lahoda

Privacy Policy

Last updated:

Lahoda (“we”, “us”) operates lahoda.app, a directory that introduces clients to independent, self-employed service providers in the UK. This policy explains what personal data we collect, why, and the rights you have over it. Contact for anything data-related: hello@lahoda.app.

Who we are

Lahoda is the data controller for the personal data described in this policy. Our service is hosted in the European Union (Google Cloud, Netherlands) and our database is in the European Union (Supabase, Ireland).

What we collect

  • Providers: account email address, name, phone number, Telegram/WhatsApp handles, profile and gallery photos, service descriptions and prices, postcode districts covered, weekly availability, and a short bio. You provide all of this yourself when creating a profile.
  • Clients: the first name you enter when publishing a review, and nothing else — browsing and contacting providers requires no account.
  • Account holders: the details you choose to share during sign-up — your name, whether you offer or look for services, postcode district, service interests, saved providers — and your consent choices.
  • Usage analytics: interaction events (a page or profile was viewed, a search was made, a contact or request button was tapped, the app was installed) linked only to a random identifier created in your own browser — never to your IP address, location or device fingerprint. When you sign in, your account adopts your own events so recommendations can improve; the personalisation switch in Account stops this collection entirely.
  • Push notifications (optional): a browser push subscription token, only if you switch notifications on.
  • On your device only (never sent to us): saved providers, language and theme choice, recent searches.

Why we collect it (legal bases)

  • To operate provider profiles and the directory — performance of a contract with providers.
  • To show providers how their profile performs (views and contact taps) — legitimate interest.
  • To send push notifications — your consent, withdrawable any time in your dashboard or browser settings.
  • To send offers and tips by email or push — your consent only, given by an unticked checkbox and withdrawable in Account → Privacy & data.
  • To personalise what you see (ordering by your interests, area and activity) — legitimate interest, with an off switch in Account → Privacy & data.
  • To keep the platform safe and moderate reviews — legitimate interest.

Provider profiles are public

The entire point of a profile is to be found: the details a provider publishes (name, photos, services, prices, areas, availability, reviews received) are visible to anyone on the internet and may appear in search engines. Phone numbers and messaging handles are exposed so clients can make direct contact. Don't include anything in a profile you are not comfortable making public.

Who we share data with

We never sell personal data. We use a small set of processors to run the service: Supabase (database, authentication and file storage — EU), Google Firebase / Google Cloud (application hosting — EU), and OpenStreetMap (map tiles — your IP address reaches their servers when a map loads). Request messages you compose are handed to WhatsApp or Telegram on your own device; we store only the fact that a request was made, never its content.

How long we keep it

  • Provider accounts and profiles: until you delete your profile or ask us to.
  • Reviews: retained while the reviewed profile exists, as part of the public record that makes reviews trustworthy.
  • Analytics events: kept in raw form up to 24 months, then aggregated.
  • Push subscriptions: until you disable notifications or the subscription expires.

Your rights

Under UK GDPR you can ask us for access to your data, correction, deletion, portability, or to object to processing based on legitimate interest. Email hello@lahoda.app and we will respond within one month. You also have the right to complain to the Information Commissioner's Office (ico.org.uk).

Signed-in users don't need to ask: Account → Privacy & data lets you download everything we hold about you as a file, and delete your account together with all of it — instantly and permanently.

Cookies and local storage

We use strictly necessary cookies only: an authentication session (providers who sign in) and your language preference. We set no advertising or cross-site tracking cookies and no third-party analytics, which is why you see no cookie banner. Saved providers, theme and recent searches live in your browser's local storage and never leave your device.

To understand which links and campaigns bring visitors, we note the tags of the link you arrived through (utm parameters) and the referring site, keep them in your browser's local storage for up to 30 days, and count visits, installs, contacts and registrations against them in our own database. These counts contain no identifier tied to you — no IP address, no device details — and are never shared with anyone.

To improve and personalise Lahoda, a random identifier also lives in your browser's local storage. It links your own actions together (and to your account once you sign in) — it is not a tracking cookie, is shared with no one, and disappears when you turn off personalised recommendations in Account or clear your browser data. If your browser sends a Global Privacy Control or Do Not Track signal, we record nothing at all — no campaign counts, no events.

Children

Lahoda is not directed at anyone under 18, and providers must be at least 18.

Changes

If this policy changes materially we will update the date above and, for signed-in providers, show a notice. Continued use after changes means acceptance.