Privacy Policy

Introduction and Scope

Welcome to ExpatTray, the global marketplace platform that connects expatriates, travelers, and service providers across international boundaries. We are committed to protecting your personal information and being transparent about how we collect, use, and safeguard your data when you interact with our platform.

This Privacy Policy explains our data processing practices in detailed, clear terms and covers all interactions you have with our services, whether you are browsing our marketplace as a guest, registered as a user, offering services as a provider, making purchases as a buyer, or contacting our customer support team. The scope of this policy extends to our website, mobile applications, APIs, and all related services that form part of the ExpatTray marketplace ecosystem.

Your privacy is fundamental to our relationship with you, and we are committed to earning and maintaining your trust through transparent, respectful, and legally compliant handling of your personal data. This policy should be read in conjunction with our Terms of Service, and together these documents constitute essential parts of your legal agreement with us.

1. Who We Are and Our Roles

We are ExpatTray, a digital marketplace platform operated by ConnecTech OÜ (incorporated in Estonia) and ConnecTech Digital UK Ltd (incorporated in the United Kingdom). Our platform specializes in connecting service providers with buyers, particularly serving expatriate and international communities worldwide by facilitating professional services, consultations, and appointment-based offerings.

Our Corporate Structure: ConnecTech OÜ serves as our primary European entity, handling operations and data processing for users in Estonia and other European Economic Area countries. ConnecTech Digital UK Ltd operates our United Kingdom services and handles UK-specific compliance requirements following Brexit. The applicable entity for your interactions depends on your location and the jurisdiction governing your transactions, as determined by ExpatTray based on applicable legal requirements.

Data Controller Responsibilities: For most activities described in this policy, ConnecTech OÜ and ConnecTech Digital UK Ltd act as joint data controllers, meaning we determine the purposes and means of processing your personal data. We make decisions about what personal information to collect, how to use it, how long to retain it, and with whom to share it, always in accordance with applicable data protection laws and regulations.

Data Processor Arrangements: In certain limited circumstances, we may act as a data processor when handling personal data on behalf of service providers who use our platform. For example, when we help service providers manage their customer relationships or export buyer information to their connected business tools, the service provider acts as the data controller and we process data according to their instructions. Service providers who engage us as a data processor must enter into our Data Processing Addendum to ensure appropriate data protection safeguards.

Contact Information:

• Data Protection Officer: dpo@expatray.com
• Privacy Team: privacy@expatray.com
• General Privacy Inquiries: privacy-feedback@expatray.com

2. What Personal Data We Collect

Understanding what information we collect about you is fundamental to making informed decisions about using our marketplace platform. We believe in the principle of data minimization, which means we only collect personal information that is genuinely necessary to provide our marketplace services effectively, maintain the security and integrity of our platform, and comply with applicable legal and regulatory requirements across the various jurisdictions where we operate.

2.1 Information You Provide Directly to Us

Account and Profile Information: When you create an account with ExpatTray, you voluntarily provide us with essential information that forms the foundation of your marketplace experience. This includes your full legal name as it appears on official identification documents, which helps us maintain accurate records and comply with verification requirements. We collect your email address as your primary communication channel and for account security purposes. Your phone number is required for account verification and important service notifications. You may optionally provide a profile picture and personal description to help other users understand your background and expertise, though these elements remain entirely under your control.

Service Provider Verification Data: For users who choose to become service providers on our platform, we collect additional verification information as part of our mandatory Know Your Customer (KYC) and Know Your Business (KYB) compliance procedures. This verification process requires government-issued identification documents such as passports, driver's licenses, or national identity cards, which we use to confirm your identity and prevent fraudulent activity. We collect address verification documents including utility bills, bank statements, or official correspondence to confirm your residential or business location. For commercial service providers, we require business registration documents, tax identification numbers, and authorized representative documentation that demonstrates the legal status and authority of your enterprise.

Financial and Payment Information: Our payment information practices are designed to minimize our handling of sensitive financial data while ensuring secure transactions. When you provide payment details, they are collected and processed directly by our PCI DSS compliant payment service providers including Stripe, Paystack, and similar processors. We do not store complete payment card numbers or security codes on our servers. Instead, we receive and retain payment tokens, the last four digits of payment cards for identification purposes, billing addresses for verification, and comprehensive transaction histories including amounts, dates, and payment status information necessary for platform operations and customer support.

Communication and Transaction Data: We maintain detailed records of all interactions and transactions that occur through our platform to provide effective customer support and ensure platform integrity. This includes the complete history of messages exchanged between buyers and service providers during the inquiry and booking process, all communications with our customer support team when assistance is needed, and comprehensive transaction details including service descriptions, booking preferences, scheduling information, and completion confirmations. We also collect reviews and ratings provided by users about their experiences with service providers and vice versa.

2.2 Information We Collect Automatically

Platform Usage and Interaction Data: Your interactions with our marketplace generate valuable information that helps us understand how you use our services and enables us to provide personalized recommendations while improving your overall experience. We automatically collect detailed records of your marketplace activity including every service listing you view, search terms you enter, filters you apply, and the time you spend evaluating different options. We track which service provider profiles you visit and the patterns of your browsing behavior to understand your preferences and suggest relevant services that match your interests and needs.

Technical and Device Information: We automatically collect technical information as you navigate through our website and mobile applications using industry-standard web technologies. This includes detailed information about the device you use to access our platform, such as the type of device (smartphone, tablet, desktop computer), operating system and version, web browser type and version, screen resolution, and installed plugins or extensions that may affect platform functionality. We collect your Internet Protocol (IP) address, which provides general geographic information at the city and country level, and maintain detailed logs of your navigation patterns, page load times, and any technical errors encountered.

Location Information: Location data represents a particularly sensitive category that we handle with special care and transparency. We only collect precise location data when you explicitly grant permission through your device settings or browser preferences. This information is used primarily to provide location-specific services such as finding local service providers, calculating accurate service delivery estimates, displaying currency and pricing information appropriate to your region, and ensuring compliance with local regulations that may affect service availability. You maintain complete control over location data and can revoke permissions at any time without affecting other platform functions.

2.3 Information We Receive from Third Parties

Social Media Integration: When you choose to create or connect your ExpatTray account using social media platforms such as Facebook, Google, or LinkedIn, these platforms share basic profile information according to the permissions you grant during the connection process. This typically includes your display name, profile picture, email address, and general demographic information such as location and language preferences. We use this information solely to streamline account creation and can be disconnected at any time through your account settings.

Payment and Financial Service Providers: We receive transaction-related information from our payment processing partners to confirm successful payments, detect fraudulent activity, and provide comprehensive transaction histories. This includes payment confirmation data, transaction status updates, chargeback notifications, and fraud risk assessments that help protect both buyers and service providers from financial harm.

Identity Verification and Security Services: We work with specialized identity verification providers to confirm that users are who they claim to be, particularly for service providers and high-value transactions. These services provide verification results indicating whether submitted identity documents appear legitimate, whether biometric verification (where permitted) confirms identity matches, and risk assessments that help us maintain platform security and trust.

Business and Professional Data Sources: For business service providers, we may receive information from professional licensing bodies, business registries, and credit reporting agencies to verify credentials, confirm business legitimacy, and assess financial stability. This information helps us maintain a trustworthy marketplace where buyers can confidently engage with verified professional service providers.

3. How We Use Your Personal Data

The personal information we collect serves specific, legitimate purposes that directly benefit your experience on our platform while ensuring the security, functionality, and legal compliance of our marketplace operations. We are committed to using your data transparently and only for purposes that align with your expectations and the services you have requested from us. Our data processing activities are governed by applicable data protection laws, including the General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA), and other relevant privacy frameworks.

3.1 Core Platform Services (Legal Basis: Contractual Necessity)

• Account Creation and Management: We use your personal information to establish and maintain your user profile, enabling consistent access to platform features across multiple devices and sessions.
• Transaction Processing and Facilitation: We use your payment information with trusted partners to securely process transactions and maintain records for dispute resolution.
• Communication and Messaging Services: We provide secure communication tools while protecting personal contact information.
• Customer Support and Issue Resolution: We use account information and history to assist with technical issues, billing questions, and disputes.

3.2 Security, Verification, and Compliance (Legal Basis: Legal Obligation and Legitimate Interest)

• Identity verification, fraud prevention, and regulatory compliance.
• Platform security monitoring and risk assessment.
• Legal and regulatory obligations across jurisdictions.

3.3 Platform Improvement and Personalization (Legal Basis: Legitimate Interest)

• Analytics to improve features and performance.
• Personalized recommendations and localized content.
• Quality assurance and policy enforcement.

3.4 Marketing and Communication (Legal Basis: Consent and Legitimate Interest)

• Essential account and transaction communications.
• Optional marketing communications with opt-out controls.
• Optimization of communication timing and channels.

4. How We Share Your Personal Data

4.1 Service Delivery

• With service providers/buyers: contact and transaction details
• With payment partners: processing data (e.g., Stripe, Paystack)

4.2 Service Providers

Identity verification, payment processing, customer support, analytics, cloud hosting (e.g., AWS, Google Cloud, Microsoft Azure, Cloudflare, Cloudinary).

4.3 Legal Requirements

Regulatory authorities, law enforcement, and dispute resolution.

4.4 Business Transfers

Information may be transferred during mergers, acquisitions, or sales.

5. International Data Transfers

• Adequacy decisions where available
• Standard Contractual Clauses for other transfers
• Additional safeguards for high-risk transfers

Primary Data Locations: EU (Ireland, Germany), United States (Virginia, California), Asia-Pacific (Singapore, Australia)

6. How Long We Keep Your Data

7. Your Privacy Rights

7.1 Universal Rights (All Users)

• Access, correction, deletion, and portability
• Support via our privacy team

7.2 EU/EEA/UK Rights (GDPR)

• Restriction and objection to certain processing
• Withdraw consent at any time
• File complaints with data protection authorities

7.3 California Rights (CCPA/CPRA)

• Know, delete, and opt-out of sale/sharing
• Non-discrimination

We do not sell personal information of users under 16 without opt-in consent.

7.4 How to Exercise Your Rights

• Self-service in account settings
• Email: privacy@expatray.com
• Online form via our privacy center
• Phone via customer support for urgent matters

We respond to privacy requests within 30 days and provide free assistance.

8. Data Security

• Technical Safeguards: Encryption in transit and at rest, secure infrastructure, MFA, ongoing testing
• Organizational Safeguards: Training, access controls, incident response, audits

While we implement strong security measures, no system is 100% secure. Please protect your login credentials.

9. Cookies and Tracking

• Essential cookies (required)
• Analytics cookies (consent in EU/UK)
• Marketing cookies (consent)

Manage preferences in our Cookie Control Center or your browser. We honor Global Privacy Control where required.

10. Children's Privacy

Our platform is for users 18 and older. We do not knowingly collect personal information from children under 16. Parents may request access, correction, or deletion where applicable.

11. Automated Decision Making

• Fraud detection
• Personalization
• Content moderation

You can request human review of decisions that significantly affect you and information about the logic involved.

12. Changes to This Policy

We may update this policy to reflect practice or legal changes. We will notify you via email, in-product messages, or website notices. Material changes include 30 days' advance notice. Continued use after updates indicates acceptance.

13. Contact Us

• Privacy Questions: privacy@expatray.com
• Data Protection Officer: dpo@expatray.com
• Customer Support: support@expatray.com

Postal Address: ConnecTech OÜ, Data Protection Officer, Tartu maakond, Tartu linn, Tartu linn, Pärna tn 29-1, 50604, Estonia

Supervisory Authority Complaints: EU/EEA: Estonian Data Protection Inspectorate · UK: Information Commissioner's Office · US: State or FTC

14. Additional Resources

• Terms of Service: expatray.com/legal/terms
• Cookie Policy: expatray.com/legal/cookies
• Data Processing Agreement: expatray.com/legal/dpa