← Back to Home

Privacy Policy

Last updated: March 2026

1. Who We Are

PappoShop (accessible at pappo.org and papposhop.org) is a social enterprise marketplace operated by REDI International, connecting Roma artisans and entrepreneurs across the Western Balkans with customers worldwide.

2. Information We Collect

Account information: Name, email address, and password when you create an account.

Order information: Name, email, phone number, shipping address, and payment details when you place an order.

Usage data: Pages visited, time spent, clicks, device type, browser, IP address, and referring URL through cookies and analytics tools.

Communications: Emails you send us and waitlist sign-ups.

3. How We Use Your Information

  • Process and fulfil your orders
  • Send order confirmation and shipping update emails
  • Improve our website and product offerings
  • Analyse traffic and usage patterns (Google Analytics, PostHog)
  • Display relevant advertising (Facebook Pixel, Google Ads)
  • Prevent fraud and ensure security
  • Comply with legal obligations

4. Cookies & Tracking

We use the following tracking technologies:

  • Google Analytics (GA4) — website traffic analysis
  • Google Ads — conversion tracking and remarketing
  • Meta (Facebook) Pixel — conversion tracking and ad optimisation
  • PostHog — product analytics and user behaviour
  • Sentry — error tracking and performance monitoring

You can manage your cookie preferences through the cookie consent banner or your browser settings. Declining cookies will disable non-essential tracking.

5. Sharing Your Information

We do not sell your personal information. We share data only with:

  • Payment processors (Stripe) to process payments securely
  • Email providers (Resend) to send transactional emails
  • Analytics providers (Google, Meta, PostHog) in anonymised/aggregated form
  • Hosting providers (Vercel, Supabase) as part of our infrastructure

6. Your Rights (GDPR)

If you are in the European Economic Area or Western Balkans, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Withdraw consent at any time
  • Data portability
  • Object to processing

To exercise these rights, contact us at petrica@redi-ngo.eu.

7. Data Security

We use industry-standard security measures including HTTPS encryption, secure payment processing through Stripe, and access-controlled databases. However, no method of electronic transmission is 100% secure.

8. Data Retention

We retain order data for up to 5 years for legal and accounting purposes. Analytics data is retained according to each provider's policies. You can request deletion of your personal data at any time.

9. Contact

For privacy-related inquiries, contact:
REDI International
Email: petrica@redi-ngo.eu