Indiemaker Privacy Policy | Data Protection, GDPR & User Rights

Last updated: 27 November 2025

1. Introduction

Indiemaker (“Indiemaker,” “we,” “us,” or “our”), operated by Apollo Black Limited, respects your privacy and is committed to protecting your personal data. We collect and process personal data to provide our curated listing platform and related services, including tools that help founders publish structured project profiles and engage in conversations that may support smooth asset or ownership transfers.

Indiemaker does not facilitate equity transactions, share transfers, or regulated financial activities. All payment processing is performed by compliant third-party providers.

This Privacy Policy explains how we collect, use, and protect your personal data. It applies globally, with additional provisions for EU/UK and U.S. residents.

This policy forms part of our Terms of Service and is governed by the laws of England and Wales.

This Privacy Policy remains valid for as long as you have an active account or use our services, including browsing our website.

2. Definitions

• Personal data: Information relating to an identified or identifiable individual.
• Special category data (as defined by GDPR): Sensitive information such as health, biometric, or political data. We do not intentionally collect this and ask users not to include it in listings or communications..
• Processing:Any operation performed on personal data.
• Controller: The entity that determines the purposes and means of processing personal data.

3. Data We Collect

We collect the following categories of personal data:

• Identity data: name, username, account details
• Contact data: email, address, phone number, address or business address
• Financial data: Billing-related data handled securely by third-party payment providers such as Stripe, PayPal, or Escrow.com. Indiemaker does not store full payment card details.
• Transaction Workflow Data: Information related to project transitions, asset transfers, or escrow.com integrated workflows between users (e.g. timestamps, communication logs, status updates).
• Profile & Listing Data: Project descriptions, URLs, screenshots, profile fields, and any information you voluntarily publish on your listing or profile, including optional external links (GitHub, LinkedIn, website, etc.).
• Technical Data: IP address, device identifiers, browser type, operating system, cookies, usage logs.
• Optional Demographic / Preference Data: e.g. language preference, country selection

Providing personal data is voluntary, but certain features may not function without it.

We may appoint trusted third-party processors to handle data under contract and in accordance with applicable regulations.

4. How We Use Your Data (Purposes & Legal Bases)

We process personal data for the following purposes:

• Account creation & platform functionality - performance of contract
• Facilitating project listing workflows performance of contract, legal obligation
• Payment processing (via third parties) - performance of contract, legal obligations
• Platform integrity, fraud prevention, and safety - legitimate interests, legal obligations
• Analytics and service improvement - legitimate interests – anonymised where possible
• Marketing and community updates consent or legitimate interests, with opt-out
• Regulatory compliance, audits, and legal requests - legal obligations

We do not use sensitive personal information to infer characteristics.

5. Cookies & Tracking

We use cookies and similar technologies for:

• Essential functionality (cannot be disabled)
• Analytics (require consent in EU/UK)
• Advertising/retargeting (only with explicit opt-in consent)

Users in the EU/UK will be shown a cookie banner with the option to accept or decline non-essential cookies. Users can modify their preferences at any time.

6. Data Sharing & Third Parties

We may share data with:

• Payment processors (Stripe, PayPal, Escrow.com, etc.)
• Hosting & infrastructure providers (AWS, Google Cloud ect.)
• Analytics providers (Google Analytics, Fathom ect.)
• Identity verification and fraud prevention tools (Stripe Identity)
• Legal advisors, auditors, dispute resolution providers and other professional advisors
• Other users of the platform when you publish listings, profiles, or messages

We do not sell personal data.

Indiemaker does not broker transactions or provide financial advisory services.

Links to third-party websites are provided for convenience; their privacy practices are separate from ours.

7. International Transfers

If personal data is transferred outside the UK/EU, we use recognised safeguards such as:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions
• Explicit consent when required

8. Data Retention

We retain personal data only as long as necessary:

• Account data: active period + 2 years after closure
• Transaction/transition data: 7 years (legal obligations)
• Marketing data: until consent is withdrawn or 2 years of inactivity
• Technical logs: up to 12 months

After these periods, data is deleted or anonymised.

9. Security

We implement industry-standard technical and organisational safeguards including:

• Encryption
• Access controls
• Monitoring
• Regular audits

Breaches will be reported to affected users and regulators as required.

10. Your Rights (EU/UK GDPR)

If you are located in the EU or UK, you may request:

• Access to your data
• Correct inaccurate data
• Deletion (“right to be forgotten”)
• Restriction or objection to processing
• Data portability (machine-readable format)
• Withdrawal of consent
• Right to lodge a complaint with supervisory authority

Requests can be submitted to: support@indiemaker.com. We will respond within 30 days and may require identity verification.

11. Your Rights (U.S. State Laws)

Under CCPA/CPRA, Colorado, Virginia, and other privacy laws, you may have rights including:

• Knowing categories of data collected
• Access, correction, or deletion of your data
• Opt out of the “sharing” for advertising
• Non-discrimination for exercising rights

We do not sell personal data.

To exercise these rights, contact support@indiemaker.com

12. Children’s Data

We do not knowingly allow users under 16 to create accounts. For users aged 16–18, parental consent may be required under local law. If we discover data collected from a child without consent, we will delete it.

13. Changes to This Policy

We may update this Privacy Policy periodically. If changes are material, users will be notified before they take effect. Continued use after updates constitutes acceptance. If you do not consent, you must immediately stop accessing and/or using this website and our services.

14. Contact

If you have questions about this Privacy Policy or our data practices, please use our Contact Form or support@indiemaker.com