Privacy Policy

Last updated: September 30, 2025

1. Introduction

Tascey, Inc. ("Tascey", "we", "us", or "our") operates the website tascey.com and related services (the "Services"). This Privacy Policy describes the categories of information we collect, why we collect it, how we use it, to whom we disclose it, and the rights available to you under applicable laws including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and Pakistan's Personal Data Protection Bill (2023). If you are a resident of a jurisdiction with different data protection obligations, this Policy explains applicable rights and choices.

2. Scope & Applicability

This Policy applies to all personal information we collect through the Services, by email, or through other business interactions. It applies to visitors, registered users, buyers, sellers, contractors, and other third parties who interact with Tascey.

3. Categories of Personal Data We Collect

3.1 Account & Profile Data

• Name, username, email address, phone number, profile photo, biography, skills and portfolio items.

3.2 Transaction & Payment Data

• Billing information, payment instrument details (collected and processed by third-party payment processors), transaction records, invoices and refund history.

3.3 Communications & Support

• Messages sent between users, support inquiries, and recordings or transcripts of calls where applicable.

3.4 Device, Usage & Analytics

• IP addresses, device identifiers, browser type, operating system, pages visited, clicks, referrers and analytics data (collected via cookies and similar technologies).

3.5 Sensitive Categories

We generally do not seek to collect sensitive personal data. If we require any sensitive data (e.g., government ID for verification), we will obtain explicit consent and store/handle it with enhanced protections and limited retention.

4. Legal Bases for Processing (Where Required)

Where applicable under laws such as the GDPR, we rely on the following legal bases to process personal data: your consent; performance of a contract with you; compliance with legal obligations; our legitimate interests (e.g., improving Services, fraud prevention, network and information security) — balanced against your rights and freedoms.

5. How We Use Personal Data

• Provide and maintain the Services, process transactions, manage accounts and communications.
• Authenticate and verify user identities, prevent fraud, enforce Terms of Service and protect the platform and users.
• Personalize user experience and provide recommendations.
• Send transactional messages and marketing communications (you can opt out of marketing emails; we will still send critical account or transaction messages).
• Comply with legal obligations and respond to lawful requests by authorities.

6. Sharing & Disclosure

We may disclose personal data to:

• Service providers: payment processors, hosting providers, analytics services, email delivery services, identity verification, fraud detection, and other vendors who perform services on our behalf under contract.
• Other users: certain information will be visible to other users when you interact (e.g., public profile, public reviews, listings, messages).
• Legal & safety: to comply with laws, respond to legal process, defend legal rights, investigate fraud/abuse, or to protect the safety of Tascey, its users, or the public.
• Business transfers: in connection with a merger, acquisition, sale of assets or bankruptcy — we will notify affected users as required by law.

7. Third-Party Processors & Links

We use reputable third-party processors (e.g., Stripe, PayPal, Google Analytics, email providers). These processors have their own privacy policies and are contractually required to protect your data. Our Services may link to third-party sites; this Policy does not apply to those sites.

8. Cookies, Tracking & Advertising

We use cookies, pixels, local storage and similar technologies for authentication, preferences, analytics, and advertising. You can manage cookie preferences through your browser or device. For more granular controls (advertising opt-outs), follow the links provided in the cookie banner or your device settings.

9. Data Retention & Deletion

We retain personal data as reasonably necessary to provide Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type and lawful basis; for example:

• Account and profile data: retained while the account exists and for a commercially reasonable period after termination for backup, fraud prevention and legal compliance.
• Transactional records: retained for tax, financial and regulatory purposes in accordance with applicable law.
• Support communications and logs: retained for operational purposes and dispute resolution.

If you request deletion, we will delete or anonymize your data unless retention is required by law or legitimate business needs (fraud prevention, dispute resolution, legal obligations).

10. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal data from unauthorized access, disclosure, alteration, and destruction. These measures include encryption in transit (TLS), access controls, vulnerability management, monitoring and incident response procedures. No system is completely secure; absolute security cannot be guaranteed.

11. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will follow applicable laws and notify affected individuals and regulators within required timeframes (e.g., GDPR requires notification within 72 hours where applicable; Pakistan's PDPA draft also contemplates breach notification obligations).

12. International Transfers

Tascey operates globally. Personal data may be transferred to, stored and processed in countries other than your own. We will take steps to ensure appropriate safeguards are in place for cross-border transfers (e.g., standard contractual clauses, other lawful mechanisms) where required. Note Pakistan's PDPA draft contains provisions about cross-border transfers and localization for certain categories of data; where required, we will comply with local transfer restrictions. :contentReference[oaicite:1]{index=1}

13. Children

Our Services are intended for persons aged 13+ (or the local minimum age where higher). We do not knowingly collect personal information from children under the applicable minimum. If you believe a child under the applicable age has provided personal information, contact us and we will delete it where required by law.

14. Your Rights & Choices

Depending on your jurisdiction, you may have certain rights regarding your personal data, including:

• Access: request a copy of personal data we hold about you.
• Correction: request correction of inaccurate data.
• Deletion: request deletion of certain personal data (subject to exceptions).
• Portability: request a machine-readable copy of data you provided.
• Objection & Restriction: object to or request restriction of processing on certain grounds.
• Opt-out of sale: where applicable (e.g., under CCPA-style regimes), opt out of the sale or sharing of personal information for targeted advertising.

To exercise your rights, please contact us at support@tascey.com. We will evaluate and respond in accordance with applicable law. For California residents, you may have additional rights such as the right to non-discrimination for exercising privacy rights. :contentReference[oaicite:2]{index=2}

15. Account Security & User Responsibilities

You are responsible for maintaining the confidentiality of account credentials. You must not use the Services to commit illegal acts, post illegal content, attempt to manipulate ratings/reviews, impersonate others, or engage in fraud. We reserve the right to suspend or terminate accounts that violate our Terms of Service or engage in misuse. We may preserve and disclose your data to law enforcement or in legal proceedings to the extent permitted by law.

16. Misuse, Fraud & Legal Action

Tascey takes misuse, fraud, intellectual property infringement and unlawful conduct seriously. If you engage in prohibited activities (fraud, harassment, illegal content distribution, evasion of sanctions, identity theft, or other abusive behaviour), we may: suspend or terminate accounts, preserve and disclose information to law enforcement, initiate civil or criminal actions, and pursue recovery of damages, injunctive relief and legal costs. These measures are in addition to any rights and remedies under applicable law.

17. Dispute Resolution & Governing Law

This Privacy Policy is governed by the laws of Pakistan and, where applicable, the laws of other jurisdictions for cross-border matters. Where disputes relate to compliance with local privacy laws (e.g., GDPR or CCPA claims), you may have rights to bring claims in those jurisdictions as provided by law. For general disputes, you and Tascey agree to seek good-faith resolution through negotiation, and where necessary, pursue remedies in competent courts as provided by applicable law.

18. Changes to This Policy

We may update this Privacy Policy to reflect legal, regulatory or business changes. If we make material changes, we will provide notice through the Services or by other appropriate means before the change becomes effective. Continued use of the Services after changes indicates acceptance.

19. How to Contact Us

If you have questions, requests, or complaints about this Policy or our data practices, contact:

Note: This Privacy Policy is intended to inform you about our data practices and your rights. It does not create contractual rights beyond our Terms of Service. For tailored legal compliance advice on GDPR, CCPA, Pakistan PDPA or other laws, consider consulting legal counsel.