Privacy Policy

Last Updated: January 8, 2026

Table of Contents

  1. Introduction
  2. Information We Collect
  3. How We Use Your Information
  4. Information Sharing and Disclosure
  5. Data Retention
  6. Data Security
  7. Your Privacy Rights
  8. Cookies and Tracking Technologies
  9. Mobile Applications
  10. International Data Transfers
  11. Children's Privacy
  12. California Privacy Rights (CCPA)
  13. European Privacy Rights (GDPR)
  14. Changes to This Policy
  15. Contact Us

1. Introduction

Welcome to PaintContract. This Privacy Policy explains how PaintContract, Inc. ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you use our platform, including our website and mobile applications (iOS and Android).

We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy complies with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Important: By using our Service, you consent to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide when using our Service:

Account Information:

  • Name, email address, phone number
  • Username and password
  • Profile photo
  • Business information (for Company accounts)
  • Professional credentials and certifications

Verification Information (KYC):

  • Government-issued ID (driver's license, passport)
  • Social Security Number or Tax ID
  • Proof of address documents
  • Video verification recordings
  • Professional licenses and insurance certificates
  • Background check authorizations

Portfolio and Project Information:

  • Work samples, photos, and descriptions
  • Project listings and proposals
  • Skills, experience, and specializations
  • Reviews and ratings

Financial Information:

  • Payment method details (credit/debit card, bank account)
  • Cryptocurrency wallet addresses
  • Transaction history
  • Tax documentation (W-9, W-8BEN, etc.)

Communications:

  • Messages sent through our platform
  • Support inquiries and correspondence
  • Feedback and survey responses

2.2 Information Collected Automatically

Device and Usage Information:

  • IP address and geolocation data
  • Device type, operating system, browser type
  • Unique device identifiers (UDID, advertising ID)
  • Pages visited, features used, time spent on platform
  • Referral sources and search queries
  • App performance and crash data

Mobile App Permissions:

  • Camera: For uploading portfolio images and video verification
  • Photo Library: For selecting and uploading images
  • Location: For finding nearby projects and Workers (optional)
  • Notifications: For alerts about messages, milestones, and updates
  • Microphone: For video verification
  • Storage: For caching data and offline functionality

Cookies and Tracking Technologies:

  • Session cookies for authentication
  • Persistent cookies for preferences
  • Analytics cookies (Google Analytics, Mixpanel)
  • Advertising cookies (where applicable)

2.3 Information from Third Parties

  • Social media profile information (if you connect accounts)
  • Identity verification data from KYC providers
  • Payment processing information from Stripe, NOWPayments
  • Background check results from screening services
  • Professional license verification data
  • Public records and databases

3. How We Use Your Information

We use your information for the following purposes:

3.1 Providing and Improving Services

  • Creating and managing your account
  • Facilitating connections between Workers and Companies
  • Processing payments and escrow transactions
  • Displaying portfolios and project listings
  • Enabling messaging and communication
  • Providing customer support
  • Improving platform features and user experience
  • Conducting research and analytics

3.2 Safety and Security

  • Verifying identities and preventing fraud
  • Detecting and preventing prohibited activities
  • Enforcing our Terms of Service
  • Protecting against security threats
  • Conducting risk assessments
  • Maintaining trust scores

3.3 Legal and Compliance

  • Complying with legal obligations (KYC/AML, tax reporting)
  • Responding to legal requests and court orders
  • Protecting our legal rights
  • Resolving disputes

3.4 Marketing and Communications

  • Sending transactional emails (confirmations, receipts)
  • Providing platform updates and notifications
  • Sending marketing communications (with consent)
  • Conducting surveys and requesting feedback

3.5 Business Operations

  • Processing business transactions and partnerships
  • Preparing financial reports and audits
  • Managing corporate transactions (mergers, acquisitions)

4. Information Sharing and Disclosure

We share your information in the following circumstances:

4.1 With Other Users

  • Public Profile Information: Name, photo, portfolio, ratings, and reviews are visible to all users
  • Project Information: Companies see Worker profiles when matching; Workers see Company profiles when applying
  • Transaction Details: Both parties see project details, milestones, and payment information
  • Messages: Communications between parties are private but stored on our servers

4.2 Service Providers and Partners

We share information with trusted third-party service providers who help us operate our platform:

Service Provider Purpose Data Shared
Supabase Database hosting and authentication All account and platform data
Stripe Payment processing Payment information, transaction details
NOWPayments Cryptocurrency payments Wallet addresses, transaction amounts
Resend Email delivery Email addresses, message content
Google Analytics Usage analytics Anonymized usage data, device info
KYC Providers Identity verification ID documents, verification data
AWS/Cloud Providers Infrastructure and storage All platform data (encrypted)

4.3 Legal Requirements

We may disclose your information when required by law or to:

  • Comply with legal process (subpoenas, warrants)
  • Enforce our Terms of Service
  • Protect our rights, property, or safety
  • Protect the rights, property, or safety of others
  • Prevent fraud or security threats
  • Cooperate with law enforcement

4.4 Business Transfers

If PaintContract is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

4.5 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Retention

We retain your information for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations (typically 7 years for financial records)
  • Resolve disputes and enforce agreements
  • Maintain security and prevent fraud

Retention Periods:

  • Account Information: Duration of account plus 90 days after closure
  • Transaction Records: 7 years for tax and legal compliance
  • KYC Documents: 5 years after account closure
  • Messages: 2 years or until account deletion
  • Analytics Data: 26 months (Google Analytics default)
  • Backup Data: 30-90 days in encrypted backups

After retention periods expire, we securely delete or anonymize your information.

6. Data Security

We implement industry-standard security measures to protect your information:

Technical Safeguards:

  • Encryption: All data in transit uses TLS 1.3; data at rest is AES-256 encrypted
  • Secure Authentication: Password hashing with bcrypt, optional two-factor authentication
  • Access Controls: Role-based access, principle of least privilege
  • Network Security: Firewalls, intrusion detection, DDoS protection
  • Secure Development: Code reviews, security testing, vulnerability scanning

Organizational Safeguards:

  • Employee training on data protection
  • Confidentiality agreements with staff and contractors
  • Regular security audits and assessments
  • Incident response procedures
  • Data breach notification protocols

Physical Safeguards:

  • Secure data center facilities (SOC 2 certified)
  • Redundant infrastructure and backups
  • Disaster recovery plans
Security Note: While we use reasonable security measures, no method of transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

7. Your Privacy Rights

You have the following rights regarding your personal information:

7.1 Access and Portability

  • Access: Request a copy of your personal information
  • Portability: Receive your data in a structured, machine-readable format
  • Download: Export your profile, portfolio, and transaction history

7.2 Correction and Update

  • Update your account information through your profile settings
  • Correct inaccurate or incomplete information
  • Request verification data updates (may require re-verification)

7.3 Deletion and Erasure

  • Account Deletion: Close your account and request data deletion
  • Right to be Forgotten: Request erasure of personal data (subject to legal retention requirements)
  • Exceptions: We may retain data for legal compliance, fraud prevention, or dispute resolution

7.4 Restriction and Objection

  • Restrict Processing: Limit how we use your data in certain circumstances
  • Object to Processing: Object to processing based on legitimate interests
  • Opt-Out: Unsubscribe from marketing communications (transactional emails continue)

7.5 Withdraw Consent

Where we process data based on consent, you may withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

7.6 Exercising Your Rights

To exercise these rights, contact us at privacy@paintcontract.com or through your account settings. We will respond within 30 days (45 days for complex requests).

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

Types of Cookies:

Essential Cookies (Required):

  • Session management and authentication
  • Security and fraud prevention
  • Load balancing and performance

Functional Cookies:

  • Language and region preferences
  • User interface customization
  • Feature preferences

Analytics Cookies:

  • Google Analytics (usage statistics)
  • Performance monitoring
  • Error tracking (Sentry)

Marketing Cookies (With Consent):

  • Advertising campaign tracking
  • Retargeting and personalization
  • Social media integration

Managing Cookies:

You can control cookies through:

  • Browser Settings: Block or delete cookies in your browser
  • Cookie Banner: Manage preferences through our cookie consent banner
  • Opt-Out Tools: Use industry opt-out tools (NAI, DAA)

Note: Disabling essential cookies may limit platform functionality.

9. Mobile Applications

Our iOS and Android applications collect additional information:

9.1 App Permissions

Our apps request the following permissions:

Permission Purpose Required?
Camera Portfolio photos, video KYC verification Yes (for KYC)
Photo Library Upload existing portfolio images Yes
Location Find nearby projects/Workers, location-based matching Optional
Notifications Messages, milestone updates, payment alerts Optional
Microphone Video verification audio Yes (for video KYC)
Storage Cache data, offline functionality Yes

9.2 Mobile Analytics

  • App crashes and errors (Sentry, Firebase Crashlytics)
  • Feature usage and navigation patterns
  • Device and OS information
  • App performance metrics

9.3 Push Notifications

We send push notifications for:

  • New messages and chat updates
  • Project milestones and payments
  • Security alerts
  • Platform updates
  • Marketing (with consent)

You can manage notification preferences in your device settings or app settings.

9.4 App-Specific Data

  • Device Identifiers: IDFA (iOS), Advertising ID (Android)
  • App Version: For compatibility and support
  • Installation Source: App Store vs. direct download

10. International Data Transfers

PaintContract is based in the United States. If you access our Service from outside the U.S., your information will be transferred to and processed in the United States.

10.1 Legal Basis for Transfers

We rely on the following mechanisms for international transfers:

  • Consent: Your explicit consent to transfer data
  • Contractual Necessity: Transfer necessary to perform our contract with you
  • Standard Contractual Clauses: EU-approved data transfer agreements
  • Adequacy Decisions: Transfers to countries with adequate data protection (where applicable)

10.2 Data Protection Standards

We ensure that all international transfers maintain appropriate data protection safeguards equivalent to those required by GDPR and other applicable laws.

10.3 Third-Country Transfers

Some service providers may store or process data outside the U.S. We ensure these providers maintain adequate protection through:

  • Privacy Shield certification (where applicable)
  • Standard Contractual Clauses
  • Binding Corporate Rules
  • Adequacy decisions

11. Children's Privacy

PaintContract is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@paintcontract.com. We will delete such information from our systems.

If we become aware that we have collected information from a child under 18 without parental consent, we will take steps to delete that information promptly.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

12.1 Right to Know

You have the right to request:

  • Categories of personal information collected
  • Specific pieces of personal information we hold
  • Categories of sources from which information was collected
  • Business purposes for collecting or selling information
  • Categories of third parties with whom we share information

12.2 Right to Delete

You can request deletion of your personal information, subject to certain exceptions (legal obligations, fraud prevention, security, etc.).

12.3 Right to Opt-Out

We do not sell your personal information. If this changes, we will provide a clear "Do Not Sell My Personal Information" link and honor opt-out requests.

12.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. You will not receive different prices, rates, or quality of service.

12.5 Authorized Agent

You may designate an authorized agent to submit requests on your behalf. The agent must provide proof of authorization.

12.6 Verification

To protect your privacy, we verify your identity before processing requests. This may require:

  • Matching information you provide with information in our records
  • Requiring account login
  • Additional verification for sensitive requests

12.7 California "Shine the Light" Law

California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. Contact privacy@paintcontract.com for such requests.

13. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

13.1 Legal Basis for Processing

We process your data based on:

  • Contractual Necessity: To perform our contract with you (account services, payments, etc.)
  • Legitimate Interests: Fraud prevention, security, platform improvement
  • Legal Obligations: KYC/AML compliance, tax reporting
  • Consent: Marketing communications, optional features

13.2 Your Rights Under GDPR

  • Right of Access: Obtain confirmation and copy of your data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive data in portable format
  • Right to Object: Object to processing based on legitimate interests
  • Rights Related to Automated Decision-Making: Object to solely automated decisions

13.3 Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer:

Email: dpo@paintcontract.com

13.4 Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

13.5 Automated Decision-Making

We use automated systems for:

  • Trust scoring and fraud detection
  • Project matching recommendations
  • Risk assessment

You have the right to request human review of automated decisions that significantly affect you.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in:

  • Our data practices
  • Legal requirements
  • Platform features and services
  • Technology and security measures

Notice of Changes:

When we make material changes, we will:

  • Update the "Last Updated" date at the top
  • Notify you via email to your registered address
  • Display a prominent notice on our platform
  • For significant changes, request your consent

Effective Date:

Changes become effective 30 days after notice for material changes, or immediately for non-material updates or legal requirements.

Review Policy:

We encourage you to review this policy periodically. Continued use after changes constitutes acceptance, unless consent is explicitly required.

15. Contact Us

PaintContract, Inc.

Privacy Inquiries: privacy@paintcontract.com

Data Protection Officer (DPO): dpo@paintcontract.com

CCPA Requests: ccpa@paintcontract.com

GDPR Requests: gdpr@paintcontract.com

General Support: support@paintcontract.com

Mailing Address:
PaintContract, Inc.
Attn: Privacy Department
[Street Address]
[City, State ZIP]
United States

Response Time: We respond to privacy requests within 30 days (45 days for complex requests).