1. INTRODUCTION & ENTITY IDENTITY
Prepvio LLC (“Prepvio,” “we,” “our,” or “us”) is a technology marketplace company incorporated and domiciled under the laws of the State of Texas, United States of America. We operate the Prepvio online marketplace platform (the “Platform”) available at prepvio.com and associated domains, which connects e-commerce sellers and fulfillment buyers (“Clients”) with independent prep center and third-party logistics operators (“Preppers”) for product inspection, labeling, bundling, kitting, storage, and fulfillment services.
For purposes of applicable data protection law including the UK GDPR, EU GDPR, and other privacy regulations, Prepvio LLC is the data controller of personal information collected through the Platform. This Policy sets forth the lawful basis, purposes, mechanisms, and conditions under which we collect, process, store, disclose, transfer, and protect personal information. It applies to all users of the Platform — including Clients, Preppers, visitors, prospective users, and any person whose data is collected through the Platform — regardless of their country of residence or location.
2. SCOPE, APPLICATION, & IMPORTANT LIMITATIONS OF LIABILITY
2.1 — Scope of This Policy
This Policy applies to personal information collected through: (a) the Prepvio website and Platform (prepvio.com and all associated subdomains); (b) the Prepvio mobile applications; (c) all email, messaging, chat, and support systems operated by Prepvio; and (d) any integrations, APIs, or connections operated by Prepvio.
2.2 — Critical Limitations of Liability & Disclaimers
IMPORTANT: This Policy does NOT apply to — and Prepvio accepts NO liability or responsibility whatsoever for the privacy practices, data handling, security, compliance practices, or content of: (i) third-party payment processors including Stripe, Inc., PayPal, or any other payment service provider; (ii) third-party marketplaces and platforms including Amazon, Walmart, eBay, TikTok Shop, or any other marketplace or sales platform; (iii) carriers, logistics providers, and shipping services; (iv) any identity verification services or third-party vendors; or (v) any other third-party websites, applications, services, or integrations linked from, referenced in, or partnered with the Platform.
Your use of any third-party service is governed exclusively by that service’s own privacy policies, terms of service, and data handling practices. Prepvio makes no representation regarding the legality, compliance, appropriateness, or adequacy of any third party’s data practices in any jurisdiction.
2.3 — Jurisdiction-Specific Notice
Prepvio makes no representation that the Platform, its data practices, or this Policy are lawful, appropriate, or compliant in every jurisdiction. If you access the Platform from a jurisdiction with stricter, different, or more restrictive data protection, privacy, or content regulations than those of the United States, you do so entirely at your own risk. Prepvio shall not be liable for any non-compliance with local laws.
3. WHAT PERSONAL INFORMATION WE COLLECT
■ Account & Registration Information: Full legal name, username, email address, phone number, password (hashed), account type designation (Client or Prepper), and country of residence.
■ Profile & Business Information: Business name, business registration details, service descriptions, pricing, service categories, turnaround times, facility photos and videos, capacity limits, shipping/item restrictions, certifications, and other listing details you choose to provide.
■ Identity & Verification Documents: Government-issued ID (driver’s license, passport), business registration certificates, proof of address, business license, tax identification documents, and any other documents required for identity verification or account feature unlocking. Submission of verification documents is optional unless required to unlock specific features (such as publishing Gigs, accepting Orders, or processing payouts). You maintain the option to decline verification and use the Platform with limited features.
■ Payment & Financial Information: Billing address, payment method type (card, bank account), payout bank account details, transaction history, and payment status. IMPORTANT: Full payment card numbers are NEVER transmitted to or stored by Prepvio servers. All card data is collected, processed, and stored exclusively by Stripe, Inc. pursuant to PCI DSS compliance standards. Prepvio only receives tokenized payment data and transaction records.
■ Communication Content: In-Platform messages and chats with other users, support tickets and inquiries, dispute submissions and supporting evidence, written feedback, reviews, ratings, and email correspondence with Prepvio.
3.2 — Information Collected Automatically
■ Usage & Activity Data: Pages and features accessed, search queries and filters used, clicks and navigation patterns, time spent on pages, session start and end times, referral sources and marketing attribution, and complete timestamps for all activities.
■ Device & Technical Information: IP address (and derived approximate location), browser type, browser version, operating system, device type, device identifiers (where applicable), screen resolution, language preferences, time zone, and installed browser extensions or plugins.
■ Cookies & Similar Tracking Technologies: HTTP cookies, persistent cookies, session cookies, web beacons, pixels, local storage, and similar client-side storage mechanisms. See Section 09 for detailed cookie disclosure.
■ Approximate Location Data: General geographic location derived from your IP address (typically at the city or regional level), used for fraud prevention, legal compliance, and service localization. We do NOT collect GPS location, precise location data, or continuously track your movements.
■ Derived or Inferred Data: Aggregated, anonymized usage patterns, inferred preferences and interests, and behavioral segments created through analytics and machine learning, used for service improvement and fraud detection.
3.3 — Information from Third Parties
■ Payment processors and payment status records (e.g., Stripe, Inc.).
■ Fraud detection and risk scoring services (e.g., Stripe Radar, third-party fraud vendors).
■ Identity verification and background check services.
■ Analytics platforms and web traffic analysis tools.
■ Public business registries, corporate databases, and business registration authorities.
■ Social login providers if you choose to authenticate via third-party account (e.g., Google, Facebook).
4. PURPOSES OF DATA PROCESSING
We process personal information for the following business and legal purposes:
■ Platform Operation & Service Delivery: Creating and maintaining your account, authenticating your identity on login, publishing and managing your Gigs and listings, matching Clients with Preppers, processing Orders, facilitating payments and payouts, enabling in-Platform messaging and communications, and providing customer support.
■ Security & Fraud Prevention: Identity and business verification, detection and investigation of fraudulent activity, abuse, unauthorized access, prohibited conduct, Terms violations, and illegal activity, including use of automated fraud detection systems.
■ Legal & Regulatory Compliance: Compliance with applicable federal, state, and local law and regulation, response to lawful government requests and court orders, tax reporting obligations (including IRS Form 1099-K for qualifying users), anti-money laundering (AML) and know-your-customer (KYC) compliance, and sanctions screening.
■ Service Improvement & Analytics: User experience analytics, A/B testing and feature testing, bug identification and resolution, performance monitoring, usage trend analysis, capacity planning, feature development, and research into Platform optimization.
■ Communications: Transactional notices (Order confirmations, payment processing, security alerts, policy updates), and marketing communications (product announcements, platform updates, promotional offers) where permitted by law and your consent, with easy opt-out available at any time.
■ Business Operations: Financial accounting and bookkeeping, audit and compliance programs, insurance and risk management, litigation and legal defense, due diligence for corporate transactions, and internal quality assurance.
■ Dispute Resolution & Enforcement: Investigation of disputes between Clients and Preppers, mediation and resolution of claims, enforcement of our Terms and Conditions, protection of Prepvio’s intellectual property and contractual rights, and pursuit of remedies for breach or violation.
■ Protection of Rights & Safety: Protection of the rights, property, and physical safety of Prepvio, our users, and the general public, including investigation and prevention of harm, fraud, and illegal activity.
5. LEGAL BASES FOR PROCESSING (GDPR / UK DATA PROTECTION LAW)
For users located in the United Kingdom or European Economic Area, Prepvio processes personal data pursuant to one or more of the following legal bases:
- Contractual Necessity
- Legitimate Interests
- Consent
- Legal Obligations
- Vital Interests or Public Interest where permitted by law
These legal bases are used depending on the nature of the service being provided and the type of data being processed.
Users may exercise applicable privacy rights by contacting support@prepvio.com.
6. DISCLOSURE & SHARING OF PERSONAL INFORMATION
Prepvio does NOT sell, rent, lease, trade, or transfer your personal information to any third party for monetary or other valuable consideration under any circumstances. Information is disclosed only as follows:
■ With Other Users (Transaction-Necessary Only): Limited profile information and Order details are shared between Clients and Preppers solely to enable a confirmed, active transaction. This may include name, business name, service type, Gig details, and Order specifications. Prepper facility addresses are disclosed only to Clients with an accepted, confirmed, active Order. All address information is subject to confidentiality and may not be used for any purpose outside the transaction.
■ With Service Providers & Data Processors: Vetted third-party vendors who act as data processors on our behalf, subject to written Data Processing Agreements (DPAs) incorporating GDPR, CCPA, and other applicable requirements. Processors include: hosting providers, payment processors (Stripe, Inc.), email delivery services, identity verification vendors, analytics tools, fraud detection systems, customer support platforms, and business communication tools.
■ With Legal & Regulatory Authorities: Where required by applicable law, regulation, court order, subpoena, or governmental directive; where necessary to protect the safety, rights, or property of Prepvio, our users, or the public; or to investigate fraud, illegal activity, or Terms violations.
■ In Corporate Transactions: In connection with a merger, acquisition, financing, restructuring, asset sale, or other corporate transaction, subject to confidentiality obligations and notice to affected users where legally required. Acquirers will be bound by this Policy or obligated to provide notice of material changes.
■ To Enforce Rights & Protect the Platform: To detect, prevent, investigate, or address fraud, abuse, security threats, illegal activity, Terms violations, or threats to the physical safety of any person or the integrity of the Platform.
■ With Your Explicit Written Consent: For any other purpose you specifically authorize in writing through a signed consent form, email, or other verifiable means.
IMPORTANT: Prepvio does not provide direct marketing lists, email addresses, or personal information to third-party marketers, advertisers, or commercial entities. We may use your information for Prepvio’s own marketing purposes, from which you may opt out at any time.
7. INTERNATIONAL DATA TRANSFERS & MECHANISMS
Prepvio is headquartered in the United States. Our infrastructure, service providers, and back-office operations may be located in the United States or other countries. If you access the Platform from outside the United States — including from Pakistan, India, Bangladesh, Nepal, the United Kingdom, or the European Economic Area — your personal information will be transferred to, stored, and processed in the United States and potentially other jurisdictions.
For UK / EEA Users — Transfer Mechanisms: We rely on one or more lawful mechanisms to legitimize such transfers, including:
■ International Data Transfer Agreement (IDTA) and UK Addendum (as applicable to UK recipients).
■ EU Standard Contractual Clauses (SCCs) for transfers from EEA to third countries.
■ Adequacy decisions where applicable.
■ Other mechanisms permitted by applicable law.
By using the Platform, you acknowledge that your data will be transferred, stored, and processed outside your country of origin, potentially in jurisdictions with different data protection standards, and you consent to such transfers.
LIMITATION OF LIABILITY FOR FOREIGN JURISDICTIONS: Prepvio accepts NO liability whatsoever for the data protection laws, regulations, government actions, surveillance practices, or other conduct of any foreign jurisdiction that is beyond our reasonable control. Users accessing the Platform from jurisdictions with restrictive data protection laws do so at their own risk.
8. DATA SECURITY MEASURES & LIMITATIONS
Prepvio implements commercially reasonable administrative, technical, and physical security measures to protect personal information against unauthorized access, loss, destruction, alteration, or disclosure, including:
■ Encryption of all data in transit via TLS 1.2+ protocols (HTTPS).
■ Secure hashing and salting of authentication credentials using industry-standard algorithms.
■ Role-based access controls (RBAC) and the principle of least privilege for internal data access.
■ Regular security assessments, vulnerability scanning, and penetration testing.
■ Incident response procedures, logging, and audit trails.
■ Data processing agreements and security requirements binding all third-party vendors.
■ Employee confidentiality and background screening procedures.
CRITICAL SECURITY DISCLAIMER — NO GUARANTEE OF ABSOLUTE SECURITY: Despite our security efforts, NO method of electronic transmission, storage, or data protection is 100% secure. Prepvio CANNOT guarantee and does NOT warrant the absolute security of your personal information. You transmit information to the Platform at your own risk. |
Prepvio shall NOT be liable for any unauthorized access, data breach, loss, destruction, alteration, or disclosure of personal information that results from: (a) circumstances beyond our reasonable control (natural disasters, war, cyberattacks, acts of God); (b) third-party intrusions, cyberattacks, or exploits not caused by our negligence; (c) your failure to maintain the confidentiality of your login credentials or two-factor authentication codes; (d) vulnerabilities in third-party software or service providers; or (e) any other cause not directly attributable to our breach of industry-standard security practices. 9. COOKIES & TRACKING TECHNOLOGIES Prepvio uses cookies and similar tracking technologies (web beacons, pixels, localStorage, sessionStorage) to operate the Platform, secure user sessions, remember preferences, analyze usage, and, where permitted by law and your consent, deliver targeted marketing. Categories: You may control cookies through your browser settings, opt-out of third-party tracking through industry standard mechanisms (e.g., aboutads.info), or contact us for opt-out requests. Prepvio is NOT liable for any service degradation, loss of functionality, or impaired user experience resulting from your cookie opt-outs or browser restrictions. 10. DATA RETENTION & DELETION Prepvio retains personal information only as long as necessary for the purposes described in this Policy, to comply with legal and regulatory obligations, resolve disputes, enforce agreements, and protect our legitimate business interests. 11. YOUR PRIVACY RIGHTS & HOW TO EXERCISE THEM Subject to verification of your identity and applicable law, you may exercise the following rights: ■ Access (Right to Know): You may request confirmation of whether we process your personal data and receive a copy of such data in a portable format. ■ Rectification (Right to Correct): You may request that we correct inaccurate, incomplete, or outdated personal data. ■ Erasure (Right to be Forgotten): You may request deletion of your data, subject to legal retention obligations, outstanding disputes, or our legitimate interests. ■ Restriction of Processing: You may request that we restrict processing of your data in certain circumstances while we investigate your request. ■ Portability (Right to Data Portability): You may request your data in a structured, machine-readable format suitable for transfer to another service provider. ■ Objection (Right to Object): You may object to processing based on our legitimate interests or for direct marketing purposes. ■ Withdraw Consent: If we rely on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing. ■ Supervisory Authority Complaint (UK / EEA Users): You may lodge a complaint with your national data protection authority (e.g., UK ICO, relevant national DPA in the EEA). How to Submit Requests: Contact support@prepvio.com with: (a) your full name and account email; (b) description of your request; (c) government-issued ID for identity verification. We will respond within 30 days of a verified request or as required by applicable law. Grounds for Refusal: Prepvio reserves the right to deny requests that are: (a) manifestly unfounded or repetitive; (b) excessive or burdensome to fulfill; (c) in conflict with our legal obligations; (d) harmful to the privacy or rights of other users; or (e) contrary to our legitimate business interests. Denial of a request does NOT constitute a breach of this Policy. If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA): 12 CALIFORNIA RESIDENTS — CCPA & CPRA RIGHTS ■ Right to Know: request disclosure of personal information collected, used, and shared in the past 12 months. ■ Right to Delete: request deletion of personal information, subject to legal exceptions. ■ Right to Correct: request correction of inaccurate personal information. ■ Right to Opt Out: opt out of the “sale” or “sharing” of your personal information. ■ Right to Limit: limit use of sensitive personal information. ■ Right to Non-Discrimination: we will not discriminate against you for exercising your rights. Prepvio does NOT sell or share personal information as those terms are defined under CCPA/CPRA. We do not buy, sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate your personal information to another business or third party for monetary or other valuable consideration. To exercise your California rights, contact support@prepvio.com with your request. Verification of your identity is required. We will respond within 45 days (or as required by law). 13. AUTOMATED DECISION-MAKING & PROFILING Prepvio may use automated systems and machine learning algorithms for: fraud detection and risk scoring, identity verification screening, content moderation, Order matching and recommendations, and account status decisions. Where such automated processing produces decisions with legal or similarly significant effects on you (such as account suspension or feature restriction), you may request human review by contacting support@prepvio.com. Prepvio bears NO liability for automated decisions made in good faith based on the information and algorithms available at the time of processing, even if the decision is later determined to be incorrect or harmful to your interests. 14. CHILDREN & MINORS — AGE RESTRICTION The Platform is strictly restricted to users who are 18 years of age or older. Prepvio does not knowingly collect, solicit, or process personal information from anyone under 18 years of age. If we discover or become aware that a minor has provided personal information, we will promptly delete that information. IMPORTANT: Prepvio bears NO liability for false or fraudulent representations of age by any user. Any user who misrepresents their age assumes full legal responsibility for any consequences, including liability for breach of this policy, terms of service, and applicable laws. 15. THIRD-PARTY SERVICES, LINKS & INTEGRATIONS The Platform contains links to, integrations with, and references to third-party services — including payment processors, marketplaces, analytics tools, shipping carriers, and other services. Prepvio has no control over, and expressly disclaims all responsibility, liability, and accountability for, the privacy practices, data handling, security measures, or content of any third-party service. Your interactions with any third party, including your provision of personal information to third-party services, are governed exclusively by that service’s own privacy policies, terms of service, and practices. We encourage you to review the privacy policies of any third-party services before providing your information. Prepvio accepts NO liability for any third-party data breaches, privacy violations, unauthorized access, or misuse of your information by any third party, even if accessed through the Platform. 16. LIMITATION OF LIABILITY FOR PRIVACY CLAIMS TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, PREPVIO LLC’S TOTAL AGGREGATE LIABILITY TO ANY USER FOR ANY CLAIM, DEMAND, OR CAUSE OF ACTION ARISING OUT OF OR RELATED TO THIS PRIVACY POLICY, OUR PROCESSING OF PERSONAL DATA, A DATA BREACH, OR ANY PRIVACY VIOLATION SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL PLATFORM FEES ACTUALLY PAID BY YOU TO PREPVIO IN THE THREE (3) CALENDAR MONTHS IMMEDIATELY PRECEDING THE INCIDENT OR EVENT GIVING RISE TO THE CLAIM; OR (B) ONE HUNDRED U.S. DOLLARS (US $100.00). IN NO EVENT SHALL PREPVIO BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING LOST PROFITS, LOST DATA, LOST GOODWILL, OR BUSINESS INTERRUPTION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 17. CHANGES TO THIS PRIVACY POLICY Prepvio reserves the right to amend, update, modify, or replace this Policy at any time, without prior notice, except where required by law. Material changes will be communicated by: (a) posting the updated Policy on the Platform at prepvio.com/privacy-policy with a revised “Last Updated” date; and (b) where legally required, by email notification or prominent in-Platform notice. Your continued use of the Platform following the effective date of any Policy update constitutes your irrevocable acceptance of the revised Policy. If you do not agree to any updated Policy, your sole remedy is to immediately and permanently cease all access to and use of the Platform and submit a written account closure request.
|
