This Privacy Notice explains how ProsAI ("ProsAI", "we", "us") collects, uses, shares, and protects personal data when you use our website, platform, and related services (the "Services"). It applies to Customers (people requesting services) and Suppliers/Providers (professionals registering on the platform).

1. What personal data we collect

A) Customers (service requesters)

We may collect :

• Identity & contact : name, phone number, email address
• Location : postcode (and/or address if provided)
• Service request data : service category, description/message, preferred times, attachments you upload
• Technical data : IP address, device/browser info, cookies and similar technologies, usage logs

B) Suppliers/Providers (service professionals)

We may collect :

• Identity & business details : business name, contact name, phone number, email address
• Profile & service details : categories/services offered, profile details you provide, service area (postcode district/outward code, radius), availability/preferences (if enabled)
• Technical data : IP address, device/browser info, cookies and similar technologies, usage logs
• Payment method (card on file) : We use a payment provider to collect and store a payment method token. We do not store full card numbers (handled by the payment provider).

C) Data from third parties (where relevant)

We may receive data from :

• Maps/geocoding providers to convert postcodes/addresses into location coordinates
• Authentication providers (e.g., Google/Apple/Facebook) if you choose social login (name/email and basic profile info, as permitted)
• Review platforms (e.g., Yelp) to display public review information where integrated and applicable

2. How we use your data (purposes)

We use personal data to :

• Provide the Services (e.g., accept requests, register suppliers, enable matching/routing by location and category)
• Communicate with you (service updates, account/admin messages, support)
• Operate and improve the platform (troubleshooting, performance, user experience)
• Security and fraud prevention (abuse monitoring, account protection)
• Compliance with legal and regulatory obligations (where applicable)

Lead sharing (Customers → Suppliers) : When a Customer submits a request through the platform, we may share relevant request details with suitable Suppliers to enable them to respond and provide the requested service. This may include contact details, service category, and location/postcode information, depending on the request and routing rules.

3. Lawful bases (UK GDPR)

We process personal data under the following lawful bases :

• Contract : to provide the Services you request or to manage a supplier account
• Legitimate interests : to run and improve our platform, prevent fraud, keep services secure, and support matching/routing (balanced against your rights)
• Consent : where required (e.g., non-essential cookies; marketing where applicable)
• Legal obligation : where we must comply with law (e.g., record-keeping, lawful requests)

4. Who we share data with (processors and recipients)

We may share personal data with :

Service providers (processors) who help us operate the platform, such as :

• Hosting/infrastructure (e.g., DigitalOcean or equivalent)
• Email delivery (e.g., SendGrid or equivalent)
• SMS/communications (e.g., Twilio or equivalent) if enabled
• Payments (e.g., Stripe or equivalent)
• Maps/geocoding (e.g., Google Maps Platform)
• Notifications/monitoring (e.g., Firebase or equivalent) if enabled

• Suppliers/Providers : relevant customer request details may be shared with Suppliers based on platform routing rules.
• Professional advisors (legal/accounting) where necessary
• Authorities where required by law or to protect rights/safety

We do not sell your personal data.

5. International transfers

Some of our service providers may process data outside the UK. Where personal data is transferred internationally, we use appropriate safeguards required by UK data protection law (for example, UK approved contractual clauses such as the International Data Transfer Agreement (IDTA) or other permitted mechanisms).

6. Data retention (how long we keep data)

We keep personal data only as long as necessary for the purposes described above :

• Customer requests/leads : typically up to 24 months from last activity (unless a longer period is needed for legal reasons)
• Supplier accounts : while your account is active, and typically up to 24 months after closure/inactivity
• Payment/financial records : typically up to 7 years where required for accounting/tax compliance
• Security/technical logs : typically up to 12 months (unless needed longer for security investigations)

We may anonymise data and keep it in aggregated form for analytics.

7. Your rights (UK GDPR)

You may have the right to :

• Access your personal data
• Correct inaccurate data
• Request deletion (erasure)
• Restrict processing
• Data portability (in certain cases)
• Object to processing based on legitimate interests
• Withdraw consent (where processing is based on consent)
• Lodge a complaint with the UK Information Commissioner's Office (ICO)

How to exercise your rights (DSAR) : Email [email protected] with the subject line "Privacy Request". We may ask for information to verify your identity.

8. Cookies and similar technologies

We use essential cookies required for the website and platform to function.

We may enable non-essential cookies in the future (for example, analytics). If/when we do, we will :

• provide clear information, and request your consent before placing non-essential cookies, and allow you to manage or withdraw consent.

For details, see our Cookie Policy.

9. Security

We use reasonable technical and organisational measures to protect personal data (e.g., access controls, encryption in transit, and monitoring). No system is completely secure; please use strong passwords and keep account details confidential.

10. Children

Our Services are intended for users aged 18+. We do not knowingly collect personal data from children.

11. Automated decision-making

We may use basic automated logic to route/match requests (e.g., by location and service category).

We do not carry out solely automated decisions that produce legal or similarly significant effects without appropriate safeguards.

12. Changes to this notice

We may update this Privacy Notice from time to time. The latest version will be posted on our website with an updated effective date.