MUXTI is a classifieds marketplace for Cyprus. We collect the minimum data needed to run the service. We do not sell your data. We do not store your GPS location. Payments are handled by Stripe — we never see your card number. In-app messages between users are stored on our servers; typing indicators are ephemeral and never stored. Draft listings are stored server-side and are only visible to you. You can delete your account and all associated data at any time from the app.
Controller: BoogieApps, Cyprus (EU)
App: MUXTI — a peer-to-peer classifieds marketplace for Cyprus
Contact: boogieapps.help@gmail.com
GDPR representative: Same contact — BoogieApps, Cyprus
This policy applies to the MUXTI mobile application and any related services. It describes what personal data we collect, why we collect it, how we protect it, and your rights under the EU General Data Protection Regulation (GDPR — Regulation 2016/679).
↑ Back to topWhen you create a MUXTI account we collect:
When you create or save a listing we collect:
When you publish or edit a listing, the title and description are analysed for prohibited content. Records of moderation decisions (not the full listing text) are retained in a moderation audit log to comply with the EU Digital Services Act (DSA). Draft Listings are not submitted for moderation until you choose to publish them.
Payments for Boost plans are processed by Stripe. MUXTI never receives, stores, or has access to your card number, CVV, or bank account details. Stripe is the data controller for payment information. See Stripe’s privacy policy at stripe.com/privacy.
We collect minimal usage data: listing view counts, likes, and session tokens required for authentication. We do not use third-party analytics SDKs (no Firebase Analytics, no Mixpanel, no Meta Pixel).
When you use MUXTI’s in-app messaging feature to communicate with other users about listings, we collect and store:
read_at) — when you open a conversation, a timestamp is recorded on the messages you have read. This enables the sender to see that their message has been read. You may opt out of read receipts at any time in Settings → Privacy & Security. When either party in a conversation has opted out, no read_at timestamps are recorded or displayed for that conversation.| Legal Basis | Processing Activities Covered |
|---|---|
| Contract performance (Art. 6(1)(b)) |
Account creation and authentication; saving, publishing, and displaying listings (including Draft Listings); facilitating in-app messaging between buyers and sellers; delivering push notifications about your listings; processing Boost payments. |
| Legitimate interests (Art. 6(1)(f)) |
Content moderation and fraud prevention; maintaining a moderation audit log for DSA compliance; aggregated view/like counts to rank listings; enforcing the one-bump-per-listing limit. |
| Consent (Art. 6(1)(a)) |
Accessing device GPS for “Near me” proximity search (requested via the OS permission dialog, read once, never stored). You may withdraw consent at any time in device Settings → Privacy → Location Services. |
| Legal obligation (Art. 6(1)(c)) |
Retaining transaction records as required by applicable tax and financial regulations. |
We do not use your data for automated decision-making or profiling that produces legal effects (GDPR Article 22).
↑ Back to topWe engage the following sub-processors. All are bound by GDPR-compliant Data Processing Agreements.
| Processor | Purpose | Location / Standard |
|---|---|---|
| Supabase | Database, authentication, file storage (profile photos, listing images, draft listing data), real-time messaging infrastructure | EU North-1 (Stockholm, Sweden) — within EU/EEA |
| Stripe | Payment processing for Boost plans | EU / USA — Standard Contractual Clauses (SCCs) |
| OpenAI | Automated listing content moderation (text analysis only; applied at publication, not to drafts) | USA — Standard Contractual Clauses (SCCs) |
| Expo (Expo Inc.) | Push notification delivery service | USA — Standard Contractual Clauses (SCCs) |
We do not sell, rent, or trade your personal data to any third party for marketing purposes.
↑ Back to top| Data Type | Retention Period |
|---|---|
| Account profile (name, email, phone, avatar) | Until you delete your account. |
| Active listings | Until you delete the listing or it expires (30 days from publication or reactivation, or 30 days after the end of any active Boost period). |
| Draft listings | Until you publish the draft, delete it manually, or your account is deleted — whichever occurs first. Drafts do not expire automatically. |
| Bump record (bump_count, bumped_at) | Same as the associated listing. Retained to enforce the one-bump-per-listing limit. |
| Listing images | Deleted within 30 days after the associated listing is removed. |
| Push token | Removed immediately on sign-out. |
| Moderation audit log | Retained for 6 months (DSA Article 17 compliance). Anonymised thereafter. |
| Payment records | As required by applicable tax law (typically 7 years), held by Stripe. |
| GPS coordinates from “Near me” | Never stored — used in-memory for the single query, then discarded. |
| Message content and metadata | Retained until both parties delete the conversation thread, or until either party’s account is deleted, whichever occurs first. |
Read receipt timestamps (read_at) | Same as message retention. Not recorded when either party has opted out of read receipts. |
| Read receipts preference (opt-out setting) | Until you change the setting or delete your account. |
| Typing indicator signals | Not stored — ephemeral broadcast only, discarded immediately after transmission. |
As a resident of the EU/EEA you have the following rights. To exercise any of them, contact us at boogieapps.help@gmail.com. We will respond within 30 days.
| Right | What it means |
|---|---|
| Access (Art. 15) | Request a copy of the personal data we hold about you. |
| Rectification (Art. 16) | Ask us to correct inaccurate or incomplete data. Most profile data can be edited directly in the app. |
| Erasure (Art. 17) | Request deletion of your data. In-app: Profile → Privacy & Security → Delete Account removes all data immediately, including any Draft Listings. You can also email us. |
| Restriction (Art. 18) | Ask us to pause processing your data while a dispute is resolved. |
| Portability (Art. 20) | Receive your data in a structured, machine-readable format. |
| Object (Art. 21) | Object to processing based on legitimate interests (e.g. moderation logging). We will assess and respond within 30 days. |
| Withdraw consent (Art. 7) | Withdraw GPS consent at any time in device Settings → Privacy → Location Services. Withdraw read receipts consent at any time in Settings → Privacy & Security within the app. |
| Lodge a complaint | You may lodge a complaint with the Cyprus Commissioner for Personal Data Protection (dataprotection.gov.cy) or any EU DPA. |
Despite these measures, no system is 100% secure. If you believe your account has been compromised, contact us immediately at boogieapps.help@gmail.com.
↑ Back to topMUXTI is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If we discover that we have inadvertently collected data from a child under 16, we will delete it immediately. If you believe a child has created an account, please contact us.
↑ Back to topThe MUXTI app stores the following data locally on your device only (not transmitted to our servers):
This local data does not leave your device and can be cleared by uninstalling the app. Note that Draft Listings are stored server-side (not locally), so they are accessible across all your devices and are not affected by uninstalling the app.
↑ Back to topWe may update this policy from time to time. When we make material changes, we will notify you via a push notification or an in-app banner. The “Effective date” at the top of this document will always reflect the latest version. Continued use of MUXTI after a change constitutes acceptance of the updated policy.
↑ Back to top