Skip to main content
SortedHQ

Legal

Privacy policy

Version 2026-06-11. How SortedHQ collects, uses, shares, and protects your personal data.

This Privacy Policy explains how SortedHQ collects, uses, shares, and protects personal data. It applies to customers and partners using the SortedHQ platform across the Republic of Ireland. By using the platform you confirm that you have read and understood this Policy.

1. Who we are

SortedHQ is a service operated from the Republic of Ireland. Our full company registration details — registered company name, Companies Registration Office (CRO) number, VAT status, and registered office address — are being finalised and will be published here before our public launch. SortedHQ operates an online intermediation platform connecting customers with independent service partners across Cleaning, Beauty, Gardening, and Handyman categories. SortedHQ is the data controller for the personal data described in this Policy. You can contact us about any privacy matter at support@sortedhq.ie.

2. What this Policy covers

This Policy covers all personal data we collect from you when you create a customer or partner account, request or accept a booking, contact us, or otherwise use the SortedHQ website or progressive web app. It does not cover third-party websites or services that we link to but do not operate.

3. What we collect and why

The list below describes the main categories of personal data we process, what we use them for, and the legal basis under the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.

  • Contact details and address — Operating your account and delivering bookings. Legal basis: GDPR Art. 6(1)(b) (performance of contract).
  • Date of birth — Identifying you as a unique individual and routing under-21 partner applications for admin review. Legal basis: Art. 6(1)(b) (contract); Art. 6(1)(f) (legitimate interest in safe service delivery).
  • Immigration permission (Stamp) and expiry date — Verifying your right to work in Ireland. Legal basis: Art. 6(1)(c) (legal obligation under the Immigration Act 2004 and the Employment Permits Acts 2003–2014).
  • Partner bank details (IBAN, BIC, account-holder name) — Paying you for completed bookings via SEPA bank transfer. Legal basis: Art. 6(1)(b) (performance of your partner agreement). Recipients: internal finance and operations staff who reconcile and dispatch payouts, and your bank via the SEPA scheme. Retention: for as long as your partner account is active, plus the period required by Irish tax and anti-fraud record-keeping rules under the Taxes Consolidation Act 1997 and the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (as amended).
  • Account-change records and admin-action audit log — We log which of your account fields were changed, who made the change (an administrator, or you), and when. The audit log records the field names only — it never stores the previous or new values. Where a SortedHQ administrator takes an action on your customer or partner record (for example, approving an account, applying or voiding a fee, or resolving a stalled booking), we also record the email address of the administrator who made that decision as the actor on the audit entry. The deciding administrator's email may be recorded on a partner profile and may be visible inside the SortedHQ admin portal during dispute resolution. Legal basis: Art. 6(1)(f) (legitimate interest in fraud prevention and dispute resolution). Retention: same as your partner account.
  • Booking dispute and escalation records — Where SortedHQ resolves a dispute or remediates an exceptional booking outcome — for example a Stalled Booking under §6D of the partner terms, an admin-initiated cancellation, or a refund decision — we record the outcome of the decision, the administrator's choice on any associated partner fee, the deciding administrator's email, the time of the decision, and a short factual note describing the reasoning. We use these records to resolve the immediate dispute, to maintain a defensible audit trail of administrative decisions, and to evidence those decisions if a customer or partner later contests them. Legal basis: GDPR Art. 6(1)(f) — the legitimate interests of SortedHQ in dispute resolution, audit, and defending its decisions, balanced against the limited categories of data recorded. Retention: 6 years from the date of the decision, in line with the limitation period under Section 11(1)(a) of the Statute of Limitations Act 1957. You can ask us to erase these records under Article 17 GDPR; SortedHQ may decline an erasure request where the records remain necessary for the establishment, exercise, or defence of legal claims, in which case SortedHQ will explain why on request.
  • Transaction records — Tax record-keeping and limitation-period defence. Legal basis: Art. 6(1)(c) (legal obligation under the Taxes Consolidation Act 1997 and the Statute of Limitations Act 1957 s.11(1)(a)).
  • IP address and device information — Fraud prevention and platform security. Legal basis: Art. 6(1)(f) (legitimate interest).
  • Web Push subscription data — browser-issued endpoint URL, public encryption keys (p256dh, auth), and user-agent string. Used to deliver Job Broadcast alerts to your device. Legal basis: Art. 6(1)(b) GDPR — performance of the partner agreement.
  • Record of your self-employed declaration (date, IP address, user agent, the exact wording you agreed to) — Used to evidence the contractual basis on which you provide services through SortedHQ, in particular in the event of any dispute about your employment status. Legal basis: Art. 6(1)(f) GDPR (legitimate interests of SortedHQ in defending its lawful business model, balanced against your interest in the data being limited to what is necessary). Retained for the duration of your relationship with SortedHQ and for 6 years after the last booking, in line with the Irish statute of limitations.
  • Booking request details (county, town, service, sub-product, scheduled time, and — for beauty bookings — the gender of the menu you selected) — Used to compute an Eligible Partner Pool of partners who are approved, cover your town, offer the service and sub-product you chose, are available at your chosen time, and meet our rating floor. Before any partner has accepted, we show you only aggregate information about that pool: the number of available partners, the price range, and whether every partner is past their initial review window. We do not share any individual partner's name, photo, contact details, or price with you before a partner accepts your booking. Legal basis: Art. 6(1)(b) GDPR (performance of the contract for the booked service).
  • Partners you have booked before ("Book someone again") — When you have completed a booking with a partner, we may show you that partner's first name again as a "Book someone again" option on a later booking, so you can ask for them by name. If you request a partner this way, we may also name that partner in a notice to you where they do not take the booking — whether they decline it or are not eligible for it at that time. If you turn on the fallback option when you book — it is on by default and you can switch it off — and your requested partner does not take the booking, we re-broadcast your booking details to our other eligible partners in your area in the same anonymised way as any other booking (those other partners are not told you had requested a specific partner). Naming your requested partner applies only to the notice we send to you. Legal basis: Art. 6(1)(b) GDPR (performance of the contract for the booked service).
  • Service-interest signals — when you tap a service tile we record which service you tapped, the outcome shown, a coarse signed-in or anonymous flag and, where available, your county and service-area. We do not record your name, contact details, IP address or device. We use this to decide where to add services and partners. Legal basis: Article 6(1)(f) GDPR — our legitimate interest in understanding demand for our services and planning where to add services and partners. We treat these signals as low-risk data because they carry no direct identifiers, and we keep them for no longer than 13 months.
  • Registered interest in a service for your area — separate from the anonymous service-interest signals above, when you are signed in and ask us to tell you once a service becomes available in your area, we record your account identity (so the request is linked to you), the service and the service-area you asked about, and any preferred date or note you choose to add. We use this only to email you once that service goes live in your area, and to gauge demand when deciding where to add services and partners. Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in matching you with services you have asked about and planning where to add services and partners, balanced against the limited data recorded. Unlike the anonymous signals above, this record is linked to your account. We keep it for up to 13 months, and we delete or anonymise it when you close your account.

We do not knowingly collect special category data (Art. 9). If you provide such data to us in an unsolicited free-text message, we will not process it further and will ask you to email us at support@sortedhq.ie if any action is required.

4. Cookies and similar technologies

We use a small number of first-party cookies and similar browser storage that are strictly necessary to operate the platform. We do not use third-party analytics or advertising trackers; our only analytics are the first-party, cookieless signals described above.

  • Session cookies (HMAC-signed, HttpOnly) — keep you logged in as a customer, partner, or admin. Legal basis: strictly necessary (Regulation 5(5) of the ePrivacy Regulations 2011 (S.I. No. 336 of 2011)).
  • Service worker and offline cache — powers offline use of the app and, for partners, delivers Job Broadcast push notifications when you have granted permission. Legal basis: strictly necessary for the core service; the push channel additionally relies on your consent at the browser permission prompt.
  • Browser session storage (`sessionStorage`) — short-lived flags used to remember that you dismissed certain in-app prompts for the rest of your browser session (for example: `sortedhq-install-nudge-dismissed`, `sortedhq-push-denied-banner-dismissed`, `sortedhq-push-prompt-dismissed`). These are cleared when you close the tab. Legal basis: strictly necessary.

5. Sharing your personal data

We share personal data only as needed to operate the platform or where we are required to by law:

  • When you (as a customer) book a service and a partner claims it, we share with that partner the customer's name, service address, phone number, and the details of the job. Legal basis: GDPR Art. 6(1)(b) (performance of the contract for the booked service). The partner becomes an independent controller for that data and processes it in line with their own legal obligations.
  • When you (as a partner) claim a booking, we show the customer your first name, your profile photo if you uploaded one, your bio if you wrote one, your Garda-vetting self-declaration, your aggregate customer rating and review count, and the per-booking gross/net price split. Your full name, phone, email, address, and identity documents are never shown to the customer. Legal basis: GDPR Art. 6(1)(b).
  • Where a customer you have completed a booking with asks for you again by name on a later booking, we may show that customer your first name when they make the booking, and may name you in a notice to that customer if you do not take the job — whether you decline it or are not eligible for it at that time. We share only your first name in this way; your full name, contact details, and address are never shared with the customer unless and until you accept the booking. Legal basis: GDPR Art. 6(1)(b).
  • With our payment processor (Stripe), our transactional email provider (Resend), and our SMS provider (Twilio) so that we can take and reconcile payments and send you booking confirmations, receipts, and operational notifications. Each operates under a written data-processing agreement.
  • With your bank, via the Single Euro Payments Area (SEPA) scheme, when we pay you out for completed bookings. We share only the data your bank needs to receive the payment: the IBAN, BIC, account-holder name, payment amount, and a reference identifying the booking.
  • With our hosting and infrastructure providers under written data-processing agreements.
  • When you enable push alerts, your browser's push endpoint URL routes through your browser vendor's push service (Apple, Google, Mozilla, or Microsoft). These services may operate servers outside the EEA. We rely on Standard Contractual Clauses and adequacy decisions where applicable.
  • With An Garda Síochána, the Revenue Commissioners, the Workplace Relations Commission, or other Irish authorities where we are legally required to do so or where you have given your consent.

We do not sell your personal data.

6. International transfers

Where personal data is processed outside the European Economic Area by a processor (for example, by Stripe, Resend, Twilio, or a hosting provider with US-based infrastructure), we rely on the European Commission's Standard Contractual Clauses or an applicable adequacy decision.

7. How long we keep your data

We keep personal data only as long as we need it for the purposes set out in this Policy. As a default rule, account data and transaction records are retained for the duration of your relationship with SortedHQ and for six years after closure, in line with Section 11(1)(a) of the Statute of Limitations Act 1957 and tax record-keeping obligations under the Taxes Consolidation Act 1997. Booking dispute and escalation records (see §3) are also retained for the same six-year period from the date of the relevant administrative decision, for the dispute-resolution and audit purposes set out there. Marketing-preference data is retained until you withdraw consent or close your account.

Messages you send us through the contact form, and our replies, are kept for up to 13 months and then deleted, unless they relate to a booking dispute or another matter we must retain for longer under this Policy. If you ask us to delete your account, the content of your support messages and the name and email you submitted with them are removed; a non-identifying record that a ticket existed, along with its triage history (such as its status and which administrator handled it), may be kept for audit.

Push subscription data is retained until you revoke browser permission, the subscription endpoint expires (HTTP 404/410 from the push service), or you close your account — whichever is first.

8. Automated decisions about your eligibility to accept jobs

SortedHQ uses an automated rule to check, at the moment you try to accept a job, whether accepting it would push you over the weekly working-hour limit attached to your declared immigration permission (Stamp). The rule operates on:

  • your declared Stamp and its expiry date;
  • the hours you have already accepted through SortedHQ in the current week (Monday 00:00 to Sunday 23:59:59.999, Europe/Dublin); and
  • the hours this particular job would consume.

If accepting the job would exceed your limit, the rule refuses the claim. This is an automated decision and you have the right to contest it.

To request human review, email support@sortedhq.ie. A person will respond within 2 working days. You may express your point of view and provide additional information for the reviewer to consider.

The under-21 admin-review routing at signup is also a partly-automated step; you can contact us at the same address if you want to discuss it.

9. Your rights

Under the GDPR and the Irish Data Protection Act 2018 you have the right to:

  • access the personal data we hold about you;
  • ask us to correct inaccurate or incomplete data;
  • ask us to delete data in defined circumstances;
  • ask us to restrict or object to processing;
  • ask us to transfer data you have provided to us (data portability);
  • withdraw consent at any time where processing is based on consent.

To exercise any of these rights — including requesting deletion of your account and associated personal data — email support@sortedhq.ie with the subject line "Data request". We will respond within one month and will not charge a fee for the first request. Account deletion requests are processed manually; we will confirm deletion by email once complete. Some data must be retained for the period required by Irish law even after account deletion — including transaction records, tax records, and the booking dispute and escalation records described in §3 and §7, which SortedHQ retains for the six-year limitation period for the establishment, exercise, or defence of legal claims (Art. 17(3)(e) GDPR). Where you had contacted us through the contact form, deleting your account removes the content of those messages and the name and email you submitted with them, but a non-identifying record that a ticket existed, along with its triage history, may be kept for audit (see §7).

10. Complaints

If you are not satisfied with how we have handled your personal data, you have the right to complain to the Data Protection Commission of Ireland at https://www.dataprotection.ie or by post to 21 Fitzwilliam Square South, Dublin 2, D02 RD28.

11. Changes to this Policy

We may update this Privacy Policy from time to time. Where a change is material we will tell you by email or via the platform before the change takes effect.

12. Contact

If you have any questions about this Policy or about how we use your personal data, please email support@sortedhq.ie.