HandIt!HandIt!
Legal

Privacy Policy

How we collect, use, and protect your information

Last updated: March 2026

1. Data Controller

The data controller responsible for your personal data is:

  • PFA Tofan Ioan
  • CUI: 52890378 · Reg. Com.: F2025045639006
  • B-dul Bucureștii Noi 136, Sector 1, București, Romania
  • Email: contact@handit.me

For any data protection inquiries, you can contact us at the email address above. We are committed to processing your data in accordance with Regulation (EU) 2016/679 (GDPR) and Romanian Law 190/2018.

2. Information We Collect

Account Information

  • Name, email address, and phone number
  • Profile photo and bio
  • Skills and categories of interest
  • Authentication data (email/password, or identity tokens from Google/Apple Sign-In)
  • Payment information — processed by Stripe (web), Apple (iOS), or Google Play (Android). We do not store card details.

Usage Information

  • Location data (only with your permission, used for nearby tasks)
  • Task and credit transaction history
  • Borrow listing and request history, including item condition reports
  • Messages between users (text and images)
  • Reviews and ratings you give or receive
  • Feedback posts and votes

Behavioral and Analytics Data

  • Behavioral and Analytics Data: Usage and behavioral data: We collect screen views, navigation patterns, feature usage (such as task creation, searches, and applications), and interaction events within our platform. This data is linked to your account when logged in, or stored with an anonymous session identifier when not. We do not collect IP addresses, device fingerprints, or advertising identifiers through this system.

Technical Information

  • Device type, operating system, and browser information
  • Push notification tokens (for delivering notifications to your device)
  • IP address and general location derived from it
  • Cookie preferences and consent choices

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Connect you with tasks and helpers in your area
  • Process credit transactions, in-app purchases, and cash withdrawals
  • Send you notifications about task updates, messages, and account activity
  • Verify your identity for cash withdrawals (via Stripe Connect)
  • Calculate trust scores and display reviews
  • Moderate content for safety (including AI-assisted image and text moderation)
  • Respond to your questions and provide support
  • Detect and prevent fraud, spam, and abuse
  • Analyze usage patterns and feature adoption to improve the platform experience

5. AI and Automated Processing

HandIt! uses artificial intelligence in several features. We believe in transparency about how AI processes your data:

AI-Powered Features

  • Credit suggestions: When creating a task, AI analyzes the task title, description, category, and difficulty to suggest a fair credit amount. This data is sent to OpenAI for processing.
  • Image moderation: Images uploaded in chat are analyzed by OpenAI's Moderation API to detect inappropriate content.
  • Chat assistance: The messaging system uses AI to help with communication features.
  • Feedback processing: When submitting feedback, AI is used to assist with categorization and processing.
  • Fraud detection: Automated systems analyze patterns to detect potentially fraudulent activity. This may include flagging unusual credit transactions or suspicious account behavior.

Your Rights Regarding AI

Under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Our AI features assist human decision-making rather than making fully automated decisions. If you believe an automated decision has affected you, contact us at contact@handit.me for human review.

6. Information Sharing

We do not sell your personal information. We share data with the following categories of recipients:

Other Users

Your public profile, reviews, task listings, and borrow listings are visible to other users as part of the service.

Service Providers (Data Processors)

We use the following third-party services to operate HandIt!:

  • Supabase (AWS, EU/US) — Database hosting, authentication, file storage, real-time messaging
  • Stripe (US) — Web payment processing, cash withdrawals, identity verification
  • Apple / Google (US) — In-app purchases and subscription management on mobile
  • OpenAI (US) — AI credit suggestions, image moderation, chat assistance, feedback processing
  • Google Analytics (US) — Anonymous website usage analytics
  • Microsoft Clarity (US) — Session recording and heatmaps to understand how users interact with our website (anonymized)
  • Expo (US) — Push notification delivery for mobile apps
  • Twilio (US) — Phone number verification via SMS
  • Resend (US) — Transactional email delivery (welcome emails, support tickets)
  • Mapbox (US) — Map rendering and geocoding
  • Vercel (US) — Web application hosting

Legal and Safety

  • Legal compliance: To comply with laws, regulations, or legal requests
  • Safety: To protect the rights, safety, and property of users and HandIt!

7. International Data Transfers

HandIt! is operated from Romania (EU). However, some of our service providers are based in the United States. When your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • EU-US Data Privacy Framework (for certified US providers)
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable

You can request more information about the specific safeguards applied to your data transfers by contacting us at contact@handit.me.

8. Location Data

HandIt! uses your location to show you nearby tasks and connect you with local helpers. We collect location data only when you use the app and with your explicit permission.

  • Location is used for task matching, distance calculations, and map features
  • Task locations are slightly randomized (fuzzed) to protect exact addresses from other users
  • Location data may be used to provide region-appropriate credit suggestions
  • You can disable location access in your device settings or in Settings → Privacy, though this will limit functionality

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure payment processing through Stripe (PCI DSS compliant), Apple, and Google
  • Encrypted session storage on mobile devices (MMKV)
  • Row-level security policies on all database tables
  • Regular security audits and monitoring
  • Access controls limiting access to user data

While we strive to protect your data, no method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to contact@handit.me.

10. Your Rights (GDPR)

Under GDPR and Romanian Law 190/2018, you have the following rights:

  • Access (Art. 15): Request a copy of your personal data. Use Settings → Privacy → Export Your Data to download your data in JSON format.
  • Rectification (Art. 16): Update or correct your information anytime in your profile settings.
  • Erasure (Art. 17): Request deletion of your account via Settings → Privacy → Delete Account. Your personal data will be anonymized and your account deactivated. Reviews are anonymized (your name is removed). Transaction records may be retained as required by law.
  • Data portability (Art. 20): Export your data in a machine-readable JSON format.
  • Restrict processing (Art. 18): Control what data is visible via privacy settings (online status, last active, rating, task history, location).
  • Object to processing (Art. 21): Object to processing based on legitimate interest. Contact us to exercise this right.
  • Withdraw consent (Art. 7): Withdraw consent for location access, analytics cookies, or marketing cookies at any time without affecting prior processing.
  • Automated decision-making (Art. 22): Request human review of any automated decisions that significantly affect you.

You can exercise most rights directly in the app under Settings → Privacy. For assistance or to file a complaint, contact us at contact@handit.me. We respond within 30 days.

You also have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) at www.dataprotection.ro.

11. Data Retention

We retain your data for as long as your account is active. When you delete your account:

  • Your personal information is anonymized (name, email, phone, photo are scrubbed)
  • Your authentication account is permanently deleted (you can no longer log in)
  • Messages are disassociated from your identity
  • Reviews are anonymized (your name is removed but the review content is preserved)
  • Transaction records are retained for legal and tax compliance as required by Romanian law

Account anonymization is processed immediately upon your request. The anonymized profile record is retained to maintain referential integrity of the platform (e.g., completed task history, review counts).

Analytics Data Retention: Anonymous analytics sessions (from users who do not create an account) are automatically deleted after 30 days of inactivity. For authenticated users, raw analytics events are aggregated into anonymous daily summaries after 180 days, after which individual event records are deleted. Aggregated summaries contain no personal identifiers and are retained indefinitely for long-term trend analysis.

12. Cookies and Tracking

We use cookies and similar technologies on our website. You can manage your preferences through our cookie consent banner or via the Cookie Settings link in the footer.

Essential Cookies (always active)

Required for authentication, security, and basic platform functionality. These cannot be disabled.

Analytics Cookies (opt-in)

  • Google Analytics: Collects anonymous usage data to help us understand how users interact with our website
  • Microsoft Clarity: Records anonymized session replays and heatmaps to help us improve the user experience. Clarity may record mouse movements, clicks, and scroll behavior on our website.
  • HandIt Platform Analytics: We collect first-party usage data including screen views, feature interactions, and search queries to understand how our platform is used and improve the experience. This system operates under legitimate interest (not cookie consent) as it does not use cookies on the web — it uses a session identifier stored in a first-party cookie with a 30-day expiry. On mobile, a random session identifier is stored locally on your device. No IP addresses, device fingerprints, or cross-site tracking is involved.

Marketing Cookies (opt-in)

Used for personalized advertising and campaign tracking. Currently not active but may be enabled in the future. You will be asked for consent before any marketing cookies are set.

You can change your cookie preferences at any time by clicking "Cookie Settings" in the footer or adjusting your browser settings.

13. Children's Privacy

HandIt! is not intended for users under 13 years old. We do not knowingly collect personal information from children under 13. If we learn we have collected data from a child under 13, we will delete it promptly. Users between 13-18 should have parental consent to use the platform, in accordance with GDPR Article 8 and Romanian law.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or by email. Your continued use of HandIt! after changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.

15. Contact Us

If you have any questions about this Privacy Policy or your data, please contact us at contact@handit.me

For data protection complaints, you may also contact the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP): www.dataprotection.ro

Related Documents

Terms of ServiceContact Us
Privacy Policy | HandIt!