Privacy Policy

1. Who we are

Refind ("we", "us", "our") operates the Refind mobile and web application available at refindhub.com and in the Apple App Store and Google Play Store. If you have questions about this policy or how your data is handled, email [email protected].

2. Information we collect

Information you give us directly

• Phone number. Required to create an account. We use it as your identifier and to send the one-time code that signs you in.
• Display name. So the friends in your circle know who's vouching, and so workers know who's referring them.
• Email address (optional). Used for receipts, account-recovery notices, and occasional product updates you can switch off in Settings.
• Profile photo (optional). Stored as an attachment on your user record.
• Home location. A point used to match you with workers nearby. You can provide it via ZIP, GPS, or by adjusting a map pin.
• Contact list. When you choose to upload your phonebook, your device hashes each phone number with SHA-256 before the data leaves your phone. We store only the hashes — never the underlying phone numbers from your contacts. You may include the contact name attached to each hash so you remember who recommended whom.
• Worker profile (if you sign up as a worker). Trades you offer, service area, and the Stripe Connect account ID needed to receive payouts.
• Job and invoice data. Requests you send to workers, the workers' responses, completed work, invoices, and payment records.
• Communications. Messages you send us through support channels.

Information collected automatically

• Device and session data. App version, device model and OS, language, and IP address (used to set a reasonable default locale and to investigate abuse).
• Push notification tokens. Provided by Apple Push Notification service or Firebase Cloud Messaging so we can deliver notifications you opted in to.
• Cookies and local storage. A session identity cookie that keeps you signed in, a locale cookie that remembers your language choice, and standard Rails session storage. We don't use third-party advertising cookies.
• Approximate live location (workers only). When a worker chooses to share their location to see how far they are from a job, we compute the distance server-side and return only that number — we do not persist the worker's coordinates and we never expose the customer's coordinates to the worker.

3. How we use information

• To create and operate your Refind account.
• To verify your phone number through one-time codes.
• To match you with workers your friends already vouch for, and to match workers with referrers in their circle.
• To process payments to workers through Stripe and to record the referral fee paid to whoever vouched.
• To send transactional messages (sign-in codes, job updates, payout receipts) and, with your permission, occasional product updates.
• To protect Refind and its users: detecting fraud, abuse, spam, and violations of our Terms of Service.
• To comply with legal obligations, including tax reporting for worker payouts.
• To improve the product through aggregated, non-identifying analytics.

4. How we share information

With other users on Refind

Friends in your circle can see your display name, the workers you've saved, and which categories you've marked as your "mains". They cannot see your contact list, your phone number, or your earnings unless you choose to share. Workers see only the customer's name, the request note, and which friends in their circle vouched for the intro.

With service providers

We use a small set of third parties to operate the service. They process data only on our behalf and only to deliver the function described:

• Twilio — sends the SMS one-time codes that verify your phone number.
• Stripe — processes worker payouts via Stripe Connect Express, and processes any card payments. Stripe collects identity-verification information directly from workers to satisfy U.S. financial regulations.
• Apple Push Notification service / Firebase Cloud Messaging — deliver push notifications you've opted in to.
• Cloud hosting and storage — Refind runs on managed cloud infrastructure with encrypted-at-rest storage; uploaded files such as profile photos are stored in object storage tied to that infrastructure.

With your direction

If you ask us to share data with someone — for example, by texting a job-request deep link to a worker — we will.

For legal reasons

We may disclose information if we believe in good faith it is required by law, lawful process, or to protect the rights, property, or safety of Refind, our users, or the public.

Business transfers

If Refind is involved in a merger, acquisition, financing, or sale of assets, user information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your information.

We do not sell your personal information, and we do not share it with advertisers.

5. Your choices and rights

• Edit or correct your data. You can update your name, photo, email, mains, and home location from Settings.
• Notification preferences. Toggle SMS notifications and default job visibility in Settings.
• Delete your account. Two self-service options: in the app, open Settings → "Delete account" to deactivate (sign out + hide your profile from friends, indefinitely). To permanently erase your data without signing in, visit refindhub.com/delete-account and verify with a one-time SMS code. You may also email [email protected] for help. We retain transaction records (invoices, payouts) only where required for legal, tax, or fraud-prevention purposes.
• Export your data. Email [email protected] for a copy of the data we hold about you.
• Remove uploaded contacts. You can clear the contact hashes you've uploaded from Settings, or by deleting your account.

Depending on where you live, you may have additional rights under applicable law. We honor these rights for all our users:

• California (CCPA / CPRA). You have the right to know what personal information we collect, to request deletion, to correct inaccurate information, to opt out of any "sale" or "sharing" (we do neither), and to non-discrimination for exercising these rights.
• European Economic Area / United Kingdom (GDPR / UK GDPR). You have rights of access, rectification, erasure, restriction of processing, data portability, and objection. Our lawful bases for processing are: performance of the contract you enter when you create an account, our legitimate interests in operating and securing the service, your consent (for optional features such as marketing email and contact upload), and compliance with legal obligations.

6. Data retention

We keep your data for as long as your account is active. When you delete your account, we delete your profile and personal records promptly, and purge them from backups within 30 days. We retain transaction records (jobs, invoices, payouts) for as long as required by U.S. tax law (typically seven years) and may retain minimal records needed to prevent abuse, comply with the law, or resolve disputes.

7. Security

We use industry-standard safeguards to protect your data: TLS in transit, encryption at rest on our hosting infrastructure, hashed contact uploads (never plaintext), phone-based authentication instead of passwords, and least-privilege access controls for our team. No system is perfectly secure; if we ever become aware of a breach affecting your data, we will notify you and the relevant authorities as required by law.

8. Children's privacy

Refind is intended for users 18 years of age or older. We do not knowingly collect information from children under 13, and Refind is not directed at minors. If you believe a minor has provided us with personal information, email [email protected] and we will delete the account.

9. International users

Refind is operated from the United States. If you are accessing Refind from outside the U.S., the personal information you provide may be transferred to, stored, and processed in the United States. By using Refind you consent to that transfer.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the "Last updated" date above and, where appropriate, notify you in the app or by email before the changes take effect. Your continued use of Refind after the effective date constitutes acceptance of the updated policy.

11. Contact us

If you have any questions about this Privacy Policy or how we handle your data, write to us at [email protected]. We typically reply within one business day.