Privacy Policy

Last updated: March 2026

1. Introduction

teum, LLC ("T|EUM," "we," "us," or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website at teum.io (the "Platform") or use our services.

This Policy applies to all Users of the Platform, including Buyers, Sellers, and visitors. By using the Platform, you consent to the data practices described in this Policy. If you do not agree with any part of this Privacy Policy, please discontinue use of our Platform immediately.

We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) for Users in the European Economic Area (EEA), the California Consumer Privacy Act (CCPA) for California residents, and the Personal Information Protection Act (PIPA) of the Republic of Korea.

2. Data Controller

The data controller responsible for your personal information is:

Company: teum, LLC
Incorporated in the State of Delaware, United States
Email: support@teum.io
Website: https://teum.io

For payment-related data processing, Stripe acts as a data processor for the personal information it processes on our behalf.

3. Information We Collect

We collect the following categories of information:

Account Information: When you create an account, we collect your display name, email address, and password (hashed). If you register via Google or GitHub, we receive your name, email, and profile picture from the authentication provider.

Transaction Data: When you buy or sell Products, we collect purchase history, transaction amounts, payment status, escrow records, and payout information. Payment card details are processed exclusively by Stripe and are never stored on our servers.

Profile Information: Any additional information you voluntarily provide, including your bio, profile picture, referral code, and payout settings.

Communication Data: Messages exchanged through our in-platform chat system, dispute filings, inquiry submissions, and customer support correspondence.

Usage Data: We automatically collect information about your interactions with the Platform, including pages visited, features used, search queries, products viewed, and actions taken.

Device and Technical Data: IP address, browser type and version, operating system, device type, screen resolution, referring URL, and access timestamps.

Cookies and Similar Technologies: We use cookies and similar tracking technologies to maintain sessions, remember preferences, and analyze Platform usage. See Section 10 for details.

4. How We Use Your Information

We use your personal information for the following purposes:

Service Delivery: To create and manage your account, process transactions, facilitate escrow, enable communication between Buyers and Sellers, and deliver purchased Digital Assets.
Payment Processing: To process payments through Stripe, manage Seller payouts through Stripe Connect, track transaction history, and prevent payment fraud.
Communication: To send transactional emails (purchase confirmations, escrow updates, payout notifications), respond to inquiries, and provide customer support via Resend email service.
Platform Improvement: To analyze usage patterns, identify bugs and performance issues, develop new features, and optimize user experience.
Security and Fraud Prevention: To detect, investigate, and prevent fraudulent transactions, unauthorized access, abuse of the Platform, and other illegal activities.
Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.
AI-Assisted Features: To provide AI-generated product descriptions, multilingual translations, and content suggestions using Google Generative AI services. Product metadata may be processed by AI models; personal information is not used for AI training.
Marketing (with consent): To send promotional communications about Platform features, new products, and marketplace updates. You may opt out of marketing communications at any time.

5. Legal Basis for Processing (GDPR)

For Users in the European Economic Area (EEA), we process personal data under the following legal bases as defined by the GDPR:

Contract Performance (Article 6(1)(b)): Processing necessary to fulfill our contractual obligations to you, including account management, transaction processing, escrow services, and product delivery.
Legitimate Interest (Article 6(1)(f)): Processing necessary for our legitimate business interests, including platform security, fraud prevention, analytics, and service improvement, balanced against your rights and freedoms.
Legal Obligation (Article 6(1)(c)): Processing necessary to comply with legal obligations, including tax reporting, anti-money laundering regulations, and responding to lawful requests from authorities.
Consent (Article 6(1)(a)): Where we rely on your consent for specific processing activities (such as marketing emails or optional cookies), you have the right to withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

6. Third-Party Service Providers

We share your personal information with the following third-party service providers, strictly as necessary to operate the Platform and deliver our services:

Stripe (Payment Processing & Seller Payouts): Stripe processes all payment transactions, manages billing, processes refunds, and handles Seller payouts via Stripe Connect. Stripe receives your name, email, billing address, and payment details.
Resend (Transactional Email): Resend delivers transactional and notification emails on our behalf. Resend receives your email address and email content.
Supabase (Database Hosting): Our database is hosted on Supabase's infrastructure. All data stored in Supabase is encrypted at rest.
Vercel (Website Hosting): Our website is hosted on Vercel's infrastructure. Vercel may process access logs containing IP addresses and request metadata.
Google (Authentication & AI): Google provides OAuth authentication and Generative AI services. Google receives authentication tokens and product metadata for AI features.
GitHub (Authentication): GitHub provides OAuth authentication. GitHub shares your public profile information during login.

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. All service providers are bound by data processing agreements that limit their use of your data to the services they provide to us.

7. International Data Transfers

T|EUM is operated from the Republic of Korea, and our service providers are located in various countries worldwide. Your personal information may be transferred to and processed in countries other than your country of residence, including the United States, the European Union, and other jurisdictions.

For transfers of personal data from the EEA to countries not deemed adequate by the European Commission, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission.
Data processing agreements with our service providers that include appropriate safeguards.
The service provider's adherence to recognized data protection frameworks.

By using the Platform, you acknowledge and consent to the transfer of your information to these jurisdictions. We take reasonable steps to ensure that your data receives an adequate level of protection in the jurisdictions in which we process it.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law:

Account Data: Retained for the duration of your active account, plus three (3) years after account deletion to comply with legal and regulatory obligations.
Transaction Records: Retained for seven (7) years after the transaction date to comply with tax, accounting, and anti-money laundering regulations.
Communication Data: Chat messages and dispute records are retained for three (3) years after the last activity in the conversation.
Usage and Technical Data: Retained for twenty-four (24) months from the date of collection.
Marketing Consent Records: Retained for the duration of consent plus three (3) years after withdrawal.

When personal data is no longer needed, we securely delete or anonymize it using industry-standard methods.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Right of Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete personal data.
Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal retention requirements.
Right to Restriction: Request that we limit the processing of your personal data under certain circumstances.
Right to Data Portability: Request your personal data in a structured, commonly used, machine-readable format.
Right to Object: Object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Where processing is based on consent, withdraw your consent at any time.
Right to Lodge a Complaint: File a complaint with your local data protection supervisory authority.

To exercise any of these rights, please contact us at support@teum.io. We will respond to your request within thirty (30) days. We may request verification of your identity before processing your request. You can also manage much of your data directly through your account profile settings, including updating personal information and deleting your account.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your information.
Right to Delete: You may request deletion of your personal information, subject to certain exceptions permitted by law.
Right to Opt-Out of Sale: We do not sell personal information. Therefore, we do not offer an opt-out of sale mechanism.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

Categories of personal information we collect include: identifiers (name, email, IP address), commercial information (purchase history, transaction data), internet activity (browsing history, search queries), and professional information (seller profile data). To submit a CCPA request, contact us at support@teum.io.

11. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

Essential Cookies: Required for Platform functionality, including authentication session management, CSRF protection, locale preferences, and shopping cart data. These cookies cannot be disabled.
Analytics Cookies: Help us understand how Users interact with the Platform, including page views, feature usage, and navigation patterns. These cookies are used to improve Platform performance and user experience.
Preference Cookies: Remember your settings and preferences, such as language selection and display preferences.

We do not use third-party advertising cookies or tracking pixels for behavioral advertising. You can manage cookie preferences through your browser settings. Disabling essential cookies may impair Platform functionality. Most browsers allow you to block or delete cookies; refer to your browser's help documentation for instructions.

12. Children's Privacy

The Platform is not intended for use by individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take immediate steps to delete that information from our records. If you believe that a child under 18 has provided us with personal information, please contact us immediately at support@teum.io.

13. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL (HTTPS). Passwords are hashed using PBKDF2-SHA512 with unique salts.
Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis. Administrative access requires multi-factor authentication.
Infrastructure Security: Our hosting infrastructure (Vercel, Supabase) maintains SOC 2 Type II compliance and employs industry-standard security practices.
Payment Security: Credit card and payment information is processed exclusively by Stripe, which is PCI DSS Level 1 compliant. We never store, process, or have access to your full payment card details.
Regular Monitoring: We monitor our systems for security incidents and vulnerabilities.

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to implementing and maintaining reasonable safeguards.

14. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority within seventy-two (72) hours of becoming aware of the breach, as required by the GDPR.
Notify affected Users without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
Provide information about the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to address the breach.

We maintain an incident response plan and conduct regular security assessments to minimize the risk and impact of data breaches.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

We will update the "Last Updated" date at the top of this Policy.
We will notify registered Users via email at least fourteen (14) days before the changes take effect.
We will post a prominent notice on the Platform.

We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the revised Policy.

16. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@teum.io
Data Controller: teum, LLC
Website: https://teum.io

For GDPR-related inquiries, you may also contact your local data protection supervisory authority.