STOAR Privacy Policy

1. Roles

STOAR operator acts as controller for account/platform data and as processor where required for merchant operations.

Merchants are separate controllers for customer data they process for their own orders and support.

2. Data categories

Account and identity data, technical logs, order/payment metadata, support communication, and security events.

3. Purpose and legal basis

Platform operation, security, fraud prevention, contractual performance, legal compliance, and legitimate interests.

4. Data sharing

Data may be shared with payment providers, hosting providers, and essential subprocessors under contractual safeguards.

5. Retention

Data is stored only for the period needed for service delivery, legal obligations, dispute handling, and security.

6. Data subject rights

You may request access, correction, deletion, restriction, objection, and portability where applicable.

Requests: hello@stoar.page

7. Complaints

You may file a complaint with your local supervisory authority (in CZ: UOOU).