TaskerSpace

Privacy Policy

Effective date: 22 May 2025

1. Data Controller

NAK SINERGY Ltd., UIC 207807952, registered office: Bulgaria, Kostenets (2042), 1 Prolet St. ("the Company", "we") is a data controller within the meaning of Regulation (EU) 2016/679 ("GDPR") and the Personal Data Protection Act.

This Privacy Policy describes what personal data we collect, how we use it, who we share it with, and what rights you have when using the TaskerSpace platform, accessible at https://taskerspace.app.

For questions about data processing, contact us at: tasker.space.beta@gmail.com.

2. Categories of Personal Data We Collect

2.1. Data you provide

When registering and using the Platform we collect:

  • Identification data: full name, email address;
  • Profile data: photo, bio, services offered (for Workers);
  • Payment data: processed entirely by Stripe. We do not store card numbers or full banking details;
  • Worker bank account data: IBAN required to receive payments via Stripe Connect;
  • Communication data: messages within the Platform;
  • Rating and review data.

2.2. Data collected automatically

When using the Platform we automatically collect:

  • Technical data: IP address, browser type and version, operating system;
  • Usage data: pages visited, date and time of access, actions within the Platform;
  • Location data: approximate location derived from your IP address, and precise location when posting a task (only with your explicit consent).

2.3. Data from third parties

If you register via Google OAuth, we receive from Google your email, public username, and profile photo within the scope of the permissions you grant.

3. Purposes and Legal Basis for Processing

We process your personal data on the following bases:

  • Performance of a contract (Art. 6(1)(b) GDPR): account registration and management; booking and payment processing; provision of Platform functionality.
  • Legitimate interests (Art. 6(1)(f) GDPR): fraud and abuse prevention; Platform improvement and security; dispute resolution between Users.
  • Compliance with a legal obligation (Art. 6(1)(c) GDPR): retention of financial records under the Accounting Act; provision of data to competent authorities when required by law.
  • Consent (Art. 6(1)(a) GDPR): sending marketing communications (only with explicit consent, which may be withdrawn at any time).

4. Recipients of Personal Data

Your personal data may be shared with:

  • Stripe, Inc. — for payment processing. Stripe is PCI DSS certified and processes data under its own Privacy Policy (https://stripe.com/privacy).
  • Supabase, Inc. — database and authentication provider. Data is stored in the EU West (Frankfurt) region.
  • Google LLC — for Google OAuth and maps services. Processing is governed by Google's Privacy Policy (https://policies.google.com/privacy).
  • Resend, Inc. — for transactional email delivery.
  • Railway, Inc. — Platform hosting. Servers are located in the EU West (Amsterdam) region.

All data processors are bound by data processing agreements ensuring GDPR-compliant protection.

We do not sell, rent, or disclose your personal data to third parties for advertising purposes.

5. International Data Transfers

Some of our providers (Stripe, Google, Resend, Railway) may process data outside the European Economic Area. In such cases the transfer is carried out on the basis of Standard Contractual Clauses approved by the European Commission, or another appropriate safeguard under GDPR.

6. Retention Periods

We retain your personal data for the following periods:

  • Active account data: for the duration of the account + 30 days after its termination;
  • Transaction and financial records: 5 years under the Accounting Act;
  • Technical logs: up to 90 days;
  • Marketing data: until consent is withdrawn.

After the relevant period, data is deleted or anonymised.

7. Your Rights

Under GDPR you have the following rights:

  • Right of access: to receive a copy of the personal data we process about you;
  • Right to rectification: to request correction of inaccurate or incomplete data;
  • Right to erasure ("right to be forgotten"): to request deletion of your data under certain conditions;
  • Right to restriction of processing: to request a temporary halt to processing;
  • Right to data portability: to receive your data in a structured, machine-readable format;
  • Right to object: to object to processing based on legitimate interests;
  • Right to withdraw consent: at any time, without affecting the lawfulness of processing before withdrawal.

To exercise these rights, send a request to tasker.space.beta@gmail.com. We will respond within 30 days.

You have the right to lodge a complaint with the Commission for Personal Data Protection (CPDP), Sofia, 2 Prof. Tsvetan Lazarov Blvd., website: https://www.cpdp.bg.

8. Cookies

The Platform uses strictly necessary cookies to support authentication and session functionality. We do not use tracking or advertising cookies without your consent.

If analytics tools are introduced in the future, we will update this Policy and add a consent management mechanism.

9. Data Security

We apply appropriate technical and organisational measures to protect your personal data, including:

  • encryption of data in transit (HTTPS/TLS);
  • role-based access control;
  • regular system monitoring and auditing;
  • data storage with certified providers within the EU.

In the event of a data breach likely to affect your rights and freedoms, we will notify you within the statutory deadline.

10. Changes to This Policy

The Company reserves the right to update this Privacy Policy. For material changes, we will notify you by email or through a notice on the Platform. The date of the last update is shown at the top of this document.

11. Contact

NAK SINERGY Ltd.

UIC: 207807952

Registered office: Bulgaria, Kostenets (2042), 1 Prolet St.

Email: tasker.space.beta@gmail.com

Website: https://taskerspace.app