Information We Collect
All the data categories we gather through the App.
Account & Identity
Core data required to operate your account.
Phone number: Primary login identifier, verified via OTP. No emails or passwords required.
Username: Your chosen public identifier. Changes are restricted to once every 30 days.
Profile metadata: Profile type (buyer/seller), bio, and operating region.
Identity Verification (KYC)
Optional verification to build platform trust.
ID Documents: Front and back of passport, national ID card, or driver's license.
Biometric selfie: Facial scan to confirm document ownership and liveness. This constitutes sensitive biometric data and is processed exclusively for identity verification. It is never used for marketing or shared with third parties.
Documents are uploaded to secure AWS S3 storage. Staff access to KYC documents is strictly logged with name, role, IP address, and timestamp.
Seller Financial Information
Collected only from users who sell on MarketLink.
We collect your bank name, account number, and account holder name to facilitate payouts and display payment instructions to buyers.
Transaction & Order Data
Collected when you buy or sell on the platform.
Order details
Item, quantity, prices, fees, and status.
Shipping info
Address, phone, and delivery notes.
Shipping method
Speedboat, boat delivery, or pickup.
Tracking & proof
Carrier info and delivery photos.
Platform Fee Payments
How listing fee payments via BML are handled.
BML is used exclusively to collect listing and platform fees. Card details (number, expiry, CVV) are submitted directly to BML and are never stored on our servers. Payments between buyers and sellers are handled directly between the parties.
We retain only fee transaction metadata including ID, reference, amount, currency (MVR), and timestamp.
User-Generated Content
Content you create while using the App.
Listings
Title, price, condition, photos
Chat messages
Buyer-seller conversations
Bids
Auction history and proxy settings
Reviews
Ratings and comments
Technical Information
Automatically collected device data.
Device identifier: A randomly generated UUID stored locally.
Metadata: Platform, device name, and push token.
Usage & Analytics
First-party analytics and error reporting.
We use Sentry for error tracking and our own internal analytics to monitor listing impressions, clicks, and bidding activity.
No third-party advertising trackers or SDKs are included in the App.
What We Do Not Collect
Explicit data exclusions.
Precise GPS location
Contacts or calendar access
Email addresses
Ad identifiers (IDFA)
Cross-app or cross-site tracking
Background location
How We Use It
Primary purposes for processing your data.
Operate the service
Process transactions, run auctions, and enable communication.
Identity verification
Build trust through KYC and assign verification tiers.
Trust & safety
Detect fraud, enforce guidelines, and process disputes.
Seller analytics
Generate dashboard metrics and quality scores.
Notifications
Send push alerts for bids, orders, and messages.
Support
Process tickets and communicate resolutions.
Data Security
How we protect your information.
Encrypted on-device storage for active sessions.
HTTPS-only data transmission.
Audited staff access to sensitive KYC data.
API abuse protection via App Check.
App Permissions
What your device grants the App access to, and why.
Required to photograph items for listings and to capture the selfie required for KYC identity verification.
Only when you actively use the camera feature. Never accessed in the background.
Required to select existing photos from your device for listings or to upload ID document images for KYC.
Only when you choose to pick an image. Read-only access to selected photos only.
Required to deliver real-time alerts for bid updates, outbid notices, order status changes, messages, and payment reminders.
You will be prompted to grant permission on first use. You can withdraw or customise categories at any time in Settings → Notifications.
No background access. The App does not access your camera, photo library, or location in the background. All permission usage is triggered by your explicit in-app actions.
Data Retention
How long we keep your information.
Account Data
Kept while account is active. Deleted upon request.
Transactions
Retained as required by Maldivian law.
Chat Logs
Retained for 12 months after order completion.
Your Rights
You have control over your personal data. Here is how to exercise it.
Access
Request a copy of the personal data we hold about you, including account details, transaction history, and analytics data associated with your device.
Correction
Request correction of inaccurate or incomplete data. You can update your username, bio, location, and bank details directly in the app at any time.
Deletion
Request deletion of your account and associated personal data. We will remove or anonymise your data within 30 days, subject to legal retention obligations.
Portability
Request a machine-readable copy of the data you have provided to us, to transfer to another service.
Withdraw Consent
Withdraw consent for optional data processing at any time. Manage push notification categories in Settings → Notifications, or email us to opt out of analytics.
To exercise any of these rights, contact us via the in-app Help Center or at privacy@marketlink.mv. We will respond to verified requests within 30 days.
Not directed at children under 18. We delete minor data upon discovery.
Data may be stored outside the Maldives via AWS cloud infrastructure.
We notify users of material changes directly within the App.
Questions?
Our privacy team is here to help you understand your rights and our obligations. Use the in-app Help Center or reach us directly.
Or use in-app support