Privacy Policy for ER24.io
Last Updated: 4, Nov, 2019
1. Introduction
Welcome to ER24.io ("we," "our," or "us"), operated by Multi-Service Hub. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our emergency repair service marketplace platform.
By using ER24.io, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Information You Provide Directly
Account Registration:
- Email address (required for authentication)
- First and last name
- Phone number
- Password (encrypted and hashed)
- User role (customer, contractor, administrator)
- Profile photo/avatar
Service Requests (Customers):
Service descriptions and problem details
Photos of repair issues
Preferred service date and time
Urgency level
Customer contact preferences
Location information (see Section 2.2)
Contractor Profiles:
Business name and type (sole proprietorship, LLC, etc.)
Business license number
Business address and service area
Tax identification number (encrypted)
Years of experience
Service categories and specializations
Hourly rates and minimum job values
Bank account information (for payments via Stripe Connect)
Professional certifications
Financial Information:
Payment method details (credit/debit cards, bank accounts)
Billing addresses
Transaction history
Note: Full payment card numbers are never stored on our servers; they are securely processed and stored by Stripe, our PCI-DSS compliant payment processor
2.2 Location Information
We collect and process precise location data for service delivery:
Address Data:
Service location addresses (formatted and structured)
Saved addresses with custom labels
GPS coordinates (latitude and longitude)
City, state, and ZIP code information
Real-Time Location Tracking:
Contractor location during active service requests (with consent)
Estimated arrival times based on GPS data
Location history for completed services
You can manage location permissions through your device settings, though some features may be unavailable if location services are disabled.
2.3 Communication Data
Chat Messages:
Messages exchanged between customers and contractors
Message timestamps and read receipts
Attachments (photos, documents up to 12MB)
Location sharing within chat
Notifications:
Notification preferences (email, SMS, push, in-app)
Notification interaction data (viewed, clicked, dismissed)
Delivery status and timestamps
2.4 Automatically Collected Information
Usage Data:
Login timestamps and frequency
IP addresses and device information
Browser type and version
Operating system
Pages visited and features used
Time spent on platform
Referral sources
Device Information:
Device identifiers (for push notifications)
Mobile device model and manufacturer
Mobile operating system version
User agent strings
Cookies and Tracking Technologies:
Session cookies for authentication
Preference cookies for user settings
Analytics cookies (see Section 2.5)
Security cookies for fraud prevention
2.5 Third-Party Data Sources
Google Services:
reCAPTCHA token validation (bot protection)
Google Maps API data for address validation
Google Places API data for contractor business information
Stripe:
Payment verification status
Transaction success/failure data
Fraud detection signals
3. How We Use Your Information
3.1 Service Provision
Matching Services: Connect customers with appropriate contractors based on service type, location, and availability
Communication: Enable messaging between customers and contractors after payment processing
Payment Processing: Facilitate secure payments, refunds, and contractor payouts
Service Tracking: Provide real-time contractor location and job status updates
Quality Assurance: Monitor service quality through ratings and reviews
3.2 Platform Operations
Account Management: Create and maintain user accounts, including guest accounts for unauthenticated users
Authentication: Verify user identity and maintain secure sessions
Transaction Records: Maintain comprehensive audit trails for all financial transactions
Dispute Resolution: Investigate and resolve disputes between users
Fraud Prevention: Detect and prevent fraudulent activity, unauthorized access, and abuse
3.3 Business Operations
Lead Distribution: Manage contractor access to customer service requests through our lead purchase system
Visibility Boosters: Provide enhanced placement services for contractors who purchase boosters
Analytics: Analyze platform usage to improve features and user experience
Marketing: Send service updates, promotional offers, and platform news (with consent)
Compliance: Meet legal obligations and enforce our Terms of Service
3.4 Communications
Transactional Communications (Cannot Opt-Out):
Service request confirmations
Payment receipts and invoices
Account security notifications
Critical service updates
Legal notices
Marketing Communications (Can Opt-Out):
New feature announcements
Promotional offers
Newsletters
Customer surveys
4. How We Share Your Information
4.1 Service Delivery Sharing
With Contractors (After Payment): When a customer selects and pays for a contractor's bid, we unlock and share:
Customer's full name and phone number
Exact service location address
Service request details and photos
Preferred service time
Special instructions
With Customers (After Selection):
Contractor's business name and contact information
Business license and verification status
Ratings and review history
Real-time location during service (with contractor consent)
4.2 Payment Processing
With Stripe (Our Payment Processor):
Payment method information
Transaction amounts and details
Billing addresses
Customer and contractor identities for KYC/AML compliance
Stripe's Role: Stripe acts as a Data Processor under our instruction. Review Stripe's privacy policy at: https://stripe.com/privacy
4.3 Third-Party Service Providers
Google Services:
reCAPTCHA: IP addresses and behavioral data for bot detection
Google Maps/Places API: Location data for address validation and contractor lookup
Resend (Email Service):
Email addresses and names
Transactional email content
Railway (Hosting Infrastructure):
All data stored on our platform (as infrastructure provider)
BullMQ/Redis (Job Queue):
Background task data including notifications and scheduled jobs
4.4 Legal and Safety Requirements
We may disclose your information when required by law or to:
Comply with legal processes, subpoenas, or court orders
Enforce our Terms of Service and other agreements
Protect the rights, property, or safety of ER24.io, our users, or the public
Prevent or investigate fraud, security breaches, or illegal activity
Respond to emergency situations threatening personal safety
4.5 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our platform before your information becomes subject to a different privacy policy.
4.6 With Your Consent
We may share information for purposes not described in this policy when we have your explicit consent.
5. Data Retention
5.1 Active Account Data
We retain your personal information for as long as your account remains active or as needed to provide services.
5.2 Transaction Records
Financial Records: Retained for 7 years to comply with tax laws and financial regulations.
Service Requests: Retained for 3 years after completion for quality assurance and dispute resolution.
5.3 Communication Records
Chat Messages: Retained for 2 years after service completion.
Notifications: Retained for 1 year after delivery.
5.4 Account Deletion
When you delete your account:
Personal identifying information is anonymized within 30 days
Financial transaction records are retained as required by law (see 5.2)
Service history is anonymized but may be retained for statistical analysis
Photos and uploaded content are deleted within 90 days
Guest Accounts: Automatically deleted after 90 days of inactivity if not upgraded to full accounts.
6. Your Privacy Rights
6.1 Access and Portability (CCPA/GDPR)
Right to Know: Request a copy of personal information we hold about you.
Data Portability: Receive your data in a structured, machine-readable format.
How to Request: Email privacy@er24.io with subject "Data Access Request"
6.2 Correction and Update
Right to Correct: Update inaccurate or incomplete personal information.
How to Update: Access your profile settings or contact support@er24.io
6.3 Deletion (Right to be Forgotten)
Right to Delete: Request deletion of your personal information, subject to legal retention requirements.
Exceptions: We may retain data when required by law, to complete transactions, detect fraud, or enforce our Terms of Service.
How to Request: Email privacy@er24.io with subject "Deletion Request"
6.4 Opt-Out Rights
Marketing Communications: Unsubscribe via links in emails or adjust notification preferences in your account settings.
SMS Messages: Reply STOP to any SMS to opt-out.
Push Notifications: Disable through device settings or app preferences.
Sale of Personal Information: We do NOT sell personal information. If this changes, California residents will have the right to opt-out.
6.5 Do Not Track
Our platform does not currently respond to "Do Not Track" browser signals. We use cookies for essential functionality and analytics as described in Section 2.4.
6.6 California Privacy Rights (CCPA)
California residents have additional rights under CCPA:
Disclosure of Information Categories: Request details about personal information collected, used, and shared in the past 12 months.
Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
Authorized Agent: You may designate an authorized agent to make requests on your behalf.
Verification: We may require verification of identity before processing requests to protect your information.
7. Data Security
7.1 Security Measures
Encryption:
All data transmitted using TLS 1.2+ encryption
Passwords hashed using industry-standard algorithms (bcrypt)
Payment data encrypted and tokenized by Stripe
Access Controls:
Role-based access restrictions
Multi-factor authentication for administrative accounts
Regular security audits and penetration testing
Infrastructure:
Secure hosting on Railway with automated backups
Firewalls and intrusion detection systems
Regular security patches and updates
7.2 Payment Security
PCI-DSS Compliance: Our payment processor, Stripe, is certified as a PCI Service Provider Level 1 (the highest level of certification).
Tokenization: Card numbers are never stored on our servers; Stripe provides secure tokens for payment processing.
7.3 Data Breach Response
In the event of a data breach affecting your personal information:
We will notify affected users within 72 hours of discovery
Notification will include nature of breach, data affected, and remediation steps
We will report to appropriate regulatory authorities as required by law
Despite our security measures, no system is 100% secure. Use strong passwords and protect your account credentials.
8. Children's Privacy
ER24.io is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18.
If you are a parent/guardian and believe your child has provided us with personal information, contact privacy@er24.io immediately. We will delete such information within 30 days of verification.
9. International Data Transfers
Primary Operations: ER24.io primarily operates in the United States.
Data Storage: User data is stored on servers located in the United States (Railway infrastructure).
International Users: If you access our services from outside the US, your information will be transferred to, stored, and processed in the United States. By using our services, you consent to this transfer.
Data Protection: We implement appropriate safeguards to protect your information in accordance with this Privacy Policy, regardless of where it is processed.
10. Third-Party Links
Our platform may contain links to third-party websites, services, or applications not operated by us:
We are not responsible for privacy practices of third parties
Review the privacy policies of any third-party services you visit
Examples: Contractor websites, external payment portals, social media platforms
11. Changes to This Privacy Policy
Updates: We may update this Privacy Policy periodically to reflect:
Changes in our practices
New legal requirements
Platform feature additions
User feedback
Notification:
Material changes will be notified via email to registered users
Notice will be posted on our platform homepage
Continued use after changes constitutes acceptance
Effective Date: Changes take effect 30 days after notice, except for legal compliance changes which may be immediate.
12. California "Shine the Light" Law
California residents may request information about third parties with whom we have shared personal information for direct marketing purposes. We do NOT currently share personal information with third parties for their direct marketing purposes.
13. Contact Information
Data Controller
Multi-Service Hub (ER24.io) [Business Address] [City, State ZIP] United States
Privacy Inquiries
Email: privacy@er24.io Subject Line Format: [Request Type] - Privacy Request Response Time: Within 45 days of verified requests
Support
General Support: support@er24.io Phone: [Business Phone] Hours: Monday-Friday, 9AM-6PM EST
14. State-Specific Provisions
14.1 Nevada Residents
Nevada residents may opt-out of the sale of covered personal information. We do NOT sell personal information. For questions, contact privacy@er24.io with subject "Nevada Privacy Rights."
14.2 Virginia Residents (CDPA)
Virginia residents have rights under the Consumer Data Protection Act (CDPA) similar to CCPA rights listed in Section 6.6.
15. Dispute Resolution
Informal Resolution: Contact privacy@er24.io to resolve privacy concerns informally.
Arbitration: Privacy disputes not resolved informally may be subject to binding arbitration as described in our Terms of Service.
Regulatory Complaints: You may also file complaints with:
Federal Trade Commission (FTC): ftc.gov/complaint
California Attorney General (CCPA): oag.ca.gov/privacy/ccpa
Your state's consumer protection office
By using ER24.io, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.