Legal

Privacy Policy

Last updated: July 11, 2026

This page is maintained by the operator of Arriva. Review with legal counsel and update the data-controller entity, retention periods and subprocessor list to match your operating reality before go-live.

1. Data controller

Arriva is the controller of the personal information collected through this service. To contact us about privacy, email support@arrivapro.com.

2. What we collect

  • Account information — name, email, password (hashed), profile photo, role.
  • Expert profile — business name, bio, categories, languages, city, phone/WhatsApp/email, portfolio, references, license number and, if you request verification, an ID document you upload.
  • Client requests — the country, category and details you post when requesting help.
  • Messaging — the content of messages exchanged with other users.
  • Payments — order status and last-4 of the payment method. Full card data is handled by Stripe and never touches our servers.
  • Technical — IP address, device/browser, log data and cookies (see Cookie Policy).

3. How we use it

  • Operate the marketplace — matching, unlocking contacts, messaging, reviews.
  • Process payments and refunds.
  • Verify Expert identity and credentials.
  • Prevent fraud, abuse and violations of our Terms.
  • Send transactional email (receipts, verification, account activity).
  • Comply with legal obligations.

4. Legal bases (GDPR / UK GDPR)

We rely on: contract performance (delivering the service you asked for), legitimate interests (fraud prevention, product improvement), consent (optional analytics/marketing) and legal obligation (tax, accounting).

5. Sharing your information

We share only what's necessary with:

  • Other users — your profile fields you chose to publish. Expert contact details are only shared with Clients after a paid unlock.
  • Subprocessors — Supabase (database & auth), Stripe (payments), Cloudflare (hosting/CDN), an email provider for transactional messages, and a translation provider used by the language switcher.
  • Authorities — where required by valid legal process.

We do not sell your personal information.

6. International transfers

Your data may be processed outside your country of residence, including in the United States and the European Union, under appropriate safeguards such as standard contractual clauses where applicable.

7. Retention

We keep account data while your account is active. On deletion (via Account settings), profile and message content is removed or anonymised within 30 days, except records we must retain for tax, fraud-prevention or legal purposes (typically up to 7 years).

7a. Expert verification documents

When an Expert submits an identification document or professional credential for verification, we store an encrypted copy of that document, a cryptographic hash of the file, and the automated review result in a private, admin-only archive. These records are:

  • Reviewed initially by an automated AI verification check, and — where an issue, dispute or additional verification is required — by authorised Arriva employees.
  • Used only for badge verification, fraud prevention, dispute resolution, and legal defense (including responding to lawful requests or claims involving the Expert or the platform).
  • Retained for the duration of the Expert account and for up to seven (7) years after the account is closed, which is the longest period we may generally need to defend against contract, tort or fraud claims under applicable statutes of limitation. Where a longer period is required by law, or where the record is subject to a legal hold (active investigation, dispute or litigation), we retain it until that obligation ends.
  • Not shared with other users or with the public. We may share them with law-enforcement, regulators, courts, our insurers or our legal counsel where reasonably necessary to comply with law or defend a claim.

Because these records are part of a regulated audit trail, they are excluded from the standard 30-day deletion above; closing your account does not delete verification documents subject to this retention period.

8. Your rights

Depending on your jurisdiction you may have the right to access, correct, port, restrict or delete your personal information, and to object to certain processing. You can exercise many of these directly in Account settings, or by emailing support@arrivapro.com. You can also complain to your local data-protection authority.

9. Security

We use industry-standard technical and organisational controls — encryption in transit, hashed passwords, role-based access to production data and audit logging. No system is perfectly secure; report suspected issues to support@arrivapro.com.

10. Children

Arriva is not intended for anyone under 18 and we do not knowingly collect data from children.

11. Changes

We'll post updates here and, for material changes, notify you in-product or by email.