Legal
Privacy Policy
This Privacy Policy describes how Pact ("we," "us," "our") collects, uses, and shares information when you use our mobile application and related services (collectively, "the Service").
1. Information We Collect
Information you provide
- Email address and display name at registration
- Mobile phone number (when you add it for account verification)
- SMS consent status and the date you opted in (if you choose to receive text messages)
- Profile photo (optional)
- Listing content: titles, descriptions, photos, location, pricing
- Application notes and photos
- Proof-of-completion photos
- Dispute notes and evidence photos
- Ratings and review text
- Messages sent within a Pact
Information collected automatically
- Device push notification token (for push notifications)
- Approximate GPS location (blurred for public display on listings)
- Exact GPS location (stored privately; revealed to the other party only after a Pact is sealed)
- Listing view counts
- Transaction metadata (amounts, timestamps, pact status history)
Financial information
All payment card data is collected and stored solely by Trustap. Pact never stores raw card numbers or CVVs. When you seal a Pact, payment is held in escrow via Trustap until the work is confirmed complete, at which point funds are released directly to the seller. Refer to Trustap's Privacy Policy for details on how Trustap handles payment data.
Promotional credit transactions are recorded in our ledger.
Cookies, local storage, and tracking technologies
Pact does not use advertising cookies, third-party analytics, or cross-site tracking. To keep you signed in, we store a session token on your device, in your browser's storage on the website or in secure device storage in the app. Our website also saves small preferences in your browser's local storage, such as whether you have dismissed the introductory banner; this stays on your device and is not personal. Loading the website sends your IP address to the providers that serve its resources, Google Fonts (typography) and OpenStreetMap and CARTO (map tiles), which is a standard part of displaying any website. We do not use any of this information to track you across other websites, and we do not sell it.
2. How We Use Your Information
We use the information we collect to:
- Create and manage your account
- Display listings, profiles, and pact details to relevant users
- Facilitate pact agreements and payment flows
- Send push notifications and in-app notifications about activity relevant to you
- Send transactional SMS messages to your verified phone number (verification codes and account notifications) if you have opted in
- Calculate and display distance between you and listings
- Resolve disputes and support requests
- Detect fraud and enforce our Terms of Service
- Track sales tax nexus obligations by state (aggregate volume only)
- Improve the Service
3. How We Share Your Information
With other users
- Your display name, profile photo, and rating are visible to all users
- Your listing content (including approximate location) is visible to all users
- Your exact location and contact details are shared with the other party only after a Pact is sealed
- Your application notes and photos are visible to the listing poster only
With service providers
We share data with third-party providers who operate under confidentiality obligations:
- Cloud infrastructure provider (database, authentication, file storage, and real-time services)
- Expo / Expo Push Service (push notification delivery to FCM and APNs)
- Map tile providers (OpenFreeMap for the app; OpenStreetMap and CARTO for the website)
- SMS gateway provider (phone number shared solely to deliver verification codes to opted-in users; not used for any other purpose)
- Trustap (payment processing, escrow and seller payouts)
SMS data, no marketing use
Your phone number and SMS consent information are used only to deliver the transactional messages described above. We do not share, sell, rent, or otherwise disclose your phone number or SMS opt-in data to any third party for marketing purposes or for any use beyond message delivery. Text messages from Pact will never be used for advertising, promotions, or marketing campaigns.
Legal requirements
We may disclose your information if required by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Pact, our users, or the public.
Business transfers
If Pact is acquired or merges with another company, your information may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
4. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or financial compliance purposes (e.g. transaction records).
Listing and pact data may be retained in anonymized form for analytics and dispute resolution purposes.
5. Security
We use industry-standard security measures including encrypted connections (TLS), row-level security on our database, and access controls on all stored data. However, no system is completely secure. We cannot guarantee the absolute security of your information and are not liable for unauthorized access resulting from circumstances beyond our control.
Push notification tokens are cleared from our database when you log out to prevent notifications being delivered to unintended devices.
In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law.
6. Photos and Biometric Data
Photos you upload, including profile photos and proof-of-completion images, may incidentally contain faces or other identifying features. Pact does not use any photos for facial recognition, biometric identification, or any form of biometric data processing. Photos are stored solely for the purpose of displaying your profile and facilitating the pact workflow (proof of completion, dispute evidence).
We do not collect, derive, or store biometric identifiers or biometric information as defined under any applicable biometric privacy law, including the Illinois Biometric Information Privacy Act (BIPA) or similar statutes.
7. Children's Privacy
Pact is not intended for users under 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will delete it promptly.
8. Your Privacy Rights
All users
Regardless of where you are located, you may at any time:
- Request a copy of the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your account and associated data
- Withdraw consent for push notifications via your device settings
- Opt out of SMS messages at any time by replying STOP to any text from Pact
Contact us at support@pact.market to exercise any of these rights.
California residents (CCPA)
If you are a California resident, you additionally have the right to:
- Know the categories of personal information we collect and why
- Opt out of the sale of your personal information (we do not sell personal information)
- Non-discrimination for exercising your privacy rights
European residents (GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) or equivalent legislation, including:
- The right to access, rectify, or erase your personal data
- The right to restrict or object to processing
- The right to data portability
- The right to lodge a complaint with your local supervisory authority
Our lawful basis for processing your data is:
- Contract performance, to provide the Service you signed up for
- Legitimate interests, fraud prevention, platform security, service improvement
- Consent, push notifications (which you may withdraw at any time)
We are based in New Mexico, United States. By using the Service, you consent to your data being transferred to and processed in the United States, which may not provide the same level of data protection as your home country.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via push notification or in-app notice. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.
10. Contact
Privacy questions or requests: support@pact.market
← Back to pact.market