Privacy Policy

Privacy Policy

Effective Date: January 1, 2024 — Last Revised: ' . date('F d, Y') . '

This Privacy Policy describes how Empirelytics ("we," "us," or "our") collects, uses, stores, shares, and protects information obtained from individuals ("you" or "your") who access or use the Empirelytics website, platform, and services (collectively, the "Platform"). Empirelytics operates as a digital-asset marketplace facilitating the listing, discovery, purchase, and sale of websites, domain names, applications, and online businesses.

By accessing or using the Platform, you consent to the practices described in this Privacy Policy. If you do not agree with any part of this Policy, you must discontinue use of the Platform immediately.


1. Information We Collect

1.1 Information You Provide Directly

We collect information you voluntarily submit when you create an account, list an asset, make an offer, initiate a transaction, or communicate through the Platform. This includes:

  • Identity and contact data: first and last name, username, email address, telephone number, country of residence, and gender.
  • Verification data: government-issued identification documents (passport, national ID, or driver’s license), a self-portrait photograph holding such identification, and the issuing country. These materials are collected solely for know-your-customer (KYC) compliance and fraud-prevention purposes.
  • Listing and transactional data: website URLs, domain names, revenue figures, traffic statistics, analytics credentials, Google AdSense publisher identifiers, and descriptions of digital assets offered for sale.
  • Financial data: payment method details, withdrawal account information, and transaction history. Full payment-card numbers are processed exclusively by our third-party payment processors and are never stored on Empirelytics servers.
  • Communications: messages exchanged with other users through the Platform’s messaging system, dispute filings, and correspondence with our support team.

1.2 Information Collected Automatically

When you interact with the Platform, certain data is logged automatically through server logs, cookies, and similar technologies:

  • Device and connection data: IP address, browser type and version, operating system, device type, referring and exit pages, date and time stamps, and clickstream data.
  • Usage data: pages visited, search queries, listing views, time spent on pages, and interaction patterns within the Platform.
  • Cookie data: session identifiers, authentication tokens, preference settings, and analytics identifiers. A detailed cookie disclosure is provided in Section 5 below.

1.3 Information From Third Parties

We may receive information about you from third-party services when you choose to link them to your Empirelytics account:

  • Google OAuth: If you connect a Google account for asset-verification purposes, we receive your Google email address, OAuth access and refresh tokens, and read-only access to your Google Analytics (GA4) account summaries, Google Search Console site list, and Google AdSense account list. We do not read, store, or process the contents of your Google email, Drive, or any Google service beyond the explicitly requested read-only scopes for verification. You may revoke this access at any time through the Platform or through your Google account permissions page.
  • Social login providers: If you create an account or log in using Google, LinkedIn, or another supported social authentication provider, we receive your name, email address, and a unique provider-assigned identifier from that provider in accordance with the permissions you grant during the authentication flow.

1.4 Information We Do Not Collect

We do not knowingly collect sensitive personal data beyond what is necessary for the stated purposes. Specifically, we do not collect social security numbers, biometric data (beyond the KYC photographs you submit), criminal history, or health information. We do not engage in cross-device tracking for advertising purposes or build shadow profiles of non-users.


2. How We Use Your Information

We use the information we collect for the following purposes and on the following legal bases:

PurposeLegal Basis (EEA/UK Users)
Account creation, authentication, and maintenancePerformance of a contract; legitimate interest in platform security
Identity verification (KYC) and fraud preventionLegal obligation; legitimate interest in marketplace integrity
Facilitating listings, offers, escrow transactions, and asset transfersPerformance of a contract
Verifying ownership of third-party assets (GA4, Search Console, AdSense)Your explicit consent (granted via Google OAuth scopes)
Processing payments, calculating commissions, and disbursing fundsPerformance of a contract; legal obligation (financial record-keeping)
Enabling user-to-user messaging and notificationsPerformance of a contract; legitimate interest in platform functionality
Sending transactional emails (purchase confirmations, escrow status updates, verification decisions)Performance of a contract
Sending marketing communications (with opt-in consent)Your consent (opt-in); you may withdraw consent at any time
Detecting, investigating, and preventing prohibited conduct, fraud, money laundering, and platform abuseLegal obligation; legitimate interest in platform integrity
Analyzing platform usage to improve features, ranking algorithms, and user experienceLegitimate interest in service improvement
Complying with applicable laws, court orders, regulatory requests, and law-enforcement inquiriesLegal obligation

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We share information only as outlined below:

3.1 Service Providers

We engage third-party vendors to perform functions necessary to operate the Platform. These vendors are contractually bound to process data only on our instructions and under confidentiality obligations. Categories of service providers include:

  • Cloud hosting and infrastructure providers (server hosting, content delivery)
  • Payment processors (transaction processing, payout disbursement)
  • Email delivery services (transactional and marketing emails)
  • Identity-verification services (KYC document review)
  • Analytics and error-monitoring services (platform performance)

3.2 Transaction Counterparties

When you engage in a transaction on the Platform, certain information is shared with the other party to facilitate the transaction. For sellers, this includes the business name associated with your listing and verified-asset summaries. For buyers, this includes your username and verification status. Full KYC documents are never shared with counterparties.

3.3 Platform Display

Certain profile information is publicly visible on the Platform, including your username, display name, profile photograph, verification badge, joining date, and transaction history summary. You control what appears in your public profile through your account settings. Listing pages display the information you provide about the asset being sold.

3.4 Legal and Safety Disclosures

We may disclose information if we believe in good faith that such disclosure is necessary to:

  • Comply with a valid legal process, court order, or regulatory demand
  • Investigate, prevent, or take action regarding suspected fraud, money laundering, or illegal activity
  • Protect the rights, property, or safety of Empirelytics, our users, or the public
  • Enforce our Terms of Service or other agreements

Unless prohibited by law or court order, we will make reasonable efforts to notify you before disclosing your information in response to a legal demand.

3.5 Business Transfers

If Empirelytics is involved in a merger, acquisition, financing, or sale of all or a portion of its assets, user information may be transferred as part of that transaction. You will be notified via email and/or a prominent notice on the Platform of any change in ownership or use of your personal information.

3.6 With Your Consent

We may share your information for purposes not described in this Policy when we have your explicit consent to do so.


4. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected:

  • Account data: Retained for the life of your account plus two years after account closure, unless a longer retention period is required by law.
  • KYC verification documents: Retained for five years after the last transaction associated with your account, as required by anti-money-laundering regulations applicable to digital-marketplace operators.
  • Transaction records: Retained for a minimum of seven years to comply with tax, accounting, and financial-reporting obligations.
  • Google OAuth tokens: Stored in encrypted form only while your Google account remains connected. Upon disconnection, tokens are deleted immediately. You may disconnect at any time through the Verification Center in your account settings.
  • Server logs and automated usage data: Retained for up to 12 months in non-identifiable, aggregated form for security and analytics purposes.
  • Communications and messages: Retained for the life of your account. Messages related to active or disputed transactions are retained with the transaction record.

Upon expiration of the applicable retention period, personal information is either deleted or anonymized such that it can no longer be associated with an identifiable individual.


5. Cookies and Tracking Technologies

5.1 Essential Cookies

We use session cookies and similar technologies that are strictly necessary for the Platform to function. These include cookies that maintain your authenticated session, remember your preferences, and protect against cross-site request forgery. These cookies do not require consent under applicable law because the Platform cannot operate without them.

5.2 Analytics Cookies

We use first-party analytics (Google Analytics GA4) to understand how users interact with the Platform. We have configured GA4 with IP anonymization enabled, and we do not send personally identifiable information to Google Analytics. We do not use Google’s advertising features (remarketing, demographic reporting) in connection with GA4.

5.3 Third-Party Cookies

Our payment processors and embedded service providers may set cookies when you interact with their components on the Platform (such as payment forms). These cookies are governed by the respective third party’s privacy policies. Empirelytics does not control third-party cookies.

5.4 Your Choices

You may configure your browser to reject cookies or alert you when cookies are being placed. However, disabling essential cookies will prevent you from logging into or using the Platform. Most browsers provide instructions for managing cookie preferences in their help documentation. The Platform honors “Do Not Track” signals where required by applicable law.


6. Data Security

We implement and maintain administrative, technical, and physical safeguards designed to protect your information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

  • Encryption of data in transit using TLS 1.3
  • Encryption of sensitive data at rest (including OAuth tokens and KYC documents) using AES-256
  • Logical access controls with role-based permissions and mandatory two-factor authentication for administrative accounts
  • Regular vulnerability scanning and penetration testing of the Platform infrastructure
  • Server hardening, firewalls, and intrusion-detection systems
  • Employee access limited to personnel with a legitimate business need, bound by confidentiality obligations

No method of electronic storage or transmission is completely secure. While we strive to protect your personal information using commercially reasonable means, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable data-protection law.


7. Your Rights and Choices

7.1 General Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete personal data.
  • Erasure: Request deletion of your personal data, subject to legal retention obligations.
  • Restriction: Request that we limit processing of your data in certain circumstances.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests or for direct marketing.
  • Withdrawal of consent: Withdraw consent where processing is based on your consent, without affecting the lawfulness of processing prior to withdrawal.

7.2 EEA and UK Residents (GDPR)

If you reside in the European Economic Area or the United Kingdom, you have the rights enumerated above under the General Data Protection Regulation. You also have the right to lodge a complaint with your local data-protection supervisory authority. Empirelytics is the data controller for personal information processed through the Platform. Our legal bases for processing are set forth in Section 2 of this Policy.

7.3 California Residents (CCPA/CPRA)

If you are a California resident, you have the right under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, to:

  • Know what categories and specific pieces of personal information we collect, use, disclose, and sell (we do not sell personal information)
  • Request deletion of your personal information, subject to statutory exceptions
  • Opt out of the sale or sharing of your personal information (again, we do not sell or share for cross-context behavioral advertising)
  • Not receive discriminatory treatment for exercising your CCPA rights

7.4 Exercising Your Rights

To exercise any of these rights, contact us at [email protected]. We will respond to verifiable requests within 30 calendar days (or 45 days for complex requests, with notice of extension). We may require proof of identity before processing your request to prevent unauthorized access. You may also update certain information directly through your account settings on the Platform.


8. Children’s Privacy

The Platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. If we become aware that a person under 18 has provided us with personal information without verifiable parental consent, we will take steps to delete such information promptly. If you believe we may have collected information from a minor, contact us at [email protected].


9. International Data Transfers

Empirelytics is based in and operates from servers located in the United States and the European Union. If you access the Platform from outside these jurisdictions, your information may be transferred to, stored, and processed in the United States or other countries where our servers or service providers are located. These jurisdictions may have data-protection laws that differ from those in your country of residence.

When we transfer personal data from the EEA, UK, or Switzerland to countries not recognized as providing an adequate level of protection, we implement appropriate safeguards, including Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Agreement, as applicable. You may request a copy of these safeguards by contacting [email protected].


10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or platform features. When we make material changes, we will:

  • Post the revised Policy on this page with an updated “Last Revised” date
  • Display a notice on the Platform for 30 days after the change takes effect
  • Send an email notification to registered users if the changes materially affect their rights or our use of their data

Your continued use of the Platform after the effective date of a revised Policy constitutes your acceptance of the changes. If you do not agree with the revised Policy, you must discontinue use of the Platform and may request deletion of your account and associated data.


11. Contact Information

For questions, concerns, or to exercise your data-protection rights, contact us at:

Empirelytics
Email: [email protected]
General inquiries: [email protected]

For EEA/UK data-protection matters, you may contact our designated representative at the email address above.


Empirelytics Privacy Policy — how we collect, use, and protect your data.