Privacy Policy
Last updated: June 2026
1. Data Controller
Helfr operates as the data controller for all personal data collected through the platform. For questions regarding your data, contact us at [email protected].
2. Data We Collect
We collect: (a) data you provide directly — name, email, phone number, profile photo, bio, and location; (b) data generated by platform use — bookings, chat messages, reviews, and payment transactions; (c) job photos — before and after photos uploaded by clients and service providers to document completed work; (d) device data — push notification token for delivering notifications.
3. How We Use Your Data
Your data is used to operate the marketplace, process payments via Stripe, facilitate communication between clients and providers, resolve disputes, and improve the platform. We do not sell your data to third parties.
4. Payments & Stripe
Payment processing is handled by Stripe, Inc. Card details are never stored on Helfr servers — they are tokenised by Stripe. Stripe's privacy policy (stripe.com/privacy) applies to payment data. We retain transaction records for legal and accounting purposes as required by Swiss law.
5. Identity Verification (Stripe Identity)
Service providers who complete KYC verification submit government-issued identity documents via Stripe Identity. These documents are processed and stored by Stripe, not Helfr. Helfr only stores the verification status (verified / pending / unverified). Stripe's biometric data policy applies.
6. Job Photos
Photos uploaded by clients (before photos) and service providers (after photos) are stored in Supabase Storage (eu-central-2, Zurich). These photos are accessible to both parties in the booking and to Helfr administrators for dispute resolution. Photos may be retained for up to 2 years for legal and dispute purposes.
7. Chat Messages
Messages exchanged between clients and service providers are stored in our database to facilitate the service. Messages related to active or disputed bookings may be reviewed by Helfr administrators in the context of dispute resolution.
8. Push Notifications
With your consent, we send push notifications about booking updates, messages, and payment events via Expo's notification service. Your push token is stored to deliver notifications. You may revoke this permission at any time in your device settings.
9. Data Retention
We retain your account data for as long as your account is active. Upon account deletion, personal data is removed within 30 days, except transaction records and dispute-related data which may be retained for up to 10 years as required by Swiss accounting law.
10. Your Rights (nDSG)
Under Swiss data protection law (nDSG / revDSG), you have the right to: access your personal data; request correction of inaccurate data; request deletion of your data; data portability; and object to certain types of processing. Contact [email protected] to exercise these rights. We respond within 30 days.
11. Third-Party Services
We use the following third-party services: Stripe (payments & KYC), Supabase (database & storage, hosted in Zurich), Expo (push notifications). Each service has its own privacy policy.
12. Cookies & Analytics
The Helfr mobile app does not use browser cookies. We may use anonymised, aggregated analytics to understand app usage patterns and improve the user experience. No personal data is shared with analytics providers.
13. Security
We implement industry-standard security measures: TLS 1.3 encryption in transit, encrypted storage at rest via Supabase (hosted in eu-central-2, Zurich), row-level security policies on all database tables, and Stripe PCI DSS compliance for payment data.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via push notification or email. The date of the latest revision appears at the top of this document.
🛡️ Helfr · Switzerland 🇨🇭 · nDSG compliant