Skip to main content

Privacy Policy

Last updated: December 10, 2025

1. Introduction

OnCallWorks ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our emergency IT services marketplace platform.

By using OnCallWorks, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

  • Account Information: Email address, name, phone number (optional)
  • Authentication Data: Hashed passwords (Argon2id), MFA tokens
  • Payment Information: Processed securely via Stripe (PCI-DSS compliant)
  • Service Provider Data: Business name, certifications, background check results
  • Communication Data: Chat messages, dispute information

2.2 Automatically Collected Information

  • Device Information: Browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, timestamps
  • Location Data: For service matching (with your consent)
  • Log Data: IP addresses, access times, error logs

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Match customers with qualified IT service providers
  • Communicate with you about services, updates, and support
  • Detect, investigate, and prevent fraudulent or unauthorized activities
  • Comply with legal obligations
  • Verify provider qualifications and background checks

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data based on:

  • Contract Performance: To fulfill our service agreement with you
  • Legitimate Interests: For fraud prevention, security, and service improvement
  • Consent: For marketing communications and optional features
  • Legal Obligation: To comply with applicable laws and regulations

5. Data Sharing

We may share your information with:

  • Service Providers: When you book a service, we share relevant details with the assigned provider
  • Payment Processors: Stripe for payments, PayPal for provider payouts
  • Background Check Services: For provider verification
  • Legal Requirements: When required by law or to protect our rights

We do not sell your personal information to third parties.

6. Data Retention

We retain your data for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations (e.g., tax records for 7 years)
  • Resolve disputes and enforce agreements

Retention Periods:

  • Account Data: Until account deletion + 30 days
  • Booking History: 7 years (legal requirement)
  • Chat Messages: 2 years after booking completion
  • Audit Logs: 1 year
  • IP Addresses: 90 days

7. Your Rights

7.1 GDPR Rights (EEA Users)

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Portability: Receive your data in a machine-readable format
  • Right to Object: Object to certain processing activities
  • Right to Restrict Processing: Limit how we use your data

7.2 CCPA Rights (California Users)

  • Right to Know: What personal information we collect
  • Right to Delete: Request deletion of your information
  • Right to Opt-Out: Of the sale of personal information (we do not sell data)
  • Right to Non-Discrimination: Equal service regardless of exercising rights

Exercise Your Rights

To exercise these rights, visit your Account Settings or contact us at [email protected].

8. Security

We implement industry-standard security measures:

  • Argon2id password hashing
  • TLS/HTTPS encryption for all data in transit
  • Encryption at rest for sensitive data
  • Multi-factor authentication (MFA) support
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance practices

9. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication and security
  • Functional Cookies: Remember your preferences
  • Analytics Cookies: Understand how you use our service (with consent)

You can manage cookie preferences through our cookie consent banner or your browser settings.

10. Children's Privacy

OnCallWorks is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) for EU data transfers
  • Data Processing Agreements with all vendors
  • Compliance with applicable data protection laws

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of any material changes by email or through a notice on our platform. Your continued use of OnCallWorks after changes become effective constitutes acceptance of the revised policy.

13. Contact Us

For questions about this Privacy Policy or our data practices:

OnCallWorks Privacy Team
Email: [email protected]
Data Protection Officer: [email protected]

14. Supervisory Authority

If you are in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.