailchimp is an email marketing sending service provided by The Rocket Science Group LLC. For more information on the privacy practices of Mailchimp, please visit their Privacy Policy: https://mailchimp.com/legal/privacy/

4.4 - Payments and Identity Verification

We use Stripe Connect for payment processing and identity verification. We will not store or collect Your payment card details or identity documents. That information is provided directly to Stripe Connect and is governed by their Privacy Policy. Stripe Connect adheres to the standards set by PCI-DSS as managed by the PCI Security Standards Council.

  • Stripe Connect Their Privacy Policy can be viewed at https://stripe.com/privacy

4.5 - Behavioral Remarketing

The Company or Operator may use remarketing services to advertise to You after You accessed or visited our Service. We and Our third-party vendors use cookies and similar technologies to help Us recognize Your Device and understand how You use our Service, so that We can improve our Service and serve You advertisements that are likely to be of more interest to You.

Where required under applicable law, including the GDPR, We will obtain Your prior consent before processing Your Personal Data for remarketing purposes.

The third-party vendors We may use are:

  • Google Ads Google Ads remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customise the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads For more information on the privacy practices of Google, please visit: https://policies.google.com/privacy
  • Meta (Facebook) Facebook or Meta remarketing service is provided by Meta Inc. You can learn more about interest-based advertising from Facebook by visiting: https://www.facebook.com/help/516147308587266. To opt-out from Meta's interest-based ads, follow the instructions at: https://www.facebook.com/help/568137493302217 For more information on the privacy practices of Meta, please visit: https://www.facebook.com/privacy/explanation

4.6 - Usage, Performance and Miscellaneous

We may use third-party Service Providers to provide better improvement of our Service. These are provided through the Sharetribe platform infrastructure and may include, but are not limited to:

  • Intercom Their Privacy Policy can be viewed at https://www.intercom.com/legal/privacy
  • Facebook Messenger Their Privacy Policy can be viewed at https://www.facebook.com/privacy/policy
  • Zendesk Their Privacy Policy can be viewed at https://www.zendesk.com/company/agreements-and-terms/privacy-notice/
  • Tawk Their Privacy Policy can be viewed at https://www.tawk.to/privacy-policy/

5 - Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third-party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

6 - GDPR Privacy

6.1 - Legal Basis for Processing Personal Data under GDPR

We may process Personal Data under the following conditions:

  • Consent: You have given Your consent for processing Personal Data for one or more specific purposes.
  • Performance of a contract: Provision of Personal Data is necessary for the performance of an agreement with You and/or for any pre-contractual obligations thereof.
  • Legal obligations: Processing Personal Data is necessary for compliance with a legal obligation to which the Company or Operator is subject.
  • Vital interests: Processing Personal Data is necessary in order to protect Your vital interests or those of another natural person.
  • Legitimate interests: Processing Personal Data is necessary for the purposes of the legitimate interests pursued by the Company or Operator, provided those interests are not overridden by Your fundamental rights and freedoms.

In any case, the Company or Operator will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

6.2 - Data Processors

As a Data Controller, We engage the following principal Data Processors to provide the Service:

  • Sharetribe — marketplace platform infrastructure. Processes account, listing, transaction, and usage data.
  • Stripe Connect — payment processing and identity verification. Processes payment data and identity documents.
  • Google Analytics / Matomo / Fathom — analytics providers. Process usage and behavioral data.
  • Mailchimp — email marketing. Processes contact details and communication preferences.

We ensure that all Data Processors are bound by appropriate data processing agreements and provide sufficient guarantees regarding the security and lawful processing of Personal Data.

6.3 - Your Rights under the GDPR

The Company or Operator undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights.

You have the right under this Privacy Policy, and by law if You are within the EU, to:

  • Request access to Your Personal Data. The right to access, update or delete the information We have on You. Whenever made possible, You can access, update or request deletion of Your Personal Data directly within Your account settings section. If you are unable to perform these actions yourself, please contact Us to assist You. This also enables You to receive a copy of the Personal Data We hold about You.
  • Request correction of the Personal Data that We hold about You. You have the right to have any incomplete or inaccurate information We hold about You corrected.
  • Object to processing of Your Personal Data. This right exists where We are relying on a legitimate interest as the legal basis for Our processing and there is something about Your particular situation which makes You want to object to our processing of Your Personal Data on this ground. You also have the right to object where We are processing Your Personal Data for direct marketing purposes.
  • Request restriction of processing of Your Personal Data. You have the right to ask Us to suspend the processing of Your Personal Data in certain circumstances, for example if You want Us to establish its accuracy or the reason for processing it.
  • Request erasure of Your Personal Data. You have the right to ask Us to delete or remove Personal Data when there is no good reason for Us to continue processing it.
  • Request the transfer of Your Personal Data. We will provide to You, or to a third-party You have chosen, Your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which You initially provided consent for Us to use or where We used the information to perform a contract with You.
  • Withdraw Your consent. You have the right to withdraw Your consent to the use of your Personal Data at any time. If You withdraw Your consent, We may not be able to provide You with access to certain specific functionalities of the Service.

6.4 - Exercising of Your GDPR Data Protection Rights

You may exercise Your rights by contacting Us at customerservice@hifihub.market. Please note that We may ask You to verify Your identity before responding to such requests. We will try our best to respond to You within 30 days.

You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Data. If You are in the European Economic Area (EEA), please contact Your local data protection authority. In Luxembourg, the supervisory authority is the Commission Nationale pour la Protection des Données (CNPD): https://cnpd.public.lu.

7 - Children's Privacy

Our Service does not address anyone under the age of 16. We do not knowingly collect personally identifiable information from anyone under the age of 16. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 16 without verification of parental consent, We take steps to remove that information from Our servers.

8 - Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective, and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.