Privacy Policy — sidequest.university

1. Introduction

sidequest.university ("we", "us", "our") operates the sidequest.university platform (the "Service"). We are the data controller responsible for your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using our Service, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

Email address
Password (stored encrypted)
Display name
Profile information you choose to provide

2.2 Location Data

With your explicit consent, we collect your precise location data to:

Show you nearby tasks
Allow you to post tasks at your location
Send you notifications about tasks near you

Important: Your exact location is never shown to other users. We display task locations with reduced precision (approximately 11 metres accuracy) to protect your privacy. We only store your most recent location for matching purposes and do not track your location history.

2.3 Task and Communication Data

We collect information you provide when using the Service:

Task descriptions, titles, and details
Messages sent to other users within the scope of a specific task
Ratings and reviews you provide
Task acceptance and completion records

2.4 Push Notification Data

If you opt in to push notifications, we store:

Your browser's push notification subscription endpoint
Encryption keys necessary to send you notifications

2.5 Technical Information

We automatically collect certain technical information:

IP address (for security and anti-abuse purposes)
Browser type and device information
Log data (timestamps, page requests, errors)

2.6 Payment and Transaction Data

When you pay for or get paid for a task, our payment provider Stripe processes the transaction. We receive and store limited transaction data — amounts, status, and a Stripe reference — to operate the Service. We never see or store your full card details; these are handled directly by Stripe. Task Doers receiving payouts provide identity and bank details directly to Stripe under Stripe's terms.

3. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the Service
Match you with nearby tasks based on your location and preferences
Facilitate communication between task requesters and doers
Send you notifications about task updates and nearby opportunities
Prevent fraud, abuse, and violations of our Terms of Service
Improve and develop new features for the Service
Respond to your inquiries and provide customer support
Comply with legal obligations

Our Legal Bases (UK GDPR)

We rely on the following lawful bases to process your personal data:

Performance of a contract: to provide the Service, match tasks, and process payments you ask us to make.
Consent: for precise location data and push notifications, which you can withdraw at any time.
Legitimate interests: to keep the Service secure, prevent fraud and abuse, and improve our features — balanced against your rights.
Legal obligation: where we must process or retain data to comply with the law.

4. How We Share Your Information

4.1 With Other Users

When you post or accept a task, limited information is shared:

Your display name and profile information
Approximate task location (reduced precision for privacy)
Messages you send within a task
Ratings and reviews after task completion

4.2 Service Providers

We share data with trusted third parties who process it on our behalf to operate the Service:

Stripe — payment processing and payouts
Our hosting provider — to run the Service and store data
Email delivery provider — to send account and task emails
Rollbar — error monitoring, which may receive technical and browser data when an error occurs

These providers are contractually required to protect your data and use it only to provide their service to us. Some (e.g. Stripe and Rollbar) may process data outside the UK; where they do, we rely on appropriate safeguards as described in Section 10.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights, safety, or the safety of others.

4.4 What We Never Do

We never sell your personal data to third parties.

5. Cookies and Tracking

5.1 Essential Cookies

We use essential cookies that are strictly necessary for the Service to function:

Session cookies: To keep you logged in and maintain your session
CSRF tokens: To protect against cross-site request forgery attacks
Authentication cookies: To verify your identity

When you make a payment, Stripe may set its own cookies to process the transaction securely. For full details, see our Cookie Policy.

5.2 No Tracking or Analytics Cookies (MVP)

We do not use tracking, analytics, advertising, or non-essential cookies during our MVP phase. We do not track your browsing behaviour across websites or use third-party analytics services.

If we introduce analytics or additional cookies in the future, we will update this policy and seek your consent where required by law.

6. Data Retention

We retain your personal data only as long as necessary to provide the Service and fulfil the purposes outlined in this policy:

Account data: Retained while your account is active
Location data: Only your most recent location is stored; older data is not retained
Messages: Retained for 30-90 days after a task is completed
Task and rating data: Retained to maintain service integrity and user reputation

You may request deletion of your account and associated data at any time (see Section 8).

7. Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes:

Encrypted password storage
Secure HTTPS connections
Regular security updates and monitoring
Access controls and authentication

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Your Rights (UK GDPR)

Under UK data protection law, you have the following rights:

Access: Request a copy of your personal data
Rectification: Request correction of inaccurate data
Erasure: Request deletion of your data ("right to be forgotten")
Restriction: Request limitation of processing your data
Portability: Request transfer of your data to another service
Object: Object to processing of your data
Withdraw consent: Withdraw location or notification permissions at any time

To exercise any of these rights, please contact us at hello@sidequest.university. We will respond within one month.

9. Children's Privacy

Our Service is not intended for users under the age of 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately.

10. International Data Transfers

Your data is primarily stored and processed in the United Kingdom. If we transfer data outside the UK, we will ensure appropriate safeguards are in place as required by UK GDPR.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: hello@sidequest.university

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe we have not handled your data appropriately: https://ico.org.uk/