Indiemaker Privacy Policy | Data Protection, GDPR & User Rights

Last updated: 2 October 2025

1. Introduction

Indiemaker (“Indiemaker,” “we,” “us,” or “our”) – operated by Apollo Black Limited – respects the rights of data subjects whose personal data is collected and used by it, including their right to protection against the unlawful collection, retention, sharing, and use of such personal data.

This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our marketplace and related services. It applies globally, with additional disclosures for EU/UK and U.S. residents as set out below.

This Privacy Policy shall serve as a standing notification to data subjects about Indiemaker's processing activities and remains valid for as long as you have an active account or use our services, including browsing our website.

This Privacy Policy forms part of our Terms of Service, and its interpretation and enforcement shall be governed by the laws of England and Wales.

2. Definitions

• Personal data means information relating to an identified or identifiable individual.
• Special categories of personal data (as defined by GDPR) include health, biometric, or sensitive information. We do not intentionally collect these and ask users not to provide them in listings or communications.
• Processing means any operation performed on personal data.
• Controller means the entity that determines the purposes and means of processing personal data.

3. Data We Collect

We collect the following categories of personal data:

• Identity data: name, username, account details
• Contact data: email, address, phone
• Financial data: billing details (via payment providers)
• Transaction data: purchases, sales, escrow transactions
• Profile & listing data: content you publish in profiles, project listings, forums (e.g. optional profile URLs such as LinkedIn, GitHub, or personal websites)
• Technical data: IP, browser type, device ID, cookies
• Optional demographic data (only if you choose to provide it, e.g. language preference, country code)

Providing personal data is voluntary, but some services may not be available without certain details (e.g. payment information for transactions).

We may also instruct trusted third-party data processors (e.g. hosting providers, payment processors) to undertake processing activities on our behalf under contract.

4. How We Use Your Data (Purposes & Legal Bases)

We process data for the following purposes, under the lawful bases set out by GDPR:

• Account creation & management (performance of contract)
• Transaction facilitation (performance of contract with buyer/seller)
• Payments (performance of contract, legal obligations)
• Marketplace safety, fraud prevention, and dispute resolution (legitimate interests, legal obligations)
• Analytics and service improvement (legitimate interests – anonymised where possible)
• Marketing and community communication (consent or legitimate interests, with opt-out)
• Compliance with law, audits, and regulatory requests (legal obligations)

5. Cookies & Tracking

We use cookies and similar technologies to provide and improve our services:

• Strictly necessary cookies – essential for core functions (cannot be disabled)
• Analytics cookies – to understand usage (require consent in EU/UK)
• Advertising/retargeting cookies – only with explicit opt-in consent

Users in the EU/UK will be shown a cookie banner with the option to accept or decline non-essential cookies. Preferences can be updated at any time.

6. Data Sharing & Third Parties

We may share personal data with the following categories of recipients:

• Payment providers (Stripe, PayPal, Escrow.com, etc.)
• Hosting & infrastructure providers (e.g. AWS, Goofle, cloud hosting)
• Analytics providers (e.g. Google Analytics)
• Fraud prevention & identity verification services (e.g. Stripe Identity)
• Professional advisers, legal authorities, dispute resolution providers
• Other users of the marketplace, when you publish listings, profiles, or messages

We do not sell personal data. Sharing is limited to the categories above, under contract and lawful bases.

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites.

7. International Transfers

If we transfer your data outside the UK/EU, we use recognised safeguards such as European Commission Standard Contractual Clauses (SCCs), adequacy decisions, or explicit consent.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy:

• Account data: retained while active + 2 years after closure
• Transaction/payment data: retained 7 years (to meet legal obligations)
• Marketing contact data: until consent is withdrawn or 2 years of inactivity
• Technical logs: up to 12 months

After these periods, data is securely deleted or anonymised.

9. Security

We use appropriate technical and organisational safeguards, including encryption, access controls, monitoring, and regular audits. While no system is 100% secure, we act promptly to address any breach and will notify affected users and regulators as legally required.

10. Your Rights (EU/UK GDPR)

If you are located in the EU or UK, you have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion (“right to be forgotten”)
• Restrict or object to processing
• Data portability (machine-readable format)
• Withdraw consent at any time
• Lodge a complaint with your local Data Protection Authority

To exercise these rights, please use our Support Form or email support@indiemaker.com. We will respond within 30 days and may require identity verification.

11. Your Rights (U.S. State Privacy Laws)

If you are a resident of California, Colorado, Virginia, or other U.S. states with privacy laws, you may have the following rights (subject to verification):

• The right to know the categories of personal data we collect and disclose
• The right to request access, correction, or deletion of your personal data
• The right to opt out of the “sale” or “sharing” of personal data (we do not sell personal data, but may share for advertising subject to opt-out)
• The right to non-discrimination for exercising privacy rights

To exercise these rights, contact support@indiemaker.com

12. Children’s Data

We do not knowingly allow users under 16 to create accounts. For users aged 16–18, parental consent may be required under local law. If we learn that we have collected personal data from a child without consent, we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you (by email or in-app) before they take effect. Continued use of our services after updates constitutes acceptance. If you do not consent, you must immediately stop accessing and/or using this website and our services.

14. Contact

If you have questions about this Privacy Policy or our data practices, please use our Contact Form or privacy@indiemaker.com