1. Introduction

Aleva (“we,” “our,” or “us”) is committed to protecting the privacy of merchants and customers using our e-commerce platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

Our website address is: https://aleva.fi.

2. Information We Collect

We collect different types of information depending on whether you are a merchant or customer:

Merchant Information:

• Business registration and tax information
• Bank account details for payments
• Product listings and inventory data
• Sales performance metrics
• Customer communication records

Customer Information:

• Personal and contact information
• Purchase history and preferences
• Payment and shipping information
• Device and usage data

Website Visitor Information:

• Comments and form data
• Media uploads
• Cookie data
• Embedded content interactions

3. How We Use Your Information

We use collected information to:

• Provide and maintain our platform services
• Process transactions and payments
• Facilitate merchant-customer communications
• Provide analytics and business insights
• Improve platform functionality and user experience
• Ensure platform security and prevent fraud
• Comply with legal and regulatory requirements
• Send important updates and notifications

4. Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

5. Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

6. Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

We also use cookies and similar technologies to:

• Enhance user experience and functionality
• Analyze platform usage and performance
• Provide personalized content and recommendations
• Track marketing campaign effectiveness
• Ensure platform security

7. Embedded Content from Other Websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

8. Information Sharing

We may share information with:

• Merchants: Customer information necessary for order fulfillment
• Customers: Merchant information for product purchases
• Service Providers: Payment processors, shipping companies, analytics providers
• Legal Authorities: When required by law or to protect our rights
• Business Partners: With consent for marketing and promotional purposes

If you request a password reset, your IP address will be included in the reset email.

Visitor comments may be checked through an automated spam detection service.

9. Data Security

We implement comprehensive security measures:

• End-to-end encryption for sensitive data
• Secure payment processing (PCI DSS compliant)
• Regular security audits and monitoring
• Access controls and authentication
• Data backup and recovery systems
• Employee training on data protection

10. Merchant Data Protection

Special protections for merchant data:

• Separate merchant and customer data systems
• Enhanced security for business information
• Regular compliance audits
• Secure API access controls
• Data retention policies specific to business needs

11. Customer Data Protection

Customer privacy safeguards:

• Limited data sharing with merchants
• Customer control over personal information
• Opt-out options for marketing communications
• Secure payment processing
• Privacy controls in account settings

12. International Data Transfers

Your information may be transferred internationally for:

• Platform operations and maintenance
• Customer service and support
• Payment processing and banking
• Analytics and reporting services

We ensure appropriate safeguards are in place for all international transfers.

13. Your Rights

You have the right to:

• Access your personal information
• Correct inaccurate information
• Delete your account and data
• Opt-out of marketing communications
• Data portability
• Restrict processing of your data
• Object to certain uses of your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

14. Data Retention

We retain information for:

• Active accounts: Duration of account plus 3 years
• Inactive accounts: 1 years after last activity
• Financial records: 3 years for tax compliance
• Customer communications: 1 years
• Analytics data: 1 years for trend analysis

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

15. Children’s Privacy

Our platform is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our platform
• Sending email notifications
• Displaying in-app notifications
• Updating the “Last updated” date

17. Contact Information

For questions about this Privacy Policy or data practices, please contact:

Email: [email protected]
Phone: +358 4002 690 34
Address: Oraskatu 3 D 39 05880 Hyvinkää, Finland
Data Protection Officer: [email protected]