Legal

Privacy Policy

What we collect, why we collect it, who we share it with, and how to exercise your rights. Last updated 2026-04-16.

1. Introduction

This Privacy Policy explains how FiveM Market ("we," "us," or "the Marketplace") collects, uses, discloses, and protects personal data of visitors, buyers, and sellers. It applies to all interactions with the Marketplace website, account system, and support channels.

We aim to collect only what's necessary to operate the Marketplace, handle payments, deliver orders, prevent fraud, and meet legal obligations. Where this Policy references rights under GDPR, UK GDPR, or CCPA, those rights apply to the extent you are a data subject under those laws.

2. Data We Collect

Information you provide directly

  • Account data — email address, username, password (stored as a salted hash), country, and any display information you add to your profile.
  • Seller application data — portfolio links, tax/identity documents required for payouts, and bank or PayPal details used to pay you.
  • Order data — billing address, order history, messages exchanged with sellers or buyers, disputes, reviews.
  • Communications — emails to support@, billing@, or any other Marketplace inbox, and any attachments you include.

Information collected automatically

  • Device & log data — IP address, browser type and version, operating system, referrer URL, pages visited, and timestamps.
  • Cookies & local storage — authentication tokens, session identifiers, and non-identifying preference data. See Section 6.
  • Order and fraud signals — data used to detect suspicious transactions (e.g., geographic anomalies, velocity, payment-method risk indicators).

Information from third parties

  • Payment processors return transaction status, the last 4 digits of the payment instrument, and any fraud screening flags. They do not send us full card numbers.
  • Anti-fraud providers may return a risk score we use to accept or review an order.
  • Authentication providers (if you sign in with a third-party identity provider) return your verified email address and a provider-specific user identifier.

3. How We Use Your Data

We use personal data to:

  • Provide the Marketplace and process your orders.
  • Authenticate your account and keep it secure.
  • Deliver purchased content and route buyer-seller communications.
  • Process payments, issue refunds, and handle chargebacks.
  • Detect and prevent fraud, abuse, and violations of our Terms.
  • Send transactional emails (order confirmations, delivery notifications, dispute outcomes).
  • Respond to your support, billing, legal, and press inquiries.
  • Comply with legal obligations (tax, accounting, anti-money-laundering, court orders).
  • Send marketing emails only where you have opted in, and with an unsubscribe link in every message.

4. Legal Basis for Processing (EEA/UK)

If you are in the EEA or the UK, we rely on the following legal bases under the GDPR / UK GDPR:

  • Contract — to operate your account, deliver orders, process payments, and provide support.
  • Legitimate interests — fraud prevention, Marketplace security, analytics of aggregate usage, and product improvement, provided those interests are not overridden by your rights.
  • Legal obligation — tax reporting, accounting retention, responding to lawful authority requests.
  • Consent — marketing emails, non-essential cookies, and any additional optional features you turn on in your account. You may withdraw consent at any time without affecting prior lawful processing.

5. Who We Share Data With

We don't sell personal data. We share it only with the following categories of recipients, each bound by confidentiality and data-protection obligations:

  • Payment processors (such as Stripe and PayPal) to process transactions, refunds, and payouts.
  • Anti-fraud and identity-verification providers to screen orders and seller applications.
  • Cloud infrastructure providers that host the Marketplace, databases, and backups.
  • Email delivery providers for transactional and (opt-in) marketing emails.
  • Sellers receive the limited information required to deliver your order — typically your username and any delivery details you provide in the order form. Billing address and payment details are not shared with sellers.
  • Buyers, reciprocally, receive seller display names and order-related messages.
  • Legal authorities when required by valid court order, subpoena, or equivalent legal process.
  • Professional advisors (accountants, lawyers, auditors) under confidentiality agreements.
  • Successors in interest — in the event of a merger, acquisition, or asset sale, data may transfer to the acquirer subject to this Policy.

6. Cookies & Tracking

The Marketplace uses cookies and similar technologies for three purposes:

  • Essential cookies — required for sign-in, session management, cart, and CSRF protection. These cannot be disabled without breaking core functionality.
  • Functional cookies — remember your preferences (filter choices, sort order, recently viewed gigs).
  • Analytics cookies — aggregate, non-identifying usage data to understand which categories and gigs are most useful. We use privacy-respecting analytics that do not build cross-site profiles.

We do not use third-party advertising cookies and do not sell, rent, or share cookie data with advertising networks.

7. Data Retention

  • Account data — retained while your account is active, and for up to 12 months after closure for fraud prevention unless earlier deletion is requested.
  • Order and invoice records — retained for the period required by applicable tax and accounting law (typically 6–10 years depending on jurisdiction), even after account closure.
  • Support correspondence — retained for up to 24 months after case closure for quality and dispute-resolution purposes.
  • Server/access logs — retained for up to 90 days in identifiable form, then aggregated or discarded.
  • Marketing preferences — retained until you unsubscribe, plus an additional suppression record to ensure we don't email you again.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Deletion — request deletion of your data, subject to retention obligations described in Section 7.
  • Portability — receive a structured export of data you provided to us.
  • Objection / restriction — object to processing based on legitimate interests, or request that processing be restricted.
  • Withdraw consent — for processing based on consent, withdraw at any time without affecting prior lawful processing.
  • Complain to a supervisory authority — in the EEA/UK, to your national data-protection authority. In California, to the California Attorney General.

To exercise any of these rights, email support@fivem.market from the email on your account, or use the deletion/export tools in your account settings. We respond within 30 days (extendable by 60 days for complex requests, with notice).

9. California Residents (CCPA/CPRA)

California residents have the right to (a) know what personal information we collect and how it is used and shared, (b) delete personal information we hold, (c) correct inaccurate personal information, and (d) opt out of the "sale" or "sharing" of personal information. We do not sell personal information and do not share it for cross-context behavioral advertising. You may exercise your rights via the same channels described in Section 8 without discrimination.

10. International Transfers

The Marketplace is operated from servers that may be located outside your country of residence, including in jurisdictions that may not offer the same level of data protection as your own. Where we transfer personal data outside the EEA/UK, we rely on appropriate safeguards — typically the European Commission's Standard Contractual Clauses or equivalent — to ensure adequate protection.

11. Children's Privacy

The Marketplace is not intended for children under 16 (or the age of digital consent in your jurisdiction if higher). We do not knowingly collect data from children. If you believe a child has provided personal data, email support@fivem.market and we will delete it.

12. Security

We employ technical and organizational measures to protect personal data — TLS for data in transit, encryption at rest for sensitive fields, salted password hashing, role-based access controls for staff, audit logging, and regular security review. No system is perfectly secure; if we become aware of a breach affecting your personal data, we will notify you and the appropriate authorities in accordance with applicable law.

13. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices or legal obligations. Material changes will be announced via email to registered users and highlighted on this page with a new "Last updated" date. If you disagree with an update, you may close your account as described in Section 8.

14. Contact

Privacy questions, rights requests, or complaints: support@fivem.market. Legal or DMCA-specific correspondence: legal@fivem.market. For a postal address, email legal@ and we'll respond with the appropriate channel for your request.