1. Introduction
Welcome to Localee. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.
Localee is a local service marketplace platform that connects customers with service providers in Ireland. By using our services, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
Account Information
When you create an account, we collect:
- Email address
- Full name
- Phone number (optional)
- Profile photo (optional)
- Authentication provider information (email, Google, or Apple)
Profile & Preferences
To provide our services, we may collect:
- Service addresses (for booking purposes)
- Notification preferences (email, SMS, push)
- Booking preferences (preferred times, contact methods)
- Marketing consent preferences
Business Information (For Service Providers)
If you register as a service provider, we also collect:
- Business name and description
- Business address and service areas
- Contact information (phone, email, website)
- Tax identification numbers (VAT, Company Registration)
- VAT-registration status (used to calculate VAT on bookings)
- Business photos and media
- Operating hours and availability
Banking and identity verification (KYC) data — including legal name, date of birth, residential address, government-issued ID documents and bank account details required by Stripe to operate a Stripe Connect account — is collected by Stripe directly. For this data, Stripe is the data controller and Localee only sees a verification status and a tokenised reference. See Stripe's privacy policy at stripe.com/privacy.
Business verification documents — as an online marketplace we must obtain and hold limited trader-identity information (Digital Services Act, Article 30) and report certain seller tax data (DAC7). For Businesses we may collect a copy of photo ID, proof of address, a business/tax registration document (Company Registration number, or PPS number for sole traders), and — where relied upon — an insurance certificate. For this data Localee is the data controller. Legal bases: legal obligation (Art 6(1)(c)) for DSA/DAC7 data, and legitimate interests (Art 6(1)(f)) for safety and trust vetting. We follow data minimisation: wherever possible we verify a document and then delete the underlying image, keeping only the verification outcome (pass/fail, method, date, reviewer, Stripe reference) — not the raw ID. Documents are held in a private, access-controlled store, served only via short-lived links to our review team, and are never shown to customers. Retention is set out in §5.
Transaction Data
When you make or receive bookings, we collect:
- Booking details (date, time, service, price, completion code use)
- Payment records (amounts, fees, transaction IDs, refunds, cancellation fees)
- Service completion photos uploaded by Businesses (retained for 365 days from booking completion as evidence in any dispute)
- Messages between Customers and Businesses
- Reviews and ratings (tied to a completed booking)
- Dispute records and supporting evidence
Usage Data
We automatically collect certain information when you use our platform, including:
- Device information and browser type
- IP address and approximate location
- Pages visited and features used
- Time spent on the platform
3. How We Use Your Information
We use your information to:
- Provide our services: Facilitate bookings, payments, and communication between customers and service providers.
- Process payments: Handle transactions, deposits, refunds, and payouts securely through Stripe.
- Communicate with you: Send booking confirmations, reminders, updates, and support messages.
- Improve our platform: Analyze usage patterns to enhance features and user experience.
- Ensure safety: Verify identities, prevent fraud, and maintain platform security.
- Legal compliance: Meet our legal obligations and respond to legal requests.
- Marketing: Send promotional communications (only with your consent).
4. How We Share Your Information
We share your information with:
Other Users
When you make a booking, relevant information is shared between customers and service providers to facilitate the service (e.g. name, contact details, service address, booking details).
Service Providers (Third-Party Sub-Processors)
We work with the following trusted sub-processors. Each is bound by a data processing agreement and processes data only on our documented instructions, except where the sub-processor is itself a data controller (Stripe, for KYC data — see §2).
- Stripe: Payment processing, Stripe Connect business payouts, KYC and identity verification for Businesses.
- Firebase (Google): Authentication and identity management for end-user accounts.
- Supabase: Database, file storage (including data-export archives and uploaded photos), and infrastructure.
- Resend: Transactional and broadcast email delivery.
- Sentry: Application error monitoring and performance observability. Sentry receives diagnostic information (stack traces, request metadata, and limited user identifiers such as user ID) when errors occur, used solely to debug and improve the Platform.
- Hosting and infrastructure providers (such as Vercel and Railway) used to operate the website and backend services.
Legal Requirements
We may disclose your information if required by law, court order, or government request, or to protect our rights, privacy, safety, or property.
5. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you services. We may also retain certain information as required by law or for legitimate business purposes, such as:
- Transaction and tax records: 7 years (tax and legal requirements)
- Account data: Until account deletion is requested
- Anonymized analytics data: Indefinitely
For Business verification data we apply retention by data type, following data minimisation and storage limitation (GDPR Art 5(1)(c),(e)):
- Photo ID copy (DSA Art 30): kept only for the life of the account and up to 6 months after it closes, then deleted — and wherever possible verified and deleted immediately, or replaced by Stripe's verified-identity check so no raw image is stored.
- Proof of address: preferably not stored — the address is captured as a field and identity/KYC is handled by Stripe; if a document is collected it is verified and then deleted (within ~30 days).
- CRO / tax registration number / PPS number (DAC7 + Irish tax): kept for the life of the account plus 6 years. PPS numbers are access-restricted and collected only for sole traders.
- Insurance certificate: kept while relied upon and for ~6 years after the last booking it covered, so cover can be evidenced if a claim surfaces late.
- Verification outcome & audit log (pass/fail, method, date, Stripe reference, reviewer): kept for the life of the account plus 6 years — this is our long-term record that the checks were carried out, not the documents themselves.
6. Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the right to:
- Access (Article 15): Request a copy of your personal data. Use Privacy & Data → Request my data in your account settings — or in business settings if you own a business — to download a structured archive of every record we hold about you.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your personal data ("right to be forgotten") — use Delete Account in your settings.
- Portability (Article 20): Your archive is delivered as JSON + CSV files in a single ZIP, machine-readable and reusable in any other system.
- Restriction: Request limited processing of your data.
- Object: Object to processing based on legitimate interests or direct marketing.
- Withdraw consent: Withdraw previously given consent at any time.
Data exports are prepared in the background and stay available for 7 days from the email we send you. You'll be asked to re-enter your password before we start, and the download link is gated behind your dashboard — never sent directly so an email forward can't expose your data. To exercise any of the other rights above, please contact us at privacy@localee.ie.
7. Cookies & Similar Technologies
Localee only uses cookies and local browser storage that are strictly necessary to deliver the service you've requested. Because we do not use any analytics, advertising, or tracking cookies, we do not show a cookie consent banner — there is nothing for you to consent to beyond the essentials.
What we use, and why:
- Authentication and session storage — Firebase Auth tokens and our session store are written to your browser's local storage to keep you signed in and to protect your account with security tokens. Without these the Platform cannot function.
- UI preference cookies — a small first-party cookie remembers UI state such as whether the sidebar is open or closed. Single-purpose, no tracking, no identifiers.
- Stripe fraud prevention — Stripe sets its own cookies on pages that load the Stripe SDK to detect and prevent payment fraud. These are considered strictly necessary for the integrity of the payments we are processing on your behalf.
What we do not do:
- No analytics cookies (no Google Analytics, no Plausible, no PostHog, no Mixpanel, no Hotjar, no session replay).
- No advertising or cross-site tracking cookies. No ad-network integrations.
- No selling of cookie or browser data, ever.
Our error-monitoring sub-processor Sentry (see §4) does not use cookies or local storage. It transmits diagnostic information directly when an error occurs.
You can clear or block cookies through your browser settings at any time. Blocking strictly-necessary cookies may sign you out and prevent payments from completing.
8. Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encryption of data in transit and at rest
- Secure authentication mechanisms
- Regular security audits and updates
- Access controls and monitoring
- PCI-DSS compliant payment processing via Stripe
9. Children's Privacy
Localee is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.
11. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
- Email: privacy@localee.ie
- General Support: info.support@localee.ie
