KwadMarket Docs
Product Roadmap

Legal & Compliance

Required legal pages, GDPR compliance and company registration

Launch blocker

Legal pages are an EU requirement and OAuth providers ask for the privacy URL — tracked in the launch checklist. Company registration is a hard prerequisite before going live with payments.

Required pages

Terms of Service (CGU)

Platform role (intermediary, not seller) · user obligations (accurate listings, no counterfeits) · transaction rules (escrow, delivery, dispute timeline) · commission disclosure · account termination conditions · liability limitations · governing law (French law if FR-based).

Privacy Policy (Politique de confidentialité)

Data collected (email, name, location, payment info via Stripe) · purpose of processing · third-party sharing (Stripe, Sentry, analytics) · retention periods · user rights (access, rectification, deletion — GDPR Art. 15-22) · cookie policy · DPO contact.

GDPR-compliant banner — active consent required for non-essential cookies, not just a notice. Categories: Essential (auth, session) / Analytics / Marketing. Save the choice, allow withdrawal.

Company/individual name and address · hosting provider info · publication director · SIRET/SIREN if applicable.

Selling conditions (CGV — if the platform takes commission)

Commission rate and calculation · payment terms · refund policy · delivery responsibilities · dispute resolution process.

GDPR compliance

  • Right to access: user can download their data (JSON export of deals, messages, profile)
  • Right to deletion: account + data deletion flow (30-day grace period)
  • Consent tracking: record when/how consent was given
  • Cookie consent manager (e.g. Tarteaucitron.js or custom)
  • Privacy-by-design: minimize data collection

Decision: company registration required before launch

Hard prerequisite before going live with payments:

  • Register company (SAS or SASU recommended for marketplace platforms in France)
  • Obtain SIRET/SIREN
  • Register as marketplace intermediary (article L. 111-7 Code de la consommation)
  • Open business bank account (needed for the Stripe Connect platform account)
  • Consult an e-commerce lawyer for legal text review
  • PCI DSS: handled by Stripe (never store card data on our side)

Tasks

  • /legal/terms, /legal/privacy, /legal/cookies, /legal/mentions pages + footer links
  • Cookie consent banner component; consent storage (localStorage + DB record)
  • User data export endpoint (GDPR); account deletion flow
  • Legal review by a professional (external)

On this page