Legal launch draft
Privacy Policy
Important: this document is a product-ready draft for legal review. It should be reviewed by Bulgarian counsel before Sgodno is opened to the public.
1. Controller
Sgodno is operated by „СинерджиСистемс“ ЕООД (SynergySystems EOOD), a company registered in Bulgaria under unified identification code (ЕИК) 207679367, with registered seat and address of management at: ul. „Zlatna Dobrudzha“ No. 7A, ent. A, ap. 17, Krasna Polyana-3, Sofia 1330, Bulgaria. „СинерджиСистемс“ ЕООД is the data controller for personal data processed through the service. For any privacy-related request, you can contact us at [email protected].
2. What we collect
We collect account data such as first name, last name, email address, password hash, Google OAuth identifier where used, phone number, language preference, marketing-consent flag, and account status (active, suspended, deleted). We also collect task posts, bids, tasker profile details, portfolio photos, reviews and star ratings, contact-sharing events, email delivery events, authentication and CSRF-style session cookies, IP addresses, user-agent strings, request timestamps, and aggregate (non-identifying) analytics events. We do not collect special-category data (health, religion, political views, etc.); please do not enter such data into task descriptions, bids, or reviews.
3. Why we use personal data
We use personal data to create and secure accounts, show tasks and bids, operate the marketplace, reveal contact details after a match, send transactional emails, prevent abuse, moderate content, maintain audit logs, improve the product, comply with law, and respond to user requests.
4. Legal bases
We process marketplace and account data for contract performance, because it is necessary to provide the Sgodno service you request. We process security, fraud-prevention, moderation, analytics, and service-improvement data based on legitimate interests. We process optional marketing and non-essential cookies based on consent where required. We process some data where necessary for legal obligations.
5. Contact sharing
After a customer accepts a tasker's bid, each party's phone number is shared with the matched counterparty so they can coordinate the task directly. This sharing is a core feature of the service and is limited to the matched task.
6. Who receives data
We may share data with hosting and infrastructure providers, database and object-storage providers, Cloudflare, Authentik or authentication infrastructure, Brevo or email providers, Plausible or analytics providers, Google OAuth where you choose Google login, professional advisers, and public authorities where legally required. Other users receive only the information needed for marketplace operation, such as public profile details, task details, bids, ratings, and matched contact details.
7. Retention
We apply these retention defaults, subject to longer periods where required for security, legal, audit, or dispute investigation:
- Open or unmatched tasks: archived 90 days after expiry.
- Matched tasks, bids, reviews, audit logs, and contact-sharing records: retained for 2 years from the matched date for dispute resolution and platform-integrity purposes.
- Server and security logs: 30 days, unless retained for an ongoing abuse investigation.
- Account data on deletion: the account is soft-deleted and the name/email are anonymised immediately; ratings, audit history, and aggregate marketplace data remain in anonymised form. Remaining personal data is hard-deleted no later than 12 months after the deletion request.
8. Cookies and analytics
Sgodno uses necessary cookies for login, session security, OAuth state, CSRF-style protections, and cookie preferences, plus a functional cookie that remembers your language choice (Bulgarian or English) for up to one year. Sgodno may use Plausible analytics or a similar privacy-respecting analytics tool to understand aggregate product usage; it is cookieless and sets no cookies. Marketing cookies are not used unless separately disclosed and consented to.
9. Your rights
Subject to legal limits, you may request access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. You may also object to processing based on legitimate interests. We may need to verify your identity before acting on a request.
10. Complaints
You may contact Sgodno first so we can try to resolve your concern. You also have the right to complain to Bulgaria's Commission for Personal Data Protection or another competent EU data protection authority.
11. International transfers
Where personal data is transferred outside the European Economic Area, we rely on adequacy decisions, standard contractual clauses, or another lawful transfer mechanism where required.
12. Security
We use reasonable technical and organisational measures designed to protect personal data, including access controls, encrypted TLS transport, signed session cookies, Argon2id password hashing, infrastructure isolation, encrypted secret storage, daily database backups, and audit practices. No internet service can guarantee absolute security.
13. Data breach notification
In the unlikely event of a personal-data breach likely to result in a risk to your rights and freedoms, we will notify Bulgaria's Commission for Personal Data Protection within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected users directly without undue delay.
14. Children
Sgodno is not intended for users under 18. Users under 18 must not create accounts, post tasks, submit bids, or use the service.
15. Updates
We may update this Privacy Policy as the product, law, or providers change. Material changes will be posted on this page and, where appropriate, notified by email or in-product notice.