Privacy Policy

EuroMate is a peer-to-peer currency exchange platform operated for the Sri Lankan diaspora community in Riga, Latvia. We facilitate EUR ↔ LKR exchanges directly between community members.

For GDPR purposes, EuroMate acts as the data controller for personal data collected through this platform. Contact: privacy@euromate.app

We collect and process the following categories of personal data:

• Account data: name, email address, profile picture
• Identity documents: Latvian Temporary Residence Permit (TRP), selfie with document, document expiry date
• Contact details: WhatsApp phone number
• Transaction data: exchange request amounts, rates, transfer methods
• Technical data: IP address, browser type, operating system, device type, login timestamps
• Audit logs: records of platform actions for security and compliance purposes

• Article 6(1)(b) — Performance of a contract: Identity verification documents are required to provide the exchange marketplace service. Without verification, users cannot post exchange requests.
• Article 6(1)(f) — Legitimate interests: Technical data (IP, device, audit logs) is processed to prevent fraud, ensure platform security, and maintain service integrity.
• Article 6(1)(a) — Consent: Profile pictures are uploaded voluntarily and only processed with your consent.

• Verifying your identity before allowing you to post exchange requests
• Displaying your profile information (name, trade count) on exchange listings
• Enabling other community members to contact you via WhatsApp for exchange coordination
• Detecting and preventing fraudulent activity
• Maintaining audit trails for compliance and dispute resolution
• Automatically expiring verification when identity documents expire

Identity documents and profile pictures are stored in Supabase secure cloud storage with access restricted to platform administrators only. Documents are stored in a private bucket and are never publicly accessible.

All data is stored in the European Union. We use industry-standard encryption in transit (HTTPS/TLS) and at rest.

Access to identity documents requires a time-limited signed URL (60 seconds), after which the link expires automatically.

We do not sell your personal data. We share data only in the following circumstances:

• Within the platform: Your name, trade count, and verification status are visible to other users on exchange listings.
• WhatsApp contact: Your WhatsApp number is shared with users who view your exchange listing, to facilitate trade coordination.
• Service providers: Supabase (storage), Vercel (hosting), and Resend (transactional email) process data as our data processors under appropriate data processing agreements.
• Legal requirements: We may disclose data if required by Latvian or EU law.

You have the following rights regarding your personal data:

• Right of access: Request a copy of your personal data
• Right to rectification: Correct inaccurate data via your profile settings
• Right to erasure: Request deletion of your account and associated data
• Right to portability: Receive your data in a machine-readable format
• Right to object: Object to processing based on legitimate interests
• Right to restrict processing: Request we limit how we use your data

To exercise any of these rights, contact us at privacy@euromate.app. We will respond within 30 days.

You also have the right to lodge a complaint with the Latvian Data State Inspectorate (dvi.gov.lv).

• Account data: Retained for the lifetime of your account
• Identity documents: Retained until you request deletion or your account is closed
• Audit logs: Retained for 24 months for security and compliance
• Exchange records: Retained for 12 months after completion
• Technical logs: Retained for 90 days

Upon account deletion, your identity documents are permanently removed from our storage within 30 days.