Legal

Privacy

Privacy Policy

We care about your personal data. This notice explains how we process data when you use this website (GDPR Art. 13).

Scope / regional applicability

This notice primarily targets users with habitual residence in the EU/EEA. For access from other jurisdictions, mandatory privacy/consumer rules of those jurisdictions prevail; no additional voluntary protections are promised beyond those. Where marketplace or third-party services are used, their policies also apply.

Controller

Nejat Philip Eryigit - alveos / VetterPlaces Platform Postal address: 21, rue Basse, 3813 Schifflange, Luxembourg No walk-in customers. Email: privacy@alveos.eu

Purposes & legal bases

  • Provide website, stability, security (Art. 6(1)(f) GDPR)
  • Communication (Art. 6(1)(a)/(b) GDPR)
  • Optional: analytics/marketing (Art. 6(1)(a) GDPR)

See also our Cookies page.

Access data / server logs

When you access the site, technically necessary data are processed (e.g., IP address, date/time, URL, referrer, user agent). These serve secure operation and are deleted after a short time.

Cookies

Details: see Cookies. Necessary cookies rely on legitimate interests; additional cookies (analytics/marketing) only with consent.

Contact form / email

If you contact us, we process your details to handle the request. Legal basis is consent or pre-contractual steps. Data are deleted once the purpose is fulfilled and no retention duties apply.

Web analytics (optional)

If analytics software is used, it happens only with consent. IP addresses are shortened; you can withdraw consent at any time.

Recipients / categories of recipients

IT service providers/hosting providers; within data processing agreements (Art. 28 GDPR) where applicable.

Third-country transfers

Transfers to third countries occur only where an adequate level of protection exists (e.g., EU Standard Contractual Clauses) and where necessary.

Storage period

We process personal data only as long as needed for the stated purposes or where statutory retention periods apply.

Your rights

You have rights of access, rectification, erasure, restriction, portability, and objection. You can withdraw given consent. You may lodge a complaint with a supervisory authority.

Security

We take technical and organizational measures to protect your data (e.g., TLS encryption, hardening, logging).

Updates

This privacy notice is updated as needed. Status: 2025-08-27.

Payhip - Payment Processing and Checkout

What is Payhip?

For the sale and checkout of digital products, we use the service provider Payhip Ltd. (UK). Payhip acts as "Merchant of Record" (reseller) - this means the purchase contract is concluded between you and Payhip.

What data is transmitted?

When you click "Buy" and are redirected to Payhip, we transmit the following data:

  • Product information (name, price)
  • Your email address (for download link and invoice)
  • If applicable, your IP address (e.g., for fraud prevention and technical checkout processing)

Payhip processes your payment data (credit card, PayPal, etc.) directly - we do not receive this data.

Legal basis: Contract performance (Art. 6(1)(b) GDPR)

Storage period: Payhip stores your data according to their own policies. Details: see Payhip Privacy Policy.

Your rights: You can request information, deletion, or correction of your data from Payhip via their support channels.

External links

External links are indicated (🔗). We do not assume liability for third-party content and do not adopt such content as our own.

VetterPlaces Content Creator Programme (registration, coupons, attribution)

For Content Creators participating in the VetterPlaces Content Creator Programme, we process the following data for registration, coupon logic, and attribution of transactions:

What data: UTM parameters from links (utm_source, utm_medium, utm_campaign, utm_content), referral code, timestamp, and anonymised transaction ID.

Purpose: Attributing purchases to recommendations/channels, keeping attribution transparent, issuing coupon codes, and where applicable calculating commission-eligible creator revenue.

Legal basis: Contract performance (Art. 6(1)(b) GDPR) in relation to participating Content Creators.

Note: UTM parameters are campaign-related URL parameters, not cookies. They identify the channel (e.g. a YouTube video or blog post), not individual end users. End users are not personally identified by this tracking.

Further details on the Content Creator programme: Terms Section 6c.

VetterPlaces Tester & Creator Portal

For individuals who register and participate as testers or content creators on the VetterPlaces platform, we process the following data:

GitHub OAuth login

When you log in via GitHub, GitHub transmits your public profile data (GitHub user ID, username/login, display name, public avatar URL, and public email if configured). We store the GitHub user ID as a stable identifier and use the login/display name solely for display purposes inside the portal. We do not request write access to your repositories. Legal basis: contract performance (Art. 6(1)(b) GDPR); where login is voluntary pre-registration, consent (Art. 6(1)(a) GDPR).

Application and vetting data

When you apply for a campaign, we process: your motivation text, the campaign you applied for, application timestamp, and the decision (accepted / rejected / pending) with an optional reviewer note. Purpose: matching testers/creators to projects and documenting the decision process. Legal basis: contract performance (Art. 6(1)(b) GDPR).

Contribution and issue verification

When a verified contribution (GitHub issue, PR, or similar) is linked to your tester account, we store: the GitHub issue/PR URL, a link to your account, the verification status, and the timestamp. This data is used to determine reward eligibility. Legal basis: contract performance (Art. 6(1)(b) GDPR).

Reward and coupon issuance

Upon a verified contribution, a reward entitlement (e.g., discount coupon, license key) is generated and recorded with: your GitHub user ID, the product slug, reward type, issuance timestamp, and redemption status. This record is kept for audit purposes. Legal basis: contract performance (Art. 6(1)(b) GDPR); statutory retention duties may extend storage beyond the relationship end.

Recruiter/developer access log

Where a developer interacts with your submitted ticket or application (e.g., accept, reject, request info), a log entry is created. As a tester, you can view which developer-side actions were taken on your data. Legal basis: legitimate interest in transparency and data-subject rights enablement (Art. 6(1)(f) GDPR).

Retention: Portal account data is retained for the duration of your active account plus a 90-day deletion grace period following account deletion. Anonymised aggregate contribution data may be retained for statistical purposes. You may request deletion at any time (see "Your rights" above).

VetterPlaces Developer Portal & Annual Subscription

For developers who subscribe to VetterPlaces (annual or other recurring membership), we process the following data:

Account and identity

Name, email address, GitHub user ID/login, and (where linked) organisation name. This data is required to provide portal access, subscription management, and communication. Legal basis: contract performance (Art. 6(1)(b) GDPR).

Subscription and billing

Subscription tier (e.g., Solo, Developer + RipSnip), billing period, purchase date, next renewal date, and payment reference (not payment card data — payment is processed by Payhip or the marketplace as Merchant of Record). We retain billing records for the duration required by Luxembourg accounting law (currently 10 years). Legal basis: contract performance (Art. 6(1)(b) GDPR); legal obligation (Art. 6(1)(c) GDPR) for accounting retention.

Campaign and project data

Project names, descriptions, campaign settings, and associated tester/creator interactions that a developer creates on the platform. This data is retained during the active subscription and for 30 days after subscription end (export grace period, see Terms §7c.2), after which it is deleted or anonymised. Legal basis: contract performance (Art. 6(1)(b) GDPR).

RipSnip GitHub App connection

If the developer connects the RipSnip GitHub App, we process: GitHub App installation ID, linked repository references, and issue/PR links. This data is deleted upon disconnection or subscription termination. Content in the external GitHub repositories is unaffected and outside VetterPlaces' control. Legal basis: contract performance (Art. 6(1)(b) GDPR).

Audit and security log

Privileged actions in the developer portal (campaign lifecycle changes, tester decisions, reward actions, superadmin interactions) are logged with actor, action type, and timestamp. These logs are used for abuse prevention, dispute resolution, and data-subject transparency. Retention: 24 months. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

Retention: Developer account data is retained for the active subscription period plus the 30-day export grace period. After account deletion on request: personal data is removed; anonymised data may be retained for statistical purposes. See also Terms §7c.

Third-party services (examples)