Ruben Besserat (collectively, "Aven", "we", "us") is the
operator of the Aven (אבן) mobile application and the controller of personal
data described in this Privacy Policy. We are based in Israel. The interim contact for any
privacy matter is rbesserat@gmail.com; once
provisioned, our designated contact will be privacy@aven.co.il. A Data Protection
Officer will be appointed where required under Amendment 13 or GDPR.
| Purpose | Legal basis (Amendment 13 / GDPR) |
|---|---|
| Create and operate your account; show your profile to others | Performance of a contract; consent at sign-up |
| Match buyers and sellers; deliver messaging, offers, live auctions | Performance of a contract |
| Send order, message, offer, bid, and "live-soon" push notifications | Performance of a contract; legitimate interest in informing users of essential service events |
| Prevent fraud, abuse, counterfeits; enforce the Terms; respond to disputes | Legitimate interest; legal obligation |
| Product analytics and bug fixing | Legitimate interest in improving the Service |
| Comply with Israeli tax, anti-money-laundering, and law-enforcement requests | Legal obligation |
| Marketing emails or in-app announcements (where applicable) | Consent — opt-in only; you can unsubscribe at any time |
Aven shares the minimum data needed with the following processors, each under a written data- processing agreement. We do not sell personal data, do not share with advertising networks, and do not embed third-party ad SDKs.
Some buyers and sellers exchange shipping addresses and phone numbers directly to fulfil orders. That information becomes visible to the counterparty for the order in question; the counterparty is an independent controller of any data you share with them outside the app.
We may disclose information to law-enforcement, courts, or regulators in response to a valid legal request, or where reasonably necessary to prevent imminent harm. Where lawful, we will notify affected users.
Most data is stored in the EU (Supabase, PostHog) or processed by global vendors with appropriate safeguards (Standard Contractual Clauses or equivalent). Israel is recognised as providing an adequate level of data protection by the European Commission. By using the Service you understand that data may be processed in jurisdictions other than your own.
When you delete your account, we soft-delete immediately, hide your profile and listings from other users, and purge the authentication record within 30 days. Records we are legally required to retain are kept in a minimised, access-restricted form.
Subject to applicable law, you can:
Aven is intended for users aged 18 and over. We do not knowingly collect data from minors. If you believe a minor has registered, please email us and we will remove the account promptly.
We apply industry-standard measures: TLS for all traffic, hashed credentials, scoped database access (row-level security), encrypted backups, principle-of-least-privilege admin access, quarterly review of vendor security posture, and incident response procedures. No system is perfectly secure; if we detect a breach affecting your data and there is real risk to your rights, we will notify you and the relevant authority as required by law (and, in any event, within 72 hours under Amendment 13 / GDPR where applicable).
Aven uses automated systems for fraud signals, listing categorisation, and content moderation suggestions, but no decision producing a legal or similarly significant effect on you is taken purely by an automated process without human review. Listing or account suspension decisions are reviewed by a human before becoming permanent.
The mobile app does not use browser cookies. Our hosted legal pages use no cookies and no third-party trackers; they load a single Google Fonts stylesheet for typography (no cookies set). Analytics SDKs in the app are described in §2 and §4.
If we materially change this policy we will announce the change in-app at least 14 days before it takes effect, and update the "Version" and "Effective" lines above. We will request fresh consent where required by law.
Controller: Ruben Besserat, Israel.
Privacy contact (interim): rbesserat@gmail.com
Designated address (to be activated): privacy@aven.co.il.
Israeli supervisor: Privacy Protection Authority, Ministry of Justice — gov.il/the_privacy_protection_authority.