Aventacart logo
Aventacart
All categories

Privacy Policy

Last updated: 3 May 2026

1. Who We Are

Aventacart is operated by Aventa Technologies Ltd. For UK GDPR and the Data Protection Act 2018, we are the data controller for platform account data, seller application data, marketplace administration, support records and security logs.

Approved sellers may also act as independent controllers for the buyer details they receive to fulfil orders, handle returns, answer enquiries and meet their own legal obligations.

2. Information We Collect

Buyer and account data

Name, email address, hashed password, account role, login activity, order contact details, delivery address, order history, return/cancellation requests and support messages.

Seller application and storefront data

Full name, business name, email, phone, city, address, postcode, Instagram or website links, product categories, business description, sample product images, optional food registration/reference, local authority, hygiene rating, food safety documents and admin review notes.

Product and media data

Product names, descriptions, prices, categories, images, storefront logos/banners and other seller-uploaded content. Sellers are responsible for making sure uploaded content is accurate, lawful and something they are allowed to share.

Payment and provider data

Payment references, checkout session IDs, payment status, refund status, transfer status and connected-account references. Card details, seller verification and payouts are handled by payment providers such as Stripe, not stored as card details by Aventacart.

Security and technical data

IP address, browser/device information, request metadata, captcha verification results, consent records, audit logs and error logs used to secure and operate the service.

3. How We Use Information

  • To create accounts and authenticate users.
  • To receive, review and manage seller applications.
  • To publish approved seller storefronts and products.
  • To process orders, returns, cancellations and refunds.
  • To send service emails, application notices and support replies.
  • To prevent fraud, spam, abuse and unauthorised access.
  • To comply with legal, tax, accounting and security obligations.

4. Lawful Bases

  • Contract: to provide accounts, storefronts, checkout, orders and seller tools.
  • Legitimate interests: to review sellers, protect marketplace trust, prevent misuse, secure the service and improve operations.
  • Legal obligation: to keep required records and respond to lawful requests.
  • Consent: where we ask you to agree to specific processing, such as accepting terms/privacy during signup or seller application.

5. Who We Share Data With

We do not sell personal data. We share data only where needed to operate Aventacart, including hosting providers, email providers, analytics/security tooling where enabled, captcha providers, payment providers such as Stripe, and approved sellers who need order details to fulfil purchases and handle returns.

If data is processed outside the UK, we use appropriate safeguards where required, such as adequacy decisions or standard contractual clauses.

6. Seller Documents, Images and Product Responsibility

Seller-submitted documents and images are used for application review, product display, storefront operation, order support, safety checks and dispute handling. Sellers remain responsible for the accuracy, legality and ownership rights of uploaded product content and business documents.

7. Retention

  • Account data is kept while the account is active.
  • Order, payment reference, refund and dispute records may be kept for legal, accounting, fraud-prevention and support reasons.
  • Seller applications, review notes and consent records may be kept to evidence approval decisions and marketplace safety.
  • Uploaded product images and storefront media are retained while the product/storefront is active, unless removed or required for a dispute/legal record.
  • Security logs are kept only as long as reasonably needed for security, debugging and audit purposes.

8. Your UK GDPR Rights

You may have the right to access, correct, erase, restrict, object to processing, request portability, withdraw consent and complain to the UK Information Commissioner's Office.

Access and export

You can request a copy of your personal data. Marketplace export workflows may be expanded as the product grows.

Erasure

You can request account deletion, subject to records we must keep for orders, disputes, tax, fraud prevention, security or legal obligations.

9. Security

We use access controls, encryption in transit, password hashing, role-based admin permissions, captcha checks and operational logging to protect the platform. No internet service is completely risk-free, so sellers and buyers should also protect their account credentials.

10. Contact

For privacy questions or data-rights requests, contact us via the Support page or by email at support@aventacart.com.