Privacy Policy
This Privacy Policy explains how Casayuda, Inc. (“Casayuda,” “we,” “us”) collects, uses, discloses, and protects personal information when you use casayuda.co or our related services (the “Platform”). It applies to clients, workers, and visitors. This Policy is incorporated into and forms part of our Terms of Service. By using the Platform you consent to the practices described here.
1. Who is responsible for your data
Casayuda, Inc., a Delaware corporation, is the controller for personal information collected through the Platform. You can reach our privacy team at info@casayuda.co.
2. Information we collect
Account & contact: name, email, phone/WhatsApp, password hash. Profile: photos, neighborhood, language, biographical info, ratings, reviews. Worker-only: government ID (cédula or passport), date of birth, references, background-check results, banking or payment-payout details (collected by our processor). Booking: service requested, date/time, location, budget, messages exchanged on the Platform. Payments: payment-method tokens (we do not store card numbers — Stripe does), billing address, transaction history. Device & usage: IP address, browser, device identifiers, pages visited, clicks, language and currency preferences, approximate location derived from IP. Communications: emails, support tickets, recordings of calls if you call our support line. Cookies and similar technologies (see Section 8).
3. How we collect it
Directly from you (when you sign up, fill forms, communicate with us or other users), automatically (when you use the Platform — cookies, device data, log files), and from third parties (background-check vendors, payment processors, analytics providers, identity-verification partners, fraud-prevention services, and people who refer you).
4. How we use information (purposes & legal bases)
We use information to: (a) provide, maintain, and improve the Platform; (b) verify worker identities and run background checks; (c) match clients with workers; (d) process bookings and payments; (e) send transactional notifications by email, SMS, and WhatsApp; (f) send marketing communications you have opted into; (g) prevent fraud, abuse, and illegal activity; (h) comply with legal obligations and enforce our Terms; (i) conduct analytics and product research; (j) personalize the experience (e.g., language, currency, recommendations). For users in jurisdictions requiring a legal basis (e.g., EU/UK GDPR, Colombian Law 1581/2012), we rely on contract performance, legal obligation, legitimate interests (fraud prevention, product improvement), and consent (marketing, optional cookies).
5. What we show publicly
Worker public profiles show: first name and last initial, profile photo, headline, bio, service tags, neighborhoods served, languages, displayed rates, ratings, and reviews. We never publicly display ID numbers (cédula/passport), full date of birth, home address, phone number, or email. Reviews you post are visible alongside your first name and last initial.
6. Sharing & disclosure
We share personal information with: (a) other Platform users — Worker contact info is shared with the Client only after a booking is confirmed and vice versa; (b) service providers acting under contract (Supabase for hosting and database, Resend for email, Stripe for payments, WhatsApp/Twilio for messaging, mapping providers, analytics, customer support, identity-verification and background-check vendors); (c) professional advisors (lawyers, auditors, insurers); (d) authorities, when required by law, subpoena, or to protect rights or safety; (e) parties to a merger, acquisition, financing, or sale of assets, in which case we will require the recipient to honor this Policy. We do not sell personal information for money. We do not “share” personal information for cross-context behavioral advertising as defined by California law.
7. International transfers
Casayuda is operated from the United States. If you access the Platform from outside the U.S., your information will be transferred to, stored, and processed in the U.S. and other countries where our service providers operate, which may have data-protection laws different from those of your country. We use appropriate safeguards (such as Standard Contractual Clauses where applicable) for cross-border transfers from the EU/UK and Colombia.
8. Cookies and similar technologies
We use strictly-necessary cookies for login sessions, language and currency preferences, security, and fraud prevention. We use functional cookies for usability and analytics cookies (privacy-respecting, no cross-site tracking) to understand aggregated usage. We do not use third-party advertising cookies. You can manage cookies through your browser. Where required (EU/UK), we will request consent before setting non-essential cookies.
9. Retention
We retain personal information for as long as your account is active and as needed to provide the Platform. After account closure, we retain limited records to comply with legal, tax, accounting, and dispute-resolution obligations (typically up to 7 years for financial records, longer where required), to enforce our Terms, and to prevent fraud. Anonymized or aggregated data may be retained indefinitely.
10. Security
We use industry-standard encryption in transit (TLS) and at rest, role-based access controls, audit logging, and vendor due diligence. Sensitive documents (e.g., cédula photos) are stored separately and accessible only to authorized vetting staff. No system is perfectly secure; you must protect your password and notify us promptly of any suspected unauthorized access. If a breach affects your personal information, we will notify you and applicable regulators as required by law.
11. Your rights — U.S. state laws (CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA)
Depending on the U.S. state where you reside (California, Virginia, Colorado, Connecticut, Utah, and others as enacted), you may have the right to: (a) know what personal information we collect, use, and disclose; (b) access a copy of your information in a portable format; (c) correct inaccurate information; (d) delete information, subject to legal exceptions; (e) opt out of the sale or sharing of personal information for cross-context behavioral advertising — note we do not engage in either; (f) limit use of sensitive personal information; (g) appeal a denial of a privacy request; and (h) be free from discrimination for exercising your rights. To exercise rights, email info@casayuda.co with the subject “Privacy Rights Request.” We will verify your identity before responding. Authorized agents must provide written authorization. We will respond within 45 days and may extend once by 45 days where reasonably necessary. California minors under 16 will not have personal information sold or shared without opt-in consent.
12. Your rights — EU/UK GDPR
If you are in the EU/UK, you have rights to access, rectify, erase, restrict, object, data portability, and withdraw consent at any time. You may lodge a complaint with your supervisory authority. To exercise rights, email info@casayuda.co. Our legal bases are described in Section 4.
13. Your rights — Colombia (Law 1581/2012, Decree 1377/2013)
If your data is treated under Colombian law, you have rights of access (consulta), correction, update, deletion, and revocation of consent (habeas data). You may also file a complaint with the Superintendencia de Industria y Comercio (SIC). To exercise your rights, email info@casayuda.co. We will respond within 10 business days for consultations and 15 business days for complaints, extendable as permitted by law.
14. Sale & sharing — “Do Not Sell or Share”
Casayuda does not sell personal information for monetary consideration and does not share personal information for cross-context behavioral advertising. To submit a Do Not Sell or Share request anyway, email info@casayuda.co with the subject “Do Not Sell Request.” We honor Global Privacy Control (GPC) signals where required by law.
15. Children's privacy
The Platform is intended for users 18 and older. Consistent with the U.S. Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13, and we do not knowingly allow children under 18 to use the Platform. If you believe we have collected information from a child, contact info@casayuda.co and we will delete it.
16. Communications and SMS/WhatsApp
By providing your phone number you consent to receive transactional and service-related communications from Casayuda by SMS, WhatsApp, and email, including booking confirmations, reminders, security alerts, and verification codes. Standard message and data rates may apply. You can opt out of marketing messages at any time by replying STOP to a marketing SMS, clicking unsubscribe in any marketing email, or by updating notification preferences in Settings. Transactional messages are necessary for the Platform and cannot be opted out of without closing your account.
17. Third-party links
The Platform may contain links to third-party websites and services. We are not responsible for their privacy practices. Review their policies before providing them information.
18. Changes to this Policy
We may update this Policy. Material changes take effect 30 days after we post the updated Policy on the Platform or notify you by email, whichever is earlier; non-material changes are effective when posted. Continued use after the effective date constitutes acceptance.
19. Contact
Questions, rights requests, or complaints about your privacy? Reach us at info@casayuda.co. Our mailing address: Casayuda, Inc., Privacy Team, [Insert U.S. mailing address]. EU/UK users may also contact our representative through the same email.