Sidework

Get Started
Legal

Privacy Policy

Last updated: April 2026. This policy explains how Sidework collects, uses, and protects your personal information.

1 Information We Collect

When you use Sidework, we collect information that is necessary to provide our marketplace services. This includes information you provide directly and information generated by your use of the platform.

Account Information

  • Full name, email address, and password (stored as a bcrypt hash – we never store your plain-text password)
  • Profile information including display name, biography, and profile photo
  • Location data (city/region level for search; precise coordinates stored as PostGIS POINT for radius matching)
  • Professional information including service categories, descriptions, and hourly rates

Transaction & Activity Data

  • Booking history including scheduled times, job status, and completion records
  • Messages sent and received within the platform
  • Reviews you give or receive following completed bookings
  • QR session data generated for job validation
  • Notification preferences and interaction history

Technical Data

  • Device type, operating system, and app version
  • IP address and approximate location at login
  • Firebase Cloud Messaging tokens for push notification delivery
  • Audit log entries including action type, timestamp, and entity affected

2 How We Use Your Information

We use the information we collect exclusively to operate and improve the Sidework platform. We do not sell your personal data to third parties.

  • Matching & Discovery: Your location and availability are used to match you with relevant providers or clients within your requested radius and time window.
  • Service Delivery: Booking management, QR validation, payment processing, and dispute resolution all require access to your account and transaction data.
  • Communications: We use your contact details to send transactional emails (booking confirmations, password resets) and push notifications for platform events.
  • Safety & Moderation: Audit logs, IP data, and flagged content are used by our admin team to investigate and resolve reports of abuse or policy violations.
  • Platform Improvement: Aggregated, anonymized usage data helps us improve search relevance, app performance, and feature development.
We process your data on the legal bases of contract performance (providing the service you signed up for), legitimate interests (platform security and fraud prevention), and consent (marketing communications, where applicable).

3 Information Sharing

We share your information only in the following limited circumstances:

  • Other Users: Your public profile (display name, rating, services, bio, and avatar) is visible to other Sidework users. Your exact address and email address are never shared publicly.
  • Payment Processors: Stripe receives transaction data necessary to process payments and manage escrow. Stripe’s privacy policy governs their handling of this data.
  • Notification Services: Firebase Cloud Messaging (Google) receives device tokens necessary to deliver push notifications to your device.
  • Cloud Infrastructure: Profile photos and documents are stored on AWS S3 or Cloudflare R2 with access controls enforced at the application layer.
  • Legal Requirements: We may disclose information when required by law, court order, or to protect the rights, safety, or property of Sidework or its users.

We do not sell, rent, or trade your personal data to advertisers or data brokers under any circumstances.

4 Data Storage & Security

Sidework is built with security as a foundational requirement, not an afterthought.

  • All data is stored on PostgreSQL 16 with PostGIS. All timestamps are stored in UTC as timestamptz.
  • All primary keys use UUIDs rather than sequential integers to prevent enumeration attacks.
  • All API communication is over HTTPS with HSTS enforced. No plain-text transmission of sensitive data.
  • Passwords are hashed using bcrypt with a minimum cost factor of 12 – we cannot recover your password and do not store it in any readable form.
  • Authentication tokens (Laravel Sanctum) rotate on every use. Tokens expire after 30 days of inactivity.
  • Rate limiting is enforced on all login endpoints (5 attempts per minute per IP). Accounts are locked after 10 consecutive failures.
  • All records use soft deletes – data is flagged inactive rather than permanently erased immediately, enabling audit and recovery within our retention period.
  • Error tracking (Sentry) and query monitoring (Laravel Telescope) are used to detect anomalies and performance issues.
Despite our technical safeguards, no system is completely immune to breach. In the event of a data breach affecting your personal information, we will notify you in accordance with applicable law.

5 Location Data

Location is central to how Sidework works. We handle it carefully.

  • Your location is stored as a PostGIS geographic POINT in our database, used exclusively for radius-based provider discovery.
  • Your precise location is never displayed on your public profile. Only a city/region-level description is shown to other users.
  • Location data is used in real-time search queries to match you with providers or clients and is not retained separately from your profile record.
  • You can update or remove your location from your profile settings at any time.
  • If you deny location permissions on your device, you can still use the app by entering a location manually.

6 Payments & Financial Data

Sidework does not store your full payment card details on its servers at any point.

  • All payment processing is handled by Stripe, a PCI-DSS compliant payment processor.
  • We store only the Stripe Payment Intent ID, booking amount, currency, and payment status for our own records.
  • Funds are held in escrow by Stripe Connect and released only after QR job validation and the 24-hour dispute window has passed without a raised dispute.
  • In the event of a successfully resolved dispute, refunds are processed through Stripe and may take 5-10 business days to appear depending on your bank.
  • Post-MVP, Apple Pay and Google Pay will be supported as additional payment methods, handled entirely within their respective secure payment frameworks.

7 Communications

We communicate with you for the following purposes:

  • Transactional: Booking confirmations, status updates, password resets, email verification, and dispute notifications. These are essential and cannot be opted out of while you maintain an active account.
  • Push Notifications: Real-time alerts for messages, booking requests, job completions, and payment events. These can be managed per-type in your notification preferences within the app.
  • Email Communications: Sent via Mailgun or Amazon SES. We retain sending logs for deliverability monitoring; email content is not retained beyond 30 days.

You may unsubscribe from non-essential marketing communications at any time using the unsubscribe link in any marketing email, or via your account notification settings.

8 Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your account and associated personal data, subject to our legal retention obligations and any outstanding bookings or disputes.
  • Portability: Request your data in a structured, machine-readable format.
  • Restriction: Request that we restrict processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. For users in the EU/EEA, you also have the right to lodge a complaint with your local data protection authority.

9 Cookies & Tracking

The Sidework mobile app does not use browser cookies. The admin dashboard web application uses the following:

  • Session cookies: Required for authentication and CSRF protection. These are deleted when you close your browser.
  • Error tracking: Sentry uses minimal telemetry to capture error context. No advertising or behavioral tracking is performed.
  • Analytics: If analytics are enabled, only anonymized, aggregated data is collected. Individual behavior is not tracked or profiled.

We do not use third-party advertising cookies, tracking pixels, or behavioral profiling technologies on any part of the Sidework platform.

10 Children’s Privacy

Sidework is intended for users who are 18 years of age or older. We do not knowingly collect personal information from individuals under 18.

If we become aware that a user under 18 has registered on the platform, we will promptly deactivate their account and delete their personal data. If you believe a minor has registered, please contact us at [email protected].

11 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by:

  • Posting the updated policy on this page with a revised “Last Updated” date
  • Sending a notification within the Sidework app
  • Where required by law, seeking your renewed consent

We encourage you to review this policy periodically. Continued use of Sidework after a policy update constitutes acceptance of the revised terms.