Last updated: April 27, 2026

Privacy Policy

Cerca ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and share information when you use the Cerca mobile application ("App").

1. Information We Collect

Account information. When you register, we collect your name, email address, and the role you select (customer, provider, or both).

Profile information. Providers may optionally provide a business name, bio, city and state, phone number, service listings, portfolio photos, and before/after transformation images.

Payment information. All payment data (card numbers, bank account details) is collected and stored directly by Stripe. Cerca does not store full payment card information on our servers. We store Stripe payment intent IDs and payout account identifiers to manage bookings and payouts.

Booking and messaging data. We store booking requests, booking status, scheduled dates, service names, amounts paid, and messages exchanged between Customers and Providers through the App.

Location data. We use the city and state you provide in your profile to match you with nearby services. We do not collect your precise GPS location in the background.

Device and usage data. We collect push notification device tokens to send you booking and message alerts. We may collect basic usage analytics (feature interactions, error logs) to improve the App.

User-submitted feedback. If you submit feedback through the App, we store the message and its category (suggestion, bug report, or other).

2. How We Use Your Information

  • To create and manage your account
  • To facilitate bookings between Customers and Providers
  • To process deposits, final payments, and tips through Stripe
  • To issue automatic refunds when a Provider cancels a paid booking
  • To send push notifications for new bookings, booking status changes, and messages
  • To display Provider profiles and reviews to Customers searching for services
  • To generate referral tracking and promo code attribution
  • To respond to support inquiries and investigate disputes
  • To improve and maintain the App

3. Information Sharing

We do not sell your personal information. We share information only in the following circumstances:

Stripe

Payment processing, identity verification (KYC), and provider payouts via Stripe Connect Express.

stripe.com/privacy

Supabase

Database hosting, authentication, and file storage (profile photos, portfolio images).

supabase.com/privacy

Apple

Push notifications (APNs) and in-app subscription billing (StoreKit).

apple.com/legal/privacy

We may also disclose information if required by law, to enforce our Terms of Service, or to protect the rights, property, or safety of Cerca, our users, or the public.

Provider public profiles (name, business name, city, bio, services, photos, and reviews) are visible to all App users and may be indexed by search engines via public profile URLs.

4. Data Retention

We retain your account information and booking history for as long as your account is active. If you delete your account through the App, we delete your profile, bookings, and messages within 30 days, except where retention is required by law or for dispute resolution.

5. Your Rights

You may access, correct, or delete your personal information at any time through the App's profile settings. To delete your account and all associated data, use the "Delete My Account" option in the Profile screen. For additional requests or questions, contact us at legal@app-cerca.com.

California residents (CCPA/CPRA). Under the California Consumer Privacy Act, California residents have the following rights:

  • Right to know. You may request disclosure of the categories and specific pieces of personal information we have collected about you, the purposes for which it is used, and the categories of third parties with whom it is shared.
  • Right to delete. You may request deletion of your personal information, subject to certain exceptions (e.g., information needed to complete a transaction or comply with a legal obligation).
  • Right to correct. You may request correction of inaccurate personal information we hold about you.
  • Right to opt out of sale or sharing. Cerca does not sell or share your personal information for cross-context behavioral advertising as defined under CCPA. We do not sell personal data to third parties for monetary or other valuable consideration.
  • Right to non-discrimination. We will not discriminate against you for exercising any of your CCPA rights.

Categories of personal information collected include: identifiers (name, email, phone), commercial information (booking history, payment amounts), professional information (provider bio, services, portfolio), and internet/network activity (usage analytics, push tokens). We do not collect sensitive personal information beyond what is described in Section 1. To submit a verifiable consumer request, email legal@app-cerca.com with the subject line "California Privacy Request."

European Economic Area & UK residents (GDPR/UK GDPR). If you are located in the EEA or UK, you have the following rights under applicable data protection law:

  • Right of access. You may request a copy of the personal data we hold about you.
  • Right to rectification. You may request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"). You may request deletion of your personal data where there is no compelling reason for its continued processing.
  • Right to restrict processing. You may request that we limit how we use your data in certain circumstances.
  • Right to data portability. You may request your personal data in a structured, machine-readable format.
  • Right to object. You may object to processing based on our legitimate interests.
  • Right to lodge a complaint. You have the right to lodge a complaint with your local data protection authority.

Our legal basis for processing personal data is primarily contract performance (to provide the App and process bookings), legitimate interests (to improve the platform and send relevant notifications), and consent (where explicitly provided). To exercise any of these rights, contact legal@app-cerca.com.

6. Push Notifications

We send push notifications for booking requests, booking status updates, new messages, and payment requests. You can disable push notifications at any time in your device's system settings. Disabling notifications does not affect your ability to use the App, but you may miss time-sensitive alerts.

7. Children's Privacy

Cerca is not intended for users under the age of 18. We do not knowingly collect personal information from minors. If we learn that we have collected information from a minor, we will delete it promptly.

8. Security

We use industry-standard security measures including encrypted connections (HTTPS/TLS), row-level security policies on our database, and Stripe's PCI-compliant infrastructure for payment data. No method of transmission or storage is 100% secure; use the App at your own risk.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via the App or email. Continued use of the App after changes are posted constitutes your acceptance of the updated policy.

Contact

Privacy or legal questions? legal@app-cerca.com.

General support? support@app-cerca.com.

Billing questions? billing@app-cerca.com.