Privacy Policy

Last updated: June 2026

This Privacy Policy explains how MAVELLI - FZCO (“Gotya”, “we”, “us”) collects, uses, and protects personal data when you use the Gotya Service.

1. Data we collect

• Account data — email address, password (stored hashed), display name, and optional phone number.
• Transaction data — wallet activity, purchases, pulls, marketplace orders, buybacks, and redemptions.
• Payment data — handled by our payment processor (Stripe). We do not store full card numbers; we receive limited confirmation and reference data.
• Identity verification data — when you redeem a physical item or where required, identity checks are performed by a third-party provider; we store the verification status and limited reference data.
• Usage and device data — log data, IP address, and basic device/browser information used to operate and secure the Service.

2. How we use data

We use personal data to provide and improve the Service, process payments and payouts, operate the vault and fulfilment, prevent fraud and abuse, comply with legal obligations, and communicate with you about your account and support requests.

3. Legal bases

Where applicable, we process data to perform our contract with you, to comply with legal obligations, for our legitimate interests in operating and securing the Service, and—where required—based on your consent.

4. Sharing

We share data with service providers acting on our behalf, including: payment processing (Stripe), identity verification, vaulting and shipping logistics, hosting and infrastructure, and analytics. We may disclose data where required by law or to protect our rights. We do not sell your personal data.

5. International transfers

We operate from IFZA Dubai, Dubai Silicon Oasis, Dubai, United Arab Emirates, and your data may be processed in other countries. Where required, we use appropriate safeguards for international transfers.

6. Retention

We keep personal data for as long as needed to provide the Service and to meet legal, accounting, and security requirements. Identity-verification data held by our provider is deleted in line with their retention policy.

7. Security

We use technical and organisational measures to protect personal data, including encryption in transit, hashed passwords, and access controls. No system is perfectly secure, but we work to keep your data safe.

8. Your rights

Depending on your location, you may have rights to access, correct, delete, or restrict the processing of your personal data, and to object or withdraw consent. To exercise these rights, contact us at support@gotya.com.

9. Cookies

We use cookies and similar technologies that are necessary to run the Service (for example, to keep you signed in) and, where applicable, to understand usage. You can control cookies through your browser settings.

10. Children

The Service is for adults aged 18 and over. We do not knowingly collect data from children.

11. Changes

We may update this policy from time to time and will notify you of material changes through the Service.

12. Contact

For privacy questions, email support@gotya.com.