Privacy Policy

Proxio ("we", "us", "our") operates the Proxio platform at proxio.com — an online marketplace connecting Customers with local service Providers. This Privacy Policy explains how we collect, use, store, and share personal information when you use our platform. If you have questions about this policy, please contact us via our Contact Support page.

We collect the following categories of personal information: Account information — When you register, we collect your name, email address, and (where applicable) your role as a Customer or Provider. If you sign in with Google, we receive your name and email from Google. Profile information — Providers may optionally add a phone number, address, profile photo, bio, about section, certifications, portfolio images, service descriptions, skills, and years of experience. Customers may optionally add a phone number and saved contact addresses for booking requests. Booking information — When a Customer submits a booking request we collect the selected service, preferred date and time, optional notes, optional contact details (phone number, service address), and any uploaded photo attached to the request. Messages — Content you send through the platform's messaging system. Reviews — Ratings and written feedback submitted by Customers (about Providers) and by Providers (about Customers after a completed booking). Usage data — We may collect standard server log data including your IP address, browser type, pages visited, and timestamps. This is used for security monitoring and platform improvement. Support requests — Information you provide when you contact our support team, including your name, email, role, and message content.

We use your personal information to: - Provide and operate the platform, including matching Customers with Providers. - Process and manage booking requests and status notifications. - Send transactional emails (booking confirmations, status updates, password reset links). - Display your public profile information (Providers) to other users of the platform. - Share relevant contact details between a Customer and Provider when they have an active booking. - Moderate content, reviews, and provider profiles. - Respond to support requests. - Detect and prevent fraud, abuse, and security incidents. - Comply with legal obligations. We do not use your information for automated profiling or decisions that produce significant legal effects.

Where the UK GDPR or EU GDPR applies, we rely on the following legal bases: - Contract — processing necessary to provide the service you have requested (e.g. creating your account, managing bookings). - Legitimate interests — operating, securing, and improving the platform, where our interests are not overridden by your rights. - Legal obligation — where we are required to process data to comply with applicable law. - Consent — where we ask for your consent for specific processing activities (e.g. optional marketing communications, if introduced in future).

We do not sell your personal data. We share it only in the following circumstances: Between Customers and Providers — When a booking is active, the relevant contact details of both parties (phone number, service address) may be visible to each other to facilitate the job. Public profile — Provider profile information (name, bio, services, portfolio, reviews, certifications, response time) is publicly visible to all users, including unauthenticated visitors. Service providers — We use the following third-party services to operate the platform: • Vercel — cloud hosting and serverless functions • Neon / PostgreSQL — database hosting • Cloudinary — image upload and storage (provider photos, booking attachments) • Resend — transactional email delivery • NextAuth / Google OAuth — authentication Each of these providers processes data only as necessary to provide their service to us and is bound by their own privacy and security obligations. Legal requirements — We may disclose your information if required by law, court order, or to protect the rights, property, or safety of Proxio, our users, or the public.

We retain your personal data for as long as your account is active or as needed to provide services. If you close your account, we will delete or anonymise your personal data within a reasonable period, except where we are required to retain it for legal, regulatory, or fraud-prevention purposes. Reviews are associated with completed bookings and may be retained as part of the platform's trust and safety record even after account closure.

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These measures include: - Passwords are hashed using a one-way algorithm and never stored in plain text. - All data in transit is encrypted using TLS. - Database access is restricted to authorised systems only. - Password reset tokens expire after one hour and are single-use. No system is completely secure. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by applicable law.

Depending on where you are located, you may have the following rights regarding your personal data: - Access — request a copy of the personal data we hold about you. - Rectification — ask us to correct inaccurate or incomplete data. - Erasure — request deletion of your data in certain circumstances. - Restriction — ask us to restrict processing of your data in certain circumstances. - Portability — receive your data in a structured, machine-readable format. - Objection — object to processing based on legitimate interests. - Withdraw consent — where processing is based on consent, withdraw it at any time. To exercise any of these rights, please contact us via our Contact Support page. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK or your local supervisory authority in the EU.

We use session cookies and local storage to keep you logged in and remember your preferences. We do not currently use third-party tracking or advertising cookies. If we introduce analytics or advertising tools in the future, we will update this policy and, where required by law, seek your consent first.

Proxio is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

Our platform infrastructure is hosted primarily in the United States and European Union via Vercel and Neon. If your data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses) in accordance with applicable data protection law.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we may notify you by email or by a prominent notice on the platform. Continued use of the platform after changes take effect constitutes your acceptance of the revised policy.

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us via our Contact Support page.