Privacy Policy

1. Data Controller

The sellX platform (sell1x.com) is operated by the sellX team ("we," "us," or "Platform"), which is the entity responsible for processing the personal data collected through this Platform as a data controller under Egyptian Personal Data Protection Law No. 151 of 2020 and its executive regulations.

For any privacy or data protection matter, contact us at: [email protected]

2. Scope of This Policy

This Privacy Policy applies to:

• Sellers: Individuals or businesses that create sellX accounts to manage their stores and orders.
• Buyers: Individuals who browse or place orders through a store powered by sellX.
• Visitors: Individuals who visit sell1x.com without creating an account.

This Policy does not extend to third-party websites that may be linked from the Platform. For buyer data handled by sellers outside the Platform, the relevant seller's own privacy practices apply (see Section 10).

3. Legal Basis for Processing (Law No. 151 of 2020)

We process personal data on the following legal grounds:

• Contract performance: To create and manage seller accounts, operate storefronts, and process orders.
• Legitimate interest: For security, fraud prevention, error monitoring, and Platform improvement, where this does not override individuals' rights and reasonable expectations.
• Legal obligation: To comply with Egyptian law, court orders, and regulatory requirements.
• Consent: For marketing communications and any future optional communication channels (such as WhatsApp or SMS). You may withdraw your consent at any time without affecting the lawfulness of processing that occurred before withdrawal.

4. Information We Collect

4.1 Seller account data

• Full name
• Email address
• Password (stored as a secure hash — never stored in plain text)

4.2 Seller store and profile data

• Store name (in Arabic and/or English)
• Store URL (subdomain on sell1x.com)
• Store category and city/governorate
• Phone number (business WhatsApp number)
• Store logo and banner images
• Product catalog (names, descriptions, pricing, images, inventory)
• Publicly declared payment details (e.g. cash-on-delivery instructions or seller-operated payment methods)

4.3 Buyer and order data

When a buyer places an order through a sellX-powered store, we collect:

• Buyer name
• Buyer phone number
• Buyer email address (optional)
• Delivery address (street, city, governorate)
• Order details (products, quantities, pricing, chosen payment method)
• Order notes entered by the buyer

This data is stored in sellX systems and made accessible to the seller for order fulfillment. Sellers are responsible for how they use their customers' data outside the Platform (see Section 10).

4.4 Technical and device data

For security and Platform operation, our servers log standard technical data including: IP address, browser type and version, operating system, pages visited, and timestamps. This data is used solely for security monitoring, error diagnosis, and infrastructure management. It is not used for behavioral advertising.

4.5 Platform analytics

We collect aggregated, anonymized usage data (such as page views, feature usage patterns, and general order volumes) to improve the Platform experience and features. This analytics data is internal and aggregated. We do not use third-party tracking tools such as Google Analytics or similar services.

5. Cookies and Local Storage

We use only a small number of technically necessary cookies and browser storage items:

We do not use advertising cookies, third-party tracking pixels, or behavioral profiling tools. We do not use Google Analytics or similar tracking services.

6. How We Use Your Information

We use the data we collect for the following purposes:

• Creating, managing, and verifying seller accounts.
• Operating your storefront and making it accessible to buyers.
• Processing and routing orders and providing their details to the seller.
• Sending transactional emails (email verification, password resets, order notifications).
• Delivering the Managed Service to enrolled subscribers.
• Monitoring and preventing security incidents, errors, and abuse.
• Improving Platform reliability, performance, and features.
• Complying with applicable Egyptian legal and regulatory obligations.

7. Cash on Delivery (COD)

The Platform primarily supports cash-on-delivery (COD) orders. sellX does not process any electronic payment transactions and does not hold funds for any party. Credit card numbers, bank account details, or payment card data are never collected or stored by sellX.

Some sellers may choose to accept direct electronic payments from their customers outside the Platform. In such cases, the payment transaction is exclusively between the seller and the buyer, and sellX plays no role in that transaction.

8. When We Share Your Information

We do not sell your personal data to anyone, ever. We may share information only in the following circumstances:

• Technical service providers: Companies that help us operate the Platform (email delivery, cloud hosting, error monitoring) — only to the extent necessary for them to provide their service to us, and under contractual confidentiality obligations.
• Legal compliance: When required by Egyptian law, regulation, court order, or competent government authority.
• Business transfers: In the event of a merger, acquisition, or sale of material assets, your data may transfer to the successor entity under the same privacy protections. We will notify you of any such event.

9. Third-Party Service Providers

We engage the following technical partners to operate the Platform, each governed by their own privacy policy:

• Mailgun (EU region): Transactional email delivery. Receives the recipient's email address and message content solely for delivery purposes.
• Sentry (sentry.io): Production error monitoring. Captures technical error data (stack traces, error messages). We do not intentionally send personally identifiable information to Sentry.
• DigitalOcean: Cloud hosting and file storage (uploaded images). Data may be processed in DigitalOcean data centers located outside Egypt.

10. Sellers as Data Controllers for Buyer Data

Sellers who use sellX are independent data controllers for the personal data of their customers collected through their stores on the Platform. sellX acts as a data processor on behalf of the seller, storing and providing access to this data within the Platform.

Sellers are responsible for:

• Using buyer data solely for order fulfillment and related after-sales service.
• Not sharing or selling buyer data to any third party without explicit consent.
• Complying with Egyptian Personal Data Protection Law No. 151 of 2020 in all their handling of buyer data.
• Informing buyers about how their data will be used where required by law.

sellX is not responsible for any violation committed by a seller in their handling of buyer data.

11. International Data Transfers

Some of our service providers operate outside Egypt (including the EU and the United States). When personal data is processed outside Egypt, we take steps to ensure that appropriate safeguards are in place in accordance with Egyptian Personal Data Protection Law No. 151 of 2020 and its executive regulations.

This includes relying on contractual obligations with service providers requiring them to uphold equivalent data protection standards and to use the data only to the extent necessary to provide their service.

12. Data Security

We implement appropriate technical and organizational measures to protect the data stored on the Platform, including:

• HTTPS encryption for all communications between the browser and server.
• Password hashing using secure algorithms (passwords are never stored in plain text).
• Session and token management through industry-standard libraries.
• Rate limiting on sensitive endpoints to prevent automated attacks.
• Internal access to user data restricted on a least-privilege basis.

No system can guarantee absolute security, and we cannot guarantee the security of information transmitted over networks outside our control. If you discover any breach or suspicious activity, contact us immediately at [email protected].

13. Data Retention

• Seller account and store data: Retained while the account is active and for one year after closure for legal and audit purposes.
• Buyer order data: Retained for the duration of the seller's account and for three years thereafter to satisfy Egyptian commercial records requirements.
• Technical logs: Retained for a maximum of 90 days and then automatically deleted.
• Upon deletion request: Data deletion is carried out within 60 days of the request, retaining only what we are legally obliged to keep.

14. Your Rights Under Egyptian Law No. 151 of 2020

Egyptian Personal Data Protection Law grants you the following rights:

• Right of access: Obtain a copy of the personal data we hold about you.
• Right to rectification: Correct any inaccurate or incomplete data.
• Right to erasure: Request deletion of your data in cases permitted by law, subject to legal retention obligations.
• Right to object: Object to processing of your data carried out on the basis of legitimate interest.
• Right to data portability: Receive a copy of your data in a structured, machine-readable format.
• Right to withdraw consent: Withdraw your consent at any time when consent is the legal basis for processing, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days of receipt.

You also have the right to lodge a complaint with the National Telecom Regulatory Authority (NTRA) as the competent data protection supervisory authority in Egypt if you believe your rights have been violated.

15. Future Communications — WhatsApp and SMS

Our current communications are limited to necessary transactional emails. We do not send marketing messages without your request.

In the future, sellX may introduce additional notification channels via WhatsApp or SMS. These channels will not be activated without your explicit, separate consent, and a clear and easy opt-out mechanism will always be available.

16. Minors

The sellX seller platform is intended for users who are at least 18 years old. We do not knowingly collect personal data from any person under 18. If you believe a minor has created an account on the Platform, contact us immediately at [email protected] and we will take appropriate action.

17. Data Breach Notification

In the event of a material security breach affecting your personal data, we commit to:

• Notifying affected users as promptly as possible once the breach is confirmed and its scope assessed.
• Notifying the National Telecom Regulatory Authority (NTRA) within 72 hours of discovering the breach, as required by Law No. 151 of 2020.
• Taking immediate measures to contain the damage and secure affected systems.

18. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes that affect how your data is processed, we will send notice to your registered email address at least 30 days before the new effective date. The updated effective date shown at the top of this page always reflects the date of the last revision.

19. Contact and Supervisory Authority

For privacy inquiries or to exercise your data rights:
Email: [email protected]

For complaints regarding personal data processing, you have the right to contact the National Telecom Regulatory Authority (NTRA) as Egypt's competent data protection supervisory authority.