Skip to main content
Company

Privacy Policy

1. Introduction

This Privacy Policy ("Policy") explains how SoseCore (the "Marketplace", "we", "us", or "our") collects, uses, shares, and protects personal information when you access or use sosecore.com and related services.

SoseCore is operated by Sergey Babayan, an independent sole trader (Individual Entrepreneur) based in Yerevan, Republic of Armenia. For the purposes of the EU General Data Protection Regulation (GDPR) and the UK GDPR, we act as the data controller for the personal information you provide directly to us. For payment-related personal information, our third-party Payment Processor (Merchant of Record) acts as an independent data controller; the specific Payment Processor and a link to their privacy policy are disclosed at checkout.

By using the Marketplace, you agree to the processing of your personal information as described in this Policy.

2. What Information We Collect

2.1 Information You Provide

  • Account information: name, username, email address, password (stored as a salted hash, never in plain text), avatar, bio, profile links.
  • Vendor information: store name, store description, payout method preferences, tax identification (where applicable), and identity verification documents submitted during KYC (e.g., government-issued ID, proof of address).
  • Buyer information: billing details (collected and stored by our Payment Processor, not by us), purchase history, license usage records.
  • Communications: support requests, dispute messages, reviews, forum posts, vendor-buyer messages, and any other content you submit through the Marketplace.

2.2 Information We Collect Automatically

  • Device & browser data: IP address, user agent, browser type, operating system, screen resolution, language preference.
  • Usage data: pages visited, time spent, referrer URL, search queries on the Marketplace, listing interactions (favorites, comparisons, downloads).
  • Country-level location: derived from your IP address for analytics, tax calculation, and fraud prevention. We do not collect precise GPS location.
  • Cookies and similar technologies: see Section 9 below.

2.3 Information We Do Not Collect

  • We do not store payment card numbers, CVCs, or full bank account details. All such data is handled directly by our third-party Payment Processor (Merchant of Record), which is PCI-DSS Level 1 certified.
  • We do not knowingly collect personal information from individuals under 18 years of age (see Section 10).

3. How We Use Your Information

We use personal information for the following purposes:

  • To operate the Marketplace: create and maintain your account, list products, process orders, deliver downloads, calculate vendor earnings, and provide support.
  • To process payments: we share necessary order data with our Payment Processor so payments can be charged, refunded, and remitted (the Payment Processor then collects and stores the buyer's payment instrument data directly).
  • To comply with legal obligations: tax reporting, anti-money-laundering checks, KYC, response to lawful authority requests.
  • To prevent fraud and abuse: detect suspicious activity, monitor chargebacks, enforce our Terms of Service.
  • To communicate with you: transactional emails (order confirmations, password resets, dispute notifications), service announcements, and — where you have opted in — marketing newsletters.
  • To improve the Marketplace: analytics, A/B testing, search-result tuning, recommendation tuning.
  • To resolve disputes and enforce agreements: internal review, communication facilitation between vendor and buyer, and (if necessary) sharing data with legal counsel.

3.1 Automated Decision-Making

Some of our processing involves automated checks for fraud prevention, abuse detection, and rate-limiting (for example, blocking suspicious login attempts, flagging chargeback-prone orders, or auto-removing spam content). These automated checks do not produce legal effects on you in the sense of GDPR Article 22, and they are subject to human review where the outcome materially affects your account (such as suspension or denial of payout). You may request human review of any automated decision that significantly affects you by contacting support@sosecore.com.

4. Legal Bases for Processing (GDPR Article 6)

If you are in the European Union, United Kingdom, or another jurisdiction that requires us to disclose the legal basis for processing, we rely on the following:

Processing Purpose Legal Basis
Creating and operating your account; fulfilling Orders Contract performance (Art. 6(1)(b))
Sending transactional emails (order receipts, password resets) Contract performance (Art. 6(1)(b))
Tax reporting; KYC; legal compliance Legal obligation (Art. 6(1)(c))
Fraud prevention; security monitoring; analytics Legitimate interests (Art. 6(1)(f))
Marketing newsletters; non-essential cookies Consent (Art. 6(1)(a)) — you may withdraw at any time

5. How We Share Your Information

We do not sell personal information. We share data only with the following categories of recipients, and only as needed:

5.1 Service Providers (Data Processors)

  • Third-party Payment Processor (Merchant of Record) — Payment processing, VAT compliance, fraud screening, and chargeback handling. The Payment Processor acts as Merchant of Record and an independent controller for payment data. The specific provider's identity, country of operation, and a link to their privacy policy are disclosed at checkout and on the Marketplace's payment-information page.
  • Hostinger International Ltd. (Lithuania) — Hosting infrastructure (server, database, transactional email delivery via Hostinger Mail). See Hostinger's Privacy Policy.
  • Google LLC — Google Analytics 4 (United States) — Anonymized traffic and usage analytics. We use IP-anonymized, country-level aggregation; we do not enable Google Signals or cross-site advertising features. We implement Google Consent Mode v2: the GA4 script is loaded with all storage flags defaulting to denied, and no analytics or advertising data is collected until you grant consent via our cookie banner. You can also install the Google Analytics Opt-out Browser Add-on for a global block. See Google's Privacy Policy.
  • Meta Platforms, Inc. — Facebook Pixel (United States) — Conversion tracking for advertising campaigns on Facebook and Instagram. The Pixel script is not loaded at all until you grant marketing consent via our cookie banner; until then, no requests are made to Facebook servers and no Pixel events fire. See Meta's Privacy Policy.
  • Microsoft Corporation — Bing Webmaster & IndexNow (United States) — Crawl-status reporting and indexing notifications for SEO. We share only URLs of public Marketplace pages; no personal data is transmitted. See Microsoft's Privacy Statement.

5.2 Between Buyer and Vendor

When a Buyer purchases a Product or Service from a Vendor, we share with the Vendor: the Buyer's username, the purchased Product, the purchase date, and the order ID. We do not share the Buyer's billing address, payment method, or email address unless required to fulfill the Order (e.g., for custom Services where direct communication is needed).

For custom Service Orders, we additionally share the Buyer's project brief, milestone deliverables, revision requests, and direct in-Marketplace messages with the assigned Vendor for the purpose of completing the engagement. These project materials are retained for 3 years after Order completion to support dispute resolution, then deleted or anonymized unless legally required to retain longer. Vendors are contractually required to keep Buyer project information confidential and to use it solely for the purpose of fulfilling the Order.

5.3 Legal & Safety

We may disclose personal information to:

  • Government authorities, courts, or regulators when required by law (e.g., subpoena, tax audit);
  • Our legal counsel, accountants, and auditors under confidentiality;
  • Successor parties in the event of a merger, acquisition, or sale of assets, subject to confidentiality protections and continued application of this Policy.

5.4 With Your Consent

We may share personal information with third parties not listed above only with your explicit consent, given separately at the time of sharing.

6. International Data Transfers

Because the Marketplace serves customers globally and our service providers operate across multiple jurisdictions, your personal information may be transferred to and processed in countries outside your country of residence, including the United Kingdom, European Union, United States, and the Republic of Armenia.

For transfers from the EU/UK to countries that do not have an adequacy decision, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms.

7. Data Retention

We retain personal information only as long as needed for the purposes described in this Policy or as required by law. Typical retention periods:

Category Retention Period
Active account data Until you close your account
Order records (for tax, accounting, and refund disputes) 7 years after the order date
Vendor KYC documents 7 years after vendor offboarding (legal compliance)
Traffic / analytics logs 90 days, then anonymized
Support and dispute communications 3 years after resolution
Marketing email opt-ins Until you unsubscribe, plus 30 days for processing

Closed accounts: we retain a minimum dataset (email hash, last login, order IDs) to honor refund disputes, prevent re-registration of banned accounts, and meet tax record-keeping obligations. Other data is deleted or anonymized within 30 days of account closure unless legally required to retain.

8. Your Rights

Depending on where you live, you may have some or all of the following rights:

  • Right of access — request a copy of the personal information we hold about you.
  • Right to rectification — correct inaccurate or incomplete information.
  • Right to erasure ("right to be forgotten") — request deletion of your data, subject to our legal retention obligations.
  • Right to restriction — limit our processing in specific cases.
  • Right to data portability — receive your data in a machine-readable format and transmit it to another controller.
  • Right to object — including objecting to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.
  • Right to lodge a complaint with your local data protection authority. For Armenia, this is the Personal Data Protection Agency of the Ministry of Justice of the Republic of Armenia (Անձնական տվյալների պաշտպանության գործակալություն). For the EU, this is your country's national Data Protection Authority. For the UK, this is the Information Commissioner's Office (ICO).

To exercise any of these rights, email support@sosecore.com from the email address associated with your account. We will respond within 30 days (extendable by 60 days in complex cases, with notice).

9. Cookies & Similar Technologies

We use cookies and similar technologies (such as localStorage and HTTP-only session cookies) to operate the Marketplace and, with your consent, to measure traffic and personalize advertising. We group these technologies into four categories:

Category Purpose Consent Required?
Necessary Session management, login persistence, CSRF protection, cart state, checkout flow No — strictly required for the site to function
Functional Language preference, theme, recently viewed items Yes — opt-in via banner
Analytics Google Analytics 4 — anonymized traffic and usage statistics Yes — opt-in via banner
Marketing Facebook Pixel — conversion tracking for advertising campaigns Yes — opt-in via banner

9.1 How We Obtain Consent

When you first visit the Marketplace from the EU/EEA, UK, or another jurisdiction with comparable cookie law, we present a cookie consent banner with three equally prominent options:

  • Accept all — grants consent for all four categories above;
  • Reject all — keeps only Necessary cookies; Functional, Analytics, and Marketing are denied;
  • Customize — opens a preferences panel where you can grant or deny each non-essential category individually.

No analytics or marketing technologies are activated until you make an explicit choice. We implement Google Consent Mode v2 for Google Analytics, meaning the GA4 script defaults to a "denied" state — no analytics or advertising data is collected — until you grant consent. Facebook Pixel is loaded only after marketing consent is granted; before consent, no Pixel script runs and no events fire.

9.2 How We Store Your Choice

Your consent choice is stored in your browser's localStorage under the key sosecore_consent as a JSON object with the categories you accepted and a timestamp. The consent record is local to your browser; we do not transmit it to our server. The record is valid for 12 months from the timestamp, after which the banner appears again to obtain fresh consent (in line with GDPR best practice).

9.3 How To Change Your Choice

You may change your consent at any time by clicking the "Cookie preferences" link in the site footer. The same Customize panel opens, and your new selection takes effect immediately — Google Consent Mode is updated, and Facebook Pixel is loaded or remains dormant according to your new marketing preference.

You may also clear all cookies and localStorage data through your browser settings; however, blocking Necessary cookies will prevent core Marketplace functions (such as login, cart, and checkout) from working.

9.4 Specific Cookies and Storage Items

Name Type Category Purpose Lifetime
PHPSESSID HTTP-only cookie Necessary Server-side session identifier (login, cart) Session
sosecore_consent localStorage Necessary Your cookie consent choice 12 months
_ga, _ga_* First-party cookie Analytics Google Analytics 4 visitor identification Up to 24 months
_fbp, fr First-party / third-party cookie Marketing Facebook Pixel attribution and audience tracking Up to 3 months

Additional cookies may be set by our third-party Payment Processor during checkout. See the Payment Processor's own privacy policy (linked from the checkout page) for details on those.

10. Children's Privacy

The Marketplace is not directed at individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we discover that we have collected such information, we delete it without undue delay. If you believe a child has provided us with personal information, please contact support@sosecore.com.

11. Security

We use commercially reasonable technical and organizational measures to protect personal information, including:

  • HTTPS/TLS encryption for all data in transit;
  • Bcrypt password hashing (cost factor 12);
  • Regular security updates of the platform and infrastructure;
  • Access controls limiting administrative access to authorized personnel;
  • Honeypot, CAPTCHA, and rate-limiting on registration and submission endpoints;
  • Server-side validation against common attacks (XSS, CSRF, SQL injection).

Despite these measures, no system is perfectly secure. In the event of a personal-data breach that creates a high risk to your rights and freedoms, we will notify affected users and applicable authorities without undue delay and, where required, within 72 hours.

12. Changes to This Policy

We may update this Policy from time to time. When we do, we will:

  • Update the "Last updated" date below;
  • Notify registered Users by email and/or in-app notification at least 14 days before material changes take effect (for example, new categories of data collected, new sharing recipients, or expanded retention periods);
  • Continue to process previously collected data under the policy in effect at the time of collection, unless you consent to the new terms.

13. Contact

For any privacy-related question, request, or complaint, please contact:

Operator: Sergey Babayan, independent sole trader (Individual Entrepreneur)
Location: Yerevan, Republic of Armenia
Email: support@sosecore.com
Website: https://sosecore.com
Tax registration and full legal entity details available upon written request from business, regulatory, or law-enforcement partners.

Until SoseCore reaches the size that requires appointing a Data Protection Officer under Article 37 of the GDPR, privacy requests sent to the email address above will be handled directly by the Marketplace operator.

Effective date: 12 June 2026  |  Last updated: 12 June 2026

Last updated: Jun 12, 2026
Share:

Your Cart

We use cookies

We use cookies to operate the Marketplace and, with your consent, to measure traffic (Google Analytics) and personalize ads (Facebook Pixel). Read our Privacy Policy.

Cookie preferences

Choose which cookie categories you accept. Necessary cookies are always on because the Marketplace cannot operate without them. You can change these settings any time via the "Cookie preferences" link in the footer.

Necessary
Always on

Session, login, CSRF protection, cart contents. Required for the site to function.

Functional

Language preference, theme, recently viewed items.

Analytics

Google Analytics 4 — anonymized traffic and usage statistics. Helps us improve the Marketplace.

Marketing

Facebook Pixel — conversion tracking for advertising campaigns on Facebook and Instagram.