Free delivery on orders over ₪300 · Secure Escrow · Verified Israeli Artists

Privacy Policy — Calico Marketplace

Last updated: [DATE — to be set on legal approval]

About This Policy

Calico Marketplace Ltd. ("Calico", "we", "us") operates the online marketplace at calico.co.il. This Privacy Policy explains what personal data we collect from people who visit or use our Platform, why we collect it, how we use and protect it, and what rights you have. We comply with the Israeli Privacy Protection Law (5741-1981) and, to the extent it applies (e.g. for users in the European Economic Area), with the EU General Data Protection Regulation (GDPR).

[email protected]


What We Collect and Why

Account data

When you register, we collect your name, email address, and (for sellers) phone number and identity verification documents. This is necessary to create your account and — for sellers — to meet our verification requirements.

Transaction data

When a purchase is made, we record the items bought, price, delivery address, and payment reference. We do not store full card numbers; card processing is handled by AllPay.

Communication data

Messages you send through our platform (buyer-seller messages, support tickets, contact form submissions) are stored so we can help resolve disputes and improve service quality.

Usage data

We collect log data automatically when you use the Platform: IP address, browser type, pages visited, time on site, and referring URL. This helps us fix bugs, prevent fraud, and understand how the Platform is used.

We use cookies and similar tracking technologies as described in Section 5.


How We Use Your Information

How we use your information
PurposeLegal basis (GDPR)
Provide the marketplace service (accounts, orders, escrow, delivery)Contract performance
Process payments via AllPayContract performance
Verify seller identityLegal obligation + contract
Send transactional emails (order confirmations, dispatch notices, magic-link sign-in) via ResendContract performance
Prevent fraud, enforce Terms of ServiceLegitimate interest
Send marketing newsletters (with your consent)Consent
Comply with Israeli tax and commercial lawLegal obligation
Analyse Platform usage and improve the productLegitimate interest

Third Parties

We do not sell your personal data. We share data only where necessary to operate the service:

AllPay — our payment partner processes card transactions. AllPay holds PCI DSS certification. Their privacy policy governs data AllPay holds independently.

DelivApp — coordinates delivery for orders within Israel. We share the delivery address and order reference needed to dispatch the item.

Resend — our email infrastructure provider. Transactional and marketing emails are sent via Resend. Only the email address and content necessary for the specific email are passed.

Infrastructure providers — our Platform is hosted on Railway (cloud infrastructure). Data is stored in PostgreSQL databases in secure cloud environments.

Meilisearch — powers our search. Product listings (not personal data) are indexed. Search queries may be logged for relevance tuning.

Legal and regulatory authorities — we will disclose data when required by valid legal process or regulatory order under Israeli law. We require all third-party processors to maintain appropriate security standards and to use personal data only for the purpose for which it was shared.


Cookies and Tracking

Strictly necessary — session cookies required for login, cart, and secure escrow state. Cannot be disabled without breaking the service.

Analytics — aggregate usage metrics to understand how the Platform is used. We do not share raw analytics data with advertisers.

Marketing — used to measure the effectiveness of paid ads on Google and Meta. You can opt out at any time via your account settings or browser controls.

You may manage cookie preferences via the cookie banner shown on first visit, or at any time through your browser settings.


How Long We Keep Your Data

We keep your data for as long as your account is active and for as long as required by law or legitimate business purposes: - Account data: retained while your account is active, plus 3 years after closure unless a longer period is required by Israeli tax law. - Transaction records: 7 years (Israeli tax and accounting obligations). - Communication data: 2 years after the conversation closes. - Marketing consents: until you withdraw consent, plus 1 year for proof-of-consent records. - Log data: 90 days, then aggregated anonymously. When data is no longer needed we delete or anonymise it.

Your Privacy Rights

Right of access — request a copy of the personal data we hold about you.

Right to correction — ask us to fix inaccurate or incomplete data.

Right to erasure — ask us to delete your personal data (subject to legal retention requirements).

Right to portability — receive your data in a structured, machine-readable format.

Right to object — object to processing based on legitimate interest, including direct marketing.

Right to withdraw consent — where we process data on the basis of your consent (e.g. marketing emails), you may withdraw that consent at any time.

To exercise any of these rights, email us at [email protected]

If you are located in the EEA and believe we have not handled your data lawfully, you have the right to lodge a complaint with your local supervisory authority.

Israeli residents may contact the Privacy Protection Authority (IPPA).


How We Protect Your Data

We use industry-standard measures including encrypted connections (HTTPS/TLS), hashed credentials, and role-based access controls. Payment card data is handled exclusively by AllPay and never stored on Calico's servers. No method of transmission over the internet is 100% secure. While we work hard to protect your data, we cannot guarantee absolute security. If we become aware of a data breach that poses a real risk to your rights, we will notify affected users and the relevant authority as required by law.


Where Your Data Is Processed

Calico is based in Israel. Some of our third-party providers may process data in other countries (including the EU and United States). Where data is transferred outside Israel or the EEA, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses or adequacy decisions).


Children's Privacy

The Calico Platform is not directed to children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, please contact us and we will delete it. [email protected]


Updates to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and notify registered users by email. We encourage you to review this page periodically.


Get in Touch

[email protected]

Calico Marketplace Ltd., Haifa, Israel

Contact form: calico.co.il/contact — we aim to respond to all privacy enquiries within 14 business days.