Privacy Policy

Welcome to HelpPls ("we," "us," or "our"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our marketplace platform connecting consumers with home service professionals.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account or use HelpPls, we collect:

• Account Information: Name, email address, phone number, password (encrypted with bcrypt)
• Profile Information: Business name (for service providers), service specialties, bio, profile photo
• Address Information: Service addresses for consumers, business address for providers
• Payment Information: Processed securely through Stripe (we do not store full credit card numbers)
• Communications: Messages sent through our platform, support requests, and feedback
• Identity Verification: For service providers, we may collect licenses, insurance certificates, and background check information

1.2 Information Collected Automatically

When you use HelpPls, we automatically collect:

• Device Information: Device type, operating system, browser type, IP address, device identifiers
• Location Data: GPS coordinates (with your permission) to match you with nearby service providers
• Usage Data: Pages viewed, features used, search queries, time spent on the platform
• Cookies and Similar Technologies: See our Cookie Policy section below
• Log Data: Server logs including access times, error reports, and API requests

1.3 Information from Third Parties

• Google Maps: Address validation and geocoding services
• Payment Processors: Stripe provides transaction status and payment verification
• Background Check Providers: For service provider verification
• Social Login: If you sign in with Apple or Google, we receive basic profile information

2. How We Use Your Information

We use your data to provide and improve our services:

2.1 Core Service Operations

• Matching: Connect consumers with qualified service professionals based on location, specialty, and availability
• Communications: Send booking confirmations, service reminders, and platform notifications
• Payments: Process payments securely, issue invoices, and manage subscriptions
• Account Management: Authenticate users with JWT tokens, manage sessions, and secure accounts

2.2 Service Improvement

• Analytics: Understand how users interact with HelpPls to improve features and user experience
• Quality Assurance: Monitor service quality, reviews, and ratings
• Customer Support: Respond to inquiries, troubleshoot issues, and resolve disputes

2.3 Safety and Security

• Fraud Prevention: Detect and prevent fraudulent activity, abuse, and policy violations
• Compliance: Meet legal obligations and enforce our Terms of Service
• Verification: Verify service provider credentials and background checks

2.4 Marketing (with your consent)

• Promotional Communications: Send newsletters, special offers, and product updates
• Personalization: Tailor content and recommendations based on your preferences
• You can opt out anytime via account settings or unsubscribe links

3. How We Share Your Information

We do not sell your personal data. We share information only in these circumstances:

3.1 Service Providers

When you book a service, we share necessary information (name, address, contact info) with the professional you hire. This is essential to deliver the service you requested.

3.2 Third-Party Service Providers

• Google Maps: Address geocoding and map display
• Google Calendar: With your permission, we access your Google Calendar to sync appointments. We store OAuth tokens securely (encrypted) to maintain this connection. You can revoke access anytime via your Google account settings.
• Stripe: Secure payment processing (PCI-compliant)
• Railway: Cloud hosting infrastructure
• Resend: Transactional email delivery service (processes email addresses for account notifications, password resets, and service updates)
• PostHog: Product analytics and usage tracking. We use PostHog to understand how users interact with HelpPls and improve our product. Data is anonymized where possible. You can opt out via account settings or by enabling Do Not Track in your browser.
• Retell AI: AI-powered voice agent platform for inbound and outbound phone calls. When you call our business number or we call you, Retell processes your phone number, voice, call transcript, and any information you provide during the call (name, address, service requests). Call recordings are retained for quality assurance and training purposes.
• Cloudflare Turnstile: Human verification and bot detection on login and signup forms. Processes your IP address and browser characteristics to prevent automated abuse and protect account security.
• Cloudflare CDN: Content delivery network for faster page loading and DDoS protection. Processes IP addresses and request metadata.

3.3 Legal Requirements

We may disclose information if required by law, court order, subpoena, or to:

• Protect our legal rights and property
• Prevent fraud or illegal activity
• Respond to emergencies involving safety or health
• Comply with regulatory investigations

3.4 Business Transfers

If HelpPls is acquired, merged, or sells assets, your information may be transferred to the new entity. We will notify you before your data is subject to a different privacy policy.

4. Data Retention

We retain your data only as long as necessary:

• Active Accounts: Data retained while your account is active
• Deleted Accounts: Personal data deleted within 90 days of account closure (some records retained for legal/tax purposes for up to 7 years)
• Transaction Records: Financial records (invoices, payments) retained for 7 years per tax regulations, with personal identifiers anonymized after account deletion
• Support Tickets: Retained for 2 years to track service quality
• Backups: Data in backups purged within 30 days of deletion from active systems
• Password Reset Tokens: Deleted within 24 hours of expiration or 7 days after use
• Email Verification Tokens: Deleted within 7 days of use or 30 days after expiration
• Call Recordings: Voice call recordings retained for 2 years for quality assurance and training, then permanently deleted
• Audit Logs: Security and access logs retained for 2 years, with user identifiers anonymized upon account deletion

5. Your Privacy Rights

You have the following rights regarding your personal data:

5.1 Access

Request a copy of all personal data we have about you. We'll provide it in a portable format (JSON/CSV) within 30 days.

5.2 Correction

Update or correct inaccurate information through your account settings or by contacting us.

5.3 Deletion

Request deletion of your account and personal data. We'll process this within 30 days, subject to legal retention requirements.

5.4 Data Portability

Receive your data in a machine-readable format to transfer to another service.

5.5 Opt-Out of Marketing

Unsubscribe from promotional emails anytime via the unsubscribe link or account settings. Transactional emails (booking confirmations, etc.) cannot be disabled.

5.6 Do Not Track

We honor browser Do Not Track signals for analytics and advertising tracking (not applicable to essential service functionality).

6. Cookies and Tracking Technologies

HelpPls uses cookies and similar technologies:

6.1 Essential Cookies

• Authentication: JWT tokens stored in localStorage to keep you logged in
• Session Management: Maintain your session across pages
• Security: CSRF protection and secure session handling

6.2 Functional Cookies and Local Storage

• Authentication: JWT tokens stored in localStorage to keep you logged in (expires after 24 hours for security)
• Service Worker Cache: We cache app files (HTML, CSS, JavaScript) and some API responses locally using Cache API to enable offline access and faster loading
• IndexedDB Storage: Your jobs, customers, invoices, estimates, messages, and other business data are stored locally on your device for offline use and automatically sync with our servers when online
• Offline Sync Queue: Changes you make while offline are queued locally and synced when you reconnect to the internet
• Preferences: Your settings (theme, language, location preferences) are stored locally

What's stored locally: Your profile, jobs, customers, invoices, estimates, messages, and app preferences. This data is stored on your device only and syncs with our servers when online.

How to clear: You can clear all local data by logging out and selecting "Clear local data", or use your browser's "Clear browsing data" or "Clear website data" feature. On mobile, you can also clear app data from your device settings.

6.3 Analytics Cookies

• PostHog Analytics: Tracks page views, feature usage, button clicks, and user behavior to help us improve the product
• Cloudflare Turnstile: Sets verification cookies during login/signup to prevent bot attacks
• Usage Analytics: Track page views, feature usage, and performance metrics
• Analytics cookies can be disabled via browser Do Not Track settings without affecting core functionality

6.4 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may prevent HelpPls from functioning properly.

Cookie Consent: By using HelpPls, you consent to our use of essential cookies and local storage required for the service to function (authentication, offline access, preferences). You may opt out of analytics cookies via browser Do Not Track settings without affecting core functionality.

7. Security Measures

We implement industry-standard security practices:

7.1 Data Encryption

• In Transit: All data transmitted over HTTPS/TLS (Transport Layer Security)
• At Rest: Database encryption for sensitive data
• Passwords: Hashed with bcrypt (never stored in plaintext)

7.2 Access Controls

• Authentication: JWT (JSON Web Token) for secure API access
• Authorization: Role-based access control (consumer, provider, admin)
• Admin Access: Multi-factor authentication required for admin accounts

7.3 Infrastructure Security

• Hosting: Railway cloud infrastructure with automatic security updates
• Database: PostgreSQL with encrypted connections and access controls
• Backups: Automated daily backups with encryption
• Monitoring: 24/7 security monitoring and intrusion detection

7.4 Payment Security

• PCI Compliance: Stripe handles all payment processing (PCI-DSS Level 1 certified)
• Tokenization: We never store full credit card numbers

7.5 Data Breach Notification

In the unlikely event of a security incident or data breach that may affect your personal information:

• Notification Timeline: We will notify affected users via email within 72 hours of discovering the breach
• Regulatory Reporting: We will notify relevant authorities (state attorneys general, FTC, data protection authorities) as required by law
• What We'll Tell You: The nature of the breach, what data was affected, steps we're taking to remediate, and recommended actions to protect your account
• Your Actions: If notified of a breach, we recommend immediately changing your password, enabling two-factor authentication (if not already enabled), and monitoring your account for suspicious activity
• Security Contact: Report suspected security issues to [email protected]

8. Children's Privacy

HelpPls is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at [email protected]. We will delete such information within 30 days.

Age Requirement: You must be at least 13 years old to use HelpPls. Service providers must be 18+ to create a professional account.

9. State-Specific Privacy Rights

9.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of categories and specific pieces of personal information collected
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale of personal information (note: we do not sell personal data)
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit: Limit use and disclosure of sensitive personal information

Shine the Light: California residents can request information about data shared with third parties for direct marketing purposes once per year.

9.2 Texas Residents (TDPSA)

If you are a Texas resident, you have rights under the Texas Data Privacy and Security Act:

• Access: Confirm whether we process your personal data and access such data
• Correction: Correct inaccuracies in your personal data
• Deletion: Delete personal data you provided to us
• Portability: Obtain a copy of your personal data in a portable format
• Opt-Out: Opt out of targeted advertising and sale of personal data

9.3 Other U.S. States

Residents of Virginia, Colorado, Connecticut, Utah, and other states with consumer privacy laws have similar rights. Contact us to exercise these rights.

9.4 Exercising State Rights

To exercise your state privacy rights:

• Email: [email protected] with "Privacy Rights Request" in the subject
• Include your state of residence and specific request
• We'll verify your identity and respond within the timeframe required by your state law (typically 45 days)

10. International Data Transfers

HelpPls operates primarily in the United States. If you access our services from outside the U.S., your data may be transferred to and processed in the United States, where data protection laws may differ from your home country.

We implement appropriate safeguards to protect your data in accordance with this Privacy Policy, including:

• Standard contractual clauses for international transfers
• Ensuring third-party processors meet international data protection standards
• Providing transparency about where and how your data is processed

11. Third-Party Links

HelpPls may contain links to third-party websites or services (e.g., service provider websites, Google Maps). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email (to the address on file)
• Display a prominent notice on the HelpPls platform
• For significant changes, request your consent where required by law

Continued use of HelpPls after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

14. Your Consent

By using HelpPls, you consent to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree with this policy, please do not use our services.