Skip to main content

Legal

Privacy policy

This English translation explains how Gudfy handles personal data on the website and through official platform communications.

Scope

This policy describes how Gudfy processes the personal data of people who use the platform. It applies to the website at gudfy.com and to official communications sent through the channels identified here.

1. Data controller

Gudfy operates as the platform that facilitates the marketplace and reseller software. Questions about personal data may be submitted through Gudfy's official Telegram support channel or through the public forum.

2. Data we collect

We collect the information needed to operate and secure the service.

  • Account data: name, email, country, WhatsApp number and password, which is stored as a bcrypt hash.
  • Activity data: history of listings published and purchased, internal chat messages, reviews, reports and disputes.
  • Seller business data: configured payment methods, including alias, bank and type; local currency; and public-store slug.
  • Technical data: IP address, user agent, session timestamps and device information when push notifications are enabled.
  • Optional identity verification: identity documents submitted when a seller voluntarily requests verification. They are stored encrypted and retained only for the time needed to validate identity.

3. How we use personal data

Personal data is used only for the purposes described below.

  • Operate the marketplace and reseller software, authenticate users and deliver contracted services.
  • Moderate the platform, prevent fraud, resolve disputes and apply the warranty terms declared by each seller.
  • Send transactional notifications by email, push or WhatsApp about accounts, orders, messages and disputes.
  • Improve the product using aggregated and anonymous metrics.

4. Who receives data

Gudfy does not sell personal data. It shares only the information necessary for the following purposes.

  • The other party to a transaction: during a purchase, buyer and seller can see the public name, nickname and selected payment method needed to coordinate the exchange.
  • Technical providers: services that operate transactional email, Firebase push notifications, Sentry monitoring, Google Analytics and Microsoft Clarity. Each provider receives only the minimum data needed for its function.
  • Competent authorities: only when Gudfy receives a valid order issued by a legally authorized authority.

5. Retention

Data is retained while an account remains active. A user may request deletion at any time. Certain transaction records, resolved disputes and reviews may be anonymized and retained for up to five years when needed for auditing and fraud prevention.

6. Your rights

Under applicable Latin American privacy rules, including Colombia's Habeas Data framework, Mexico's LFPDPPP and Brazil's LGPD, users may exercise the following rights.

  • Learn what personal data Gudfy holds about them.
  • Correct, update or rectify inaccurate information.
  • Request deletion of an account and its associated data.
  • Object to uses of personal data that are not necessary to operate the platform.
  • Receive an exportable copy of personal data.

How to exercise your rights

Submit a request through Gudfy's official Telegram channel. Gudfy responds within 15 business days after receiving the request.

7. Cookies and local storage

Gudfy uses strictly necessary cookies to keep users signed in and to provide CSRF protection. The analytics tools described below may place first-party measurement cookies, but not advertising cookies. Gudfy does not track behavior across unrelated websites. A browser may use local storage for interface preferences such as column order and theme; those preferences do not leave the device.

8. Analytics and session recording

Google Analytics 4 and Microsoft Clarity are enabled only on public areas such as the home page, marketplace, forum, tools, blog, information pages and login or registration forms. They are not enabled in authenticated account areas, settings, wallet, orders, profiles or the administration panel.

  • Google Analytics 4, provided by Google Ireland Ltd., records page views, time on page, device type, approximate location at city level and automatic events such as scrolling, downloads and outbound-link clicks. It does not store personal identifiers.
  • Microsoft Clarity, provided by Microsoft Corporation, creates click and scroll heatmaps and anonymous session recordings to identify usability problems. Sensitive inputs such as passwords, email addresses and card numbers are masked before leaving the device, as is text inside elements marked with data-clarity-mask.

Disabling analytics

Users can enable the Do Not Track signal in their browser, install a content blocker such as uBlock Origin or use private-browsing mode. Gudfy does not display an additional cookie banner because analytics is excluded from the entire authenticated area.

9. Security

Traffic is encrypted over HTTPS with a Let's Encrypt certificate. Passwords are stored as bcrypt hashes and cannot be viewed in plain text. The database is backed up daily. If Gudfy detects a security incident affecting personal data, affected users will be notified by email within 72 hours.

10. Minors

Gudfy is not intended for people under 18. If Gudfy identifies an account belonging to a minor, the account is suspended and its associated personal data is deleted.

11. Changes to this policy

If this policy changes, Gudfy updates the date shown on the page and notifies active account holders by email. Continued use of the platform after a change takes effect constitutes acceptance of the updated policy.

Last updated May 14, 2026. This page is an English translation for convenience. If this translation conflicts with the Spanish privacy policy, the Spanish version governs.