Aven.

Privacy Policy

Version 1.0 — Effective 25 May 2026

1. Who we are

Ruben Besserat (collectively, "Aven", "we", "us") is the operator of the Aven (אבן) mobile application and the controller of personal data described in this Privacy Policy. We are based in Israel. The interim contact for any privacy matter is rbesserat@gmail.com; once provisioned, our designated contact will be privacy@aven.co.il. A Data Protection Officer will be appointed where required under Amendment 13 or GDPR.

2. The data we collect

You give us

We collect automatically

We receive from third parties

3. Why we use it (legal bases)

PurposeLegal basis (Amendment 13 / GDPR)
Create and operate your account; show your profile to othersPerformance of a contract; consent at sign-up
Match buyers and sellers; deliver messaging, offers, live auctionsPerformance of a contract
Send order, message, offer, bid, and "live-soon" push notificationsPerformance of a contract; legitimate interest in informing users of essential service events
Prevent fraud, abuse, counterfeits; enforce the Terms; respond to disputesLegitimate interest; legal obligation
Product analytics and bug fixingLegitimate interest in improving the Service
Comply with Israeli tax, anti-money-laundering, and law-enforcement requestsLegal obligation
Marketing emails or in-app announcements (where applicable)Consent — opt-in only; you can unsubscribe at any time

4. Who we share it with

Aven shares the minimum data needed with the following processors, each under a written data- processing agreement. We do not sell personal data, do not share with advertising networks, and do not embed third-party ad SDKs.

Some buyers and sellers exchange shipping addresses and phone numbers directly to fulfil orders. That information becomes visible to the counterparty for the order in question; the counterparty is an independent controller of any data you share with them outside the app.

We may disclose information to law-enforcement, courts, or regulators in response to a valid legal request, or where reasonably necessary to prevent imminent harm. Where lawful, we will notify affected users.

5. International transfers

Most data is stored in the EU (Supabase, PostHog) or processed by global vendors with appropriate safeguards (Standard Contractual Clauses or equivalent). Israel is recognised as providing an adequate level of data protection by the European Commission. By using the Service you understand that data may be processed in jurisdictions other than your own.

6. How long we keep it

When you delete your account, we soft-delete immediately, hide your profile and listings from other users, and purge the authentication record within 30 days. Records we are legally required to retain are kept in a minimised, access-restricted form.

7. Your rights

Subject to applicable law, you can:

8. Children

Aven is intended for users aged 18 and over. We do not knowingly collect data from minors. If you believe a minor has registered, please email us and we will remove the account promptly.

9. Security

We apply industry-standard measures: TLS for all traffic, hashed credentials, scoped database access (row-level security), encrypted backups, principle-of-least-privilege admin access, quarterly review of vendor security posture, and incident response procedures. No system is perfectly secure; if we detect a breach affecting your data and there is real risk to your rights, we will notify you and the relevant authority as required by law (and, in any event, within 72 hours under Amendment 13 / GDPR where applicable).

10. Automated decisions & AI

Aven uses automated systems for fraud signals, listing categorisation, and content moderation suggestions, but no decision producing a legal or similarly significant effect on you is taken purely by an automated process without human review. Listing or account suspension decisions are reviewed by a human before becoming permanent.

11. Cookies & trackers

The mobile app does not use browser cookies. Our hosted legal pages use no cookies and no third-party trackers; they load a single Google Fonts stylesheet for typography (no cookies set). Analytics SDKs in the app are described in §2 and §4.

12. Changes

If we materially change this policy we will announce the change in-app at least 14 days before it takes effect, and update the "Version" and "Effective" lines above. We will request fresh consent where required by law.

13. Contact

Controller: Ruben Besserat, Israel.
Privacy contact (interim): rbesserat@gmail.com
Designated address (to be activated): privacy@aven.co.il.
Israeli supervisor: Privacy Protection Authority, Ministry of Justice — gov.il/the_privacy_protection_authority.