Privacy Policy
Last updated: April 2026
1. Who We Are
Pleis'ið ("we", "us", "our") is an online classified marketplace operating at pleis.is (currently also accessible at ice.taonord.com during development). We are based in Iceland and operate under Icelandic and EEA data protection law. For privacy-related enquiries contact us at: privacy@pleis.is
2. What Data We Collect
When you create an account we collect: • Your name (optional) • Email address • Password (stored as a one-way bcrypt hash — we never store your plain-text password) • If you sign in with Google: your Google account ID and the email and name associated with it When you post a listing we collect: • Listing content you provide (title, description, price, photos, location text) • The date and approximate time of posting When you use the mobile app, with your explicit permission: • Location (approximate, "when in use" only) — used solely to suggest your nearest town when creating a listing. We do not store your precise coordinates. • Photos and camera — used solely to let you attach photos to your listings. Images are uploaded to our file storage (AWS S3 / Cloudflare R2) and are associated with your listing. When you use the platform we automatically record: • Listing view counts (anonymised — we store a hash of your IP address + date, not the IP itself) • Standard server access logs (IP address, browser type, pages visited) retained for up to 90 days for security purposes
3. How We Use Your Data
We use your data solely to operate the marketplace: • To authenticate you and maintain your session • To display your listings to other users • To send you notifications you have opted into (saved search matches, offer updates) • To send transactional emails (e.g. confirmation of account creation) • To detect and prevent fraud or abuse We do not sell your data to third parties. We do not use your data for advertising profiling.
4. Legal Basis (GDPR)
Under the General Data Protection Regulation (GDPR) our legal bases are: • Contract performance — processing necessary to provide the service you signed up for • Legitimate interests — security logging, spam/fraud prevention, anonymous analytics • Consent — where we ask for it explicitly (e.g. marketing emails)
5. Data Sharing
We share data only with the following categories of processors, all of whom are bound by data processing agreements: • Cloud hosting (Vercel) — servers that run the application • Database hosting (Supabase / Neon) — stores your account and listing data • File storage (AWS S3 / Cloudflare R2) — stores listing photos • Email delivery (Resend) — sends notification and transactional emails • Google (OAuth) — if you choose to sign in with Google, Google processes your login No data is transferred outside the EEA except where processors have adequate safeguards (Standard Contractual Clauses or equivalent).
6. Cookies & Storage
We use a single HTTP-only session cookie to keep you signed in. This cookie contains a signed JWT and no third-party tracking data. We do not use advertising cookies or third-party analytics cookies.
7. Your Rights
Under GDPR you have the right to: • Access a copy of the personal data we hold about you • Correct inaccurate data • Delete your account and associated data • Object to or restrict certain processing • Data portability (receive your data in a machine-readable format) To exercise any of these rights email us at privacy@pleis.is. We will respond within 30 days.
8. Data Retention
Active account data is retained for as long as your account exists. If you delete your account we will remove your personal data within 30 days, except where we are required to retain it for legal purposes (e.g. transaction records). Server access logs are retained for 90 days. Anonymised listing view statistics are retained indefinitely.
9. Security
We use industry-standard security measures including HTTPS, HTTP-only session cookies, bcrypt password hashing, and access controls. However no system is completely secure — please use a strong unique password and contact us immediately at security@pleis.is if you suspect unauthorised access to your account.
10. Children
Pleis'ið is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data please contact privacy@pleis.is and we will delete it promptly.
11. Changes to This Policy
We may update this policy from time to time. We will notify registered users by email of any material changes. The date at the top of this page always reflects the current version.
12. Contact
Pleis'ið Email: privacy@pleis.is Website: https://pleis.is