wood-deal
Wood companies
Biomass marketplace
Pellet trading
Verified profiles
Buy & Sell
Wood companies
Back to home

Privacy Policy

Last updated: March 19, 2026 — Version 1.0

1. Data Controller

Wood-Deal ("we", "us", "our") is operated by Vive Future, a company registered in Poland. We operate the website wood-deal.com and the associated B2B biomass marketplace platform. We are the data controller responsible for your personal data in accordance with the General Data Protection Regulation (GDPR, EU 2016/679).

Registered address:

Vive Future

ul. Popiełuszki 1/24

16-400 Suwałki, Poland

NIP: 8442381210

Contact: privacy@wood-deal.com

2. Data We Collect

We collect the following categories of personal data:

  • Account data: first name, last name, email address, phone number, hashed password.
  • Company data: company name, VAT number, country, region, address, description, logo, banner images.
  • Usage data: listings created, buy requests, messages sent through leads, negotiation history.
  • Technical data: IP address, browser type, access timestamps, cookies (httpOnly session token).
  • Documents: files you upload (certifications, photos, documents) stored in our secure storage.
  • Google account data (optional): if you sign in with Google, we receive your Google email, name, and Google user ID.

3. Legal Basis for Processing

  • Contract performance (Art. 6(1)(b) GDPR): processing necessary to provide the marketplace service you registered for.
  • Consent (Art. 6(1)(a) GDPR): for optional features such as email notifications and marketing.
  • Legitimate interest (Art. 6(1)(f) GDPR): fraud prevention, security monitoring, service improvement.
  • Legal obligation (Art. 6(1)(c) GDPR): where required by applicable law.

4. How We Use Your Data

  • To create and maintain your account and company profile.
  • To display your listings and buy requests on the marketplace.
  • To facilitate communication between buyers and sellers through leads/messages.
  • To send transactional emails (verification codes, deal notifications).
  • To prevent abuse via rate limiting and IP logging.
  • To generate anonymized analytics and price snapshots for market transparency.

5. Data Sharing

We do not sell your personal data. We share data only with:

  • Other platform users: your company name, listings, and contact information are visible to registered users according to the platform's access tiers.
  • Service providers: Supabase (database & storage hosting), Vercel (frontend hosting), Railway (backend hosting), Resend (transactional email), Google (Maps API, OAuth).
  • Legal authorities: when required by law or to protect our rights.

6. Data Storage & Security

Your data is stored on servers located within the European Union (Supabase EU region). We employ industry-standard security measures including:

  • Encrypted connections (HTTPS/TLS) for all data in transit.
  • Passwords hashed with bcrypt (12 rounds).
  • HttpOnly, Secure cookies for authentication tokens.
  • Row Level Security (RLS) on all database tables.
  • Rate limiting on sensitive endpoints.

7. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., audit logs may be retained for up to 12 months).

8. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access: request a copy of your personal data.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion of your data ("right to be forgotten").
  • Restriction: request restriction of processing.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@wood-deal.com. We will respond within 30 days.

9. Cookies

We use a single essential httpOnly cookie (wood-deal-token) for session authentication. This cookie is strictly necessary for the service to function and does not require consent under GDPR. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

10. International Data Transfers

Some of our third-party service providers are located outside the European Economic Area (EEA). Specifically, Google (Maps API and OAuth) may process data in the United States. We ensure adequate protection through Standard Contractual Clauses (SCCs) approved by the European Commission under Article 46(2)(c) GDPR, the EU–U.S. Data Privacy Framework, and adequacy decisions under Article 45 GDPR. You may request a copy of applicable safeguards at privacy@wood-deal.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top of this page indicates the latest revision.

12. Contact & Complaints

If you have questions about this Privacy Policy or wish to file a complaint, contact us at privacy@wood-deal.com. You also have the right to lodge a complaint with your local data protection authority.