Who We Are (Data Controller)

Dirbsy, a company registered in Lithuania, with its registered office at Laisvės al. 38a-14, 44240 Kaunas, Lithuania, is the data controller for the personal data processed through the Dirbsy mobile and web application (the "Service"). You can reach us at rokas@balticlabs.dev or by post at the address above.

Data‑Protection Officer (DPO)

We have appointed a Data‑Protection Officer you may contact on all privacy matters at rokas@balticlabs.dev.

Legal Bases For Processing

Information We Collect

• Account data: name, email address, phone number, profile photo
• Payment details: IBAN (processed securely by Stripe)
• Communications: in‑app chat, support tickets
• Usage data: pages/screens viewed, search queries, gig requests, timestamps
• Device data: IP address, device model, OS, app version
• Location data: precise or approximate GPS (only with permission)
• Third‑party login info: Google, Facebook etc. if you connect via those services

Retention Periods

We keep your data only as long as needed for each purpose:

• Account & profile: until you delete the account + 6 months backup grace.
• Task & payment records: 10 years (tax/VAT laws).
• Chat messages: 3 years after task completion.
• Marketing consents: until withdrawn (or 3 years of inactivity).

Your Rights & How to Exercise Them

You may request access, rectification, erasure, restriction, data portability, or object to processing at any time. Submit requests via the in‑app privacy centre or e‑mail rokas@balticlabs.dev. We will respond within 30 days.

Automated Decision‑Making & Profiling

We use automated systems to generate fraud‑risk scores and to rank Workers in search results. These do not have legal or similarly significant effects. You can request human review of any decision you feel adversely affects you.

Cookies & Tracking Technologies

Dirbsy uses first‑party and third‑party cookies and mobile SDKs for core functionality, analytics, and marketing. Non‑essential cookies/SKDs load only after you provide explicit consent in our cookie banner. Details are set out in our separate Cookie Policy.

International Transfers & Safeguards

Some providers (e.g. AWS, Stripe) are located outside the EEA. Where a country has no adequacy decision, we rely on EU Standard Contractual Clauses and supplementary measures (encryption, minimisation) to protect your data.

How We Share Your Information

• Service providers (payments, messaging, hosting, analytics) bound by contracts.
• Other users: name, photo, rating & completed tasks shown to task posters/workers.
• Business transfers: if we merge or sell assets, we will inform you before any data transfer.
• Legal & compliance: to courts, regulators, or tax authorities as required by law.

Data Security

We apply TLS encryption in transit, AES‑256 encryption at rest, least‑privilege access, and regular penetration testing. In the event of a breach we notify affected users and regulators within 72 hours.

Children

The Service is not directed to children under 13 and we do not knowingly process their personal data. Parents who believe a child has provided us information may contact us for deletion.

Digital Services Act (DSA) Notice‑and‑Action & Transparency

Pursuant to Regulation (EU) 2022/2065 we provide (i) user contact point at rokas@balticlabs.dev, (ii) authority contact point at rokas@balticlabs.dev, and (iii) an in‑app form to flag allegedly illegal content or services. Suspended users receive a reasoned statement and may appeal.

Supervisory Authority & Complaints

You have the right to lodge a complaint with the Estonian Data Protection Inspectorate or your local EU supervisory authority.

Changes to this Policy

We may update this Privacy Policy from time to time. When we do, we will post the revision date above and, where required, notify you through the app or by e‑mail.

Contact

For any questions about this Policy or your data, e‑mail rokas@balticlabs.dev or write to Dirbsy, Laisvės al. 38a-14, 44240 Kaunas, Lithuania.