Privacy Policy
This policy explains what information House of Watches uses to run accounts, listings, payments, trust systems, messaging, analytics, and support.
Last updated: June 1, 2026
Information we collect
Account data
Name, email, password status, passkeys, profile photo, language preference, onboarding choices, terms acceptance, and marketing consent choices.
Marketplace data
Listings, photos, prices, messages, offers, orders, reviews, saved searches, and watch collection entries.
Payment and verification data
Stripe Connect account status, payment references, payout readiness, business type, verification state, payout capability, and payment dispute references. Sensitive payment and identity details are handled by Stripe where possible.
Technical data
Cookies, session data, security events, rate limiting data, device/browser metadata, analytics, and logs.
How we use data
We use data to operate the marketplace, authenticate users, personalize accounts, enable listings and messaging, process payments, support buyer and seller trust, reduce fraud, provide support, improve product quality, send service messages, manage optional marketing, and comply with legal obligations.
We do not ask users to send card details, bank credentials, identity documents, or passwords by email.
Service providers
We use providers such as Stripe for payments and verification, Resend for email delivery, Cloudflare R2 for media storage, analytics tools for product measurement, security/rate-limiting tools, and hosting/database providers for infrastructure.
We only share the information needed for each provider to deliver its service, meet legal requirements, prevent fraud, or support a transaction.
Your choices
You can update account details in your profile, change language preferences, manage cookies where available, opt out of marketing emails through unsubscribe links or support, and contact support to request access, correction, deletion, or restriction of your personal data.
Legal bases under GDPR
We process personal data to perform our contract with users, comply with legal obligations, pursue legitimate interests such as fraud prevention and marketplace safety, and rely on consent where required, for example for non-essential cookies or optional marketing communications.
Retention
We keep account, transaction, support, security, and compliance records only as long as needed for marketplace operation, legal obligations, fraud prevention, dispute handling, accounting, and audit purposes. Some records may need to be retained after account closure.
International transfers and security
Some providers may process data outside Romania or the European Economic Area. Where required, transfers should rely on appropriate safeguards such as adequacy decisions, standard contractual clauses, or equivalent protections.
We use technical and organizational measures such as authentication, passkeys, access controls, rate limiting, logging, and provider security controls. No online service can guarantee absolute security.
Your GDPR rights
Depending on the situation, you may request access, rectification, erasure, restriction, portability, objection to processing, and withdrawal of consent. You may also lodge a complaint with the competent data protection authority, including the Romanian National Supervisory Authority for Personal Data Processing where applicable.