Privacy Policy

At eXpertsnearme, your privacy is a core value — not an afterthought. We are committed to transparency about what data we collect, how it is used, and how it is protected.

eXpertsnearme is a product of Xperts Tech LLC (a Delaware Limited Liability Company), 8 The Green, Suite B, Dover, Delaware 19901, USA ("we", "us", "our").

We never sell your personal data.
Your messages are encrypted in transit (TLS 1.3) and at rest (AES-256).
We do not proactively read or monetise your messages.
Your data is primarily hosted in Africa for our African user base.

By creating an account and using our platform, you acknowledge that you have read, understood, and agreed to this Privacy Policy. If you do not agree, please do not use our services.

1. Information We Collect

1.1 Account & Profile Data

Full name, email address, and phone number.
Profile photo and biography.
Professional skills, certifications, experience, and work portfolio.

1.2 Location Data

We store only your most recent location to show you nearby experts. No location history or movement trail is ever retained — your location record is simply overwritten each time you update it.

1.3 Device & Usage Data

Device model, OS version, and app version.
Crash reports and performance diagnostics (via anonymised analytics).
General feature-usage patterns (e.g., which screens are visited) — collected in aggregate anonymised form only, never linked to your identity.

1.4 Verification Data (Experts Only)

Government-issued identity documents, only in regions where this feature is offered. Document-based identity verification is not available in all countries. Documents are used solely to confirm your identity, permanently deleted once verification is complete, and only a cryptographic proof of verification is retained.

1.5 Third-Party Sign-In

If you log in through a third-party service (e.g., Google), we receive your basic profile information (name, email, profile photo) in accordance with that service's permissions you grant.

2. Chat & Messaging Data

Your private messages are encrypted in transit (TLS 1.3) and stored encrypted at rest (AES-256). We do not proactively read, scan, analyse, or monetise the content of your messages.

No employee or automated system proactively reads your private chats for any commercial, advertising, or profiling purpose.
Message metadata (timestamps, sender/receiver IDs) may be retained for up to 12 months solely for abuse investigation and platform safety.
When you delete a conversation, it is removed from your view. Upon account deletion, all message data is permanently destroyed within 30 days.
If a message is reported for abuse, our Trust & Safety team may review that specific reported content only in order to take appropriate action.

3. How We Use Your Data & Lawful Bases

We only process your personal data where we have a lawful basis to do so under applicable law (including Art. 6 GDPR):

Performance of contract — to create your account, facilitate connections and communications, and deliver the core services you signed up for.
Legitimate interests — to improve app performance, detect abuse, ensure platform safety, and conduct anonymised analytics that do not override your rights.
Legal obligation — to comply with applicable laws, court orders, and regulatory requirements.
Consent — for identity document verification (where the feature is available) and any purpose not already covered above. You may withdraw consent at any time.

Specifically, we use your data to:

Connect you with nearby, relevant experts and service providers.
Facilitate safe communication and job transactions on the platform.
Send you service-related notifications (job alerts, messages, account activity).
Improve app performance and resolve technical issues.
Verify expert identities to maintain a trusted community.
Detect, prevent, and respond to fraud, abuse, and illegal activity.
Comply with applicable legal and regulatory obligations.

      We do NOT use your data to build advertising profiles, serve third-party ads, or enable behavioural targeting.
    

4. What We Never Do With Your Data

These are explicit pledges — hard lines we will never cross:

We NEVER sell your personal information — including your name, email, phone number, location, or chat data — to any third party, advertiser, or data broker.
We NEVER read the content of your private messages for advertising or profiling purposes.
We NEVER share your data with third parties for their own marketing purposes.
We NEVER build hidden behavioural profiles or sell advertising based on your activity.
We NEVER use your verification documents for any purpose other than establishing your identity.

5. How We Share Your Information

5.1 With Other Users (Limited)

Public profile information (name, photo, skills, ratings) is visible to other users to facilitate connections. Your precise location is never shared publicly — only your general area is used to compute proximity.

5.2 With Trusted Service Providers

Cloud hosting providers, push notification services (e.g., Firebase Cloud Messaging), and identity verification providers — limited to the data explicitly required for each purpose. All service providers are bound by strict data processing agreements and are prohibited from using your data for their own purposes.

5.3 Legal Requirements

We may disclose data if required by law, court order, or to respond to lawful requests from public authorities. We will notify you of such requests whenever legally permitted to do so.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our assets, your data may be transferred to the successor entity. You will be notified via email and/or a prominent in-app notice before your data becomes subject to a different privacy policy.

6. International Data Transfers

eXpertsnearme is operated by Xperts Tech LLC (a Delaware Limited Liability Company). Our primary infrastructure is hosted in Johannesburg, South Africa, keeping your data within the African continent for our African user base.

We aim to keep data processing within Africa wherever possible.
Where cross-border transfers to third countries are necessary (including transfers to the USA), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and adequacy decisions, as required under Chapter V of the GDPR.
By creating an account, you acknowledge that data may be processed in the jurisdictions described in this policy.

You may request a copy of the applicable safeguards by contacting privacy@xpertstech.co.

7. Verification & Sensitive Data

To maintain a trusted and safe community, we may collect and process sensitive personally identifiable information (PII), including government-issued identification documents and biometric data, exclusively for identity verification, safety, and fraud prevention.

Strict Purpose Limitation: Sensitive verification data is strictly confined to verification workflows. It is never sold, shared with third parties for marketing, or used for any purpose other than establishing trust and safety within the platform.
Segregated & Encrypted Storage: Sensitive verification data is isolated from your public profile and stored using military-grade encryption standards at rest, accessible only to authorised personnel and automated verification systems.
Data Minimisation & Retention: Once your identity is successfully verified, raw identification documents are permanently deleted from our active storage. We retain only the necessary cryptographic proofs, verification status, and minimal data required to comply with applicable AML and KYC regulations.
Geographic Availability: Document-based identity verification is only available in countries where we operate this feature in compliance with local data protection and identity verification regulations. This currently applies to users in Ghana, Tanzania, Côte d'Ivoire, and Zambia. Users based in other countries will not be subject to this form of data collection.

8. Data Security & Encryption

We employ a multi-layered security approach combining advanced cryptographic protocols and strict operational procedures to safeguard your information.

Data Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3 (Transport Layer Security).
Data Encryption at Rest: Personal data stored on our servers is encrypted using AES-256 encryption standards.
Messaging Security: All private messaging between users is secured with strong encryption protocols both in transit and at rest. Access to message content is strictly limited by role-based access controls.
Secure Infrastructure: Our platform runs on ISO-certified data centres with automated threat detection, regular security audits, and strict role-based access controls (RBAC).
Incident Response: In the event of a personal data breach that affects your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by applicable law, including the GDPR.

9. Data Retention

Account Data: Retained for as long as your account is active or as needed to provide our services.
Account Deletion: Upon deletion, a 30-day recovery grace period applies, after which all personal data is permanently and irreversibly destroyed.
Chat Messages: May be retained for up to 12 months for platform safety purposes only.
Location Data: Your most recent location is overwritten on each update. No historical location trail is stored.
Verification Documents: Deleted upon successful verification; only a cryptographic proof is retained for KYC/AML compliance.
Legal Retention: Certain data may be retained longer where required by law (e.g., anti-money laundering regulations, tax obligations, or court orders).

10. Your Rights & Controls

Depending on your country of residence, you may have the following rights under applicable laws (including NDPR, POPIA, Kenya Data Protection Act, GDPR, and CCPA):

Right of Access: Request a copy of your personal data via the "Export My Data" option in account settings.
Right to Rectification: Update or correct inaccurate information via your profile settings at any time.
Right to Erasure ("Right to be Forgotten"): Request permanent deletion of your account and all associated data. We action this within 30 days.
Right to Restriction of Processing: Limit how we process your data while a dispute is resolved.
Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format via the data export feature.
Right to Object: Object to processing based on legitimate interests. We will stop unless we demonstrate compelling legitimate grounds that override your rights.
Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time without affecting prior lawful processing.
Rights Related to Automated Decision-Making: We do not make solely automated decisions about you that produce legal or similarly significant effects.

To exercise any of these rights, email us at privacy@xpertstech.co. We will respond within 30 days (or within 1 month for GDPR requests, with a possible 2-month extension for complex requests).

11. Children's Privacy

eXpertsnearme is designed for users 18 years and older.

Users Aged 13–17: May only use the platform with explicit, verifiable parental consent and under direct supervision.
Prohibition for Under 13s: We do not knowingly collect personal data from or allow account creation for children under the age of 13. Any account found to belong to an under-13 user will be immediately terminated and all data permanently deleted.
Parental Requests: Parents or guardians who believe their child under 13 has provided us with personal information should contact us immediately at privacy@xpertstech.co.

12. Analytics & Tracking

We use minimal, privacy-respecting analytics to understand app performance and improve your experience.

Analytics data is collected in anonymised, aggregated form and cannot be linked back to you personally.
We do not use third-party advertising SDKs or tracking pixels.
Crash reporting tools may collect anonymised device information when the app crashes.

We do not use cookies or trackers to follow you across other apps or websites for advertising purposes. Our website (xpertstech.co) may use standard web cookies for session management only — you can control these through your browser settings.

13. Third-Party Links & Services

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party services you interact with.

14. Right to Lodge a Complaint

If you are located in the European Economic Area (EEA) or the United Kingdom and believe we have not handled your personal data in accordance with the GDPR or UK GDPR, you have the right to lodge a complaint with your local supervisory authority.

EEA residents: Contact the data protection authority in your EU member state. A full list is available at edpb.europa.eu.
UK residents: Contact the Information Commissioner's Office (ICO) at ico.org.uk.
African users: You may also contact your national data protection authority (e.g., NITDA in Nigeria, Information Regulator in South Africa, ODPC in Kenya).

We would always prefer the opportunity to address your concern first — please contact privacy@xpertstech.co before filing a complaint.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically. When we make material changes, we will notify you via in-app notification and email at least 14 days before the changes take effect.

The "Last Updated" date at the top of this policy will always reflect the most recent revision. Your continued use of the app after changes take effect constitutes your acceptance.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

📧 Privacy inquiries: privacy@xpertstech.co
📧 General support: support@xpertsnearme.com
📞 Phone: +1 (774) 446-3887
📍 Postal address: Xperts Tech LLC, 8 The Green, Suite B, Dover, Delaware 19901, USA

We aim to respond to all privacy-related requests within 30 days.

Privacy & Legal