Privacy Policy
Versie 1.0.0 · laatst bijgewerkt 2026-07-03 · Nederlands
Privacy Policy
Cloudmarktplaats is built to be privacy-friendly: no trackers, no ad networks, no cookie-banner theatre. This policy explains which data we process, why, and what rights you have. Where we make a promise, it is also enforced in the code. This is an English courtesy translation; the Dutch version prevails in case of any discrepancy.
1. Data controller
The data controller is Aldewereld Consultancy, postal address Nieuwe Hemweg 26, 1013 CX Amsterdam, the Netherlands, Chamber of Commerce no. 61862533. Privacy questions: privacy@cloudmarktplaats.nl.
2. What data we process
Account: email address, username, display name and an encrypted hash of your password. Optionally, if you choose that login method: a GitHub or GitLab identity (OAuth) or an Ethereum wallet address (Sign-In With Ethereum). If you enable 2FA, we store your 2FA secret encrypted.
Listings and homelab posts: the text, category and photos you post. When you upload a photo, its metadata (EXIF, including any GPS location) is automatically stripped before the photo is stored.
Usage and abuse prevention: technical logs. IP addresses are automatically erased within 24 hours. For relaying messages and reporting listings we keep only minimal data (see below).
3. What we deliberately don't do
- No tracking cookies, no analytics, no advertising or profiling networks.
- No selling or renting of your data to third parties.
- The contact form sends your message as a one-off email to the seller. We do not store the contents of those messages and do not keep your email address; we only record that a message was relayed for a listing, and when.
- The homelab feed is publicly anonymous: visitors never see who posted.
4. Purposes and legal basis
| Purpose | Legal basis (GDPR) |
|---|---|
| Your account and providing the service | Performance of the contract |
| Displaying listings and homelab posts | Performance of the contract |
| Security, abuse and fraud prevention, rate limiting | Legitimate interest |
| Email verification and account security (2FA) | Performance of the contract |
| Complying with legal obligations | Legal obligation |
5. Retention
- IP addresses: within 24 hours.
- Account: for as long as you have an account. On deletion we erase your account data; some data may be kept briefly where needed for abuse prevention or a legal obligation.
- Listings and homelab posts: until you delete them or close your account.
- Reports: for as long as needed to handle them and prevent repeat abuse.
6. Recipients and hosting
The platform runs on our own infrastructure, hosted in the Netherlands. We use a few processors that are strictly necessary:
- Email delivery (verification and system emails, relayed contact messages) via our email provider.
- Login via GitHub or GitLab (only if you choose that method): we exchange data with that party to authenticate you.
We do not disclose data to other parties unless legally required to.
7. Cookies
We set only strictly necessary, functional cookies (your session and a CSRF security token). These require no consent and we show no cookie banner. There are no tracking or marketing cookies.
8. Your rights
You have the right to access, rectification, erasure, restriction, objection and portability of your data. Send your request to privacy@cloudmarktplaats.nl. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl).
9. Security
Measures we apply include: automatic stripping of photo metadata, encryption of 2FA secrets, two-factor authentication, rate limiting against abuse, and self-hosted infrastructure. No system is 100% secure; report a vulnerability to privacy@cloudmarktplaats.nl.
10. Changes
We may amend this policy. The current version is always on this page.