Privacy Policy

Effective Date: 25 January 2025

1. Introduction

This Privacy Policy explains how EmergencyHelper ("we", "us", "our"), a division of Tyga.Cloud Ltd (Company No: 14643275), collects, uses, stores, and protects your personal data when you use the EmergencyHelper platform at emergencyhelper.co.uk (the "Service").

We are committed to protecting your privacy and processing your personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

Our registered address is Ground Floor, Unit 2 Mallard Court, Mallard Way, Crewe Business Park, Crewe, Cheshire, England, CW1 6ZQ.

2. Data Controller

The data controller responsible for your personal data is:

  • Tyga.Cloud Ltd (trading as EmergencyHelper)
  • Ground Floor, Unit 2 Mallard Court, Mallard Way, Crewe Business Park, Crewe, Cheshire, England, CW1 6ZQ
  • Company No: 14643275
  • Data Protection Officer: dpo@tyga.cloud
  • General Privacy Enquiries: privacy@emergencyhelper.co.uk

3. What Data We Collect

We collect the following categories of personal data depending on how you interact with the Service:

3.1 Account Data

When you register for an account, we collect:

  • Full name — to identify you on the Platform.
  • Email address — for account authentication, communications, and notifications.
  • Password — stored as a one-way cryptographic hash (bcrypt). We never store your password in plain text.
  • Phone number — for account verification and emergency contact purposes.
  • Postcode — for location-based matching (Customers and Helpers).
  • Account role — whether you are a Customer or a Helper/Engineer.
3.2 Location Data

We process location-related data to provide our core matching service:

  • Postcode geocoding: Your postcode is converted to approximate latitude/longitude coordinates to enable distance-based matching between Customers and Helpers.
  • Helper coverage radius: Helpers set a maximum distance (in miles) from their base postcode within which they are willing to accept jobs.
  • Map display data: Approximate location markers are displayed on maps (Leaflet/OpenStreetMap or Google Maps) to show available Helpers near a Customer's postcode. We do not share exact addresses until a Booking is confirmed.
3.3 Booking and Job Data

When a Booking is created, we collect and process:

  • Service type — the category of emergency (plumbing, electrical, gas/heating, drainage).
  • Problem description — free-text description of the emergency provided by the Customer.
  • Booking status — the current state of the booking (e.g., pending, accepted, in-progress, completed, cancelled).
  • Job timing data — clock start time, clock end time, and total duration as recorded by the Helper's Job Timer.
  • Premises address — the address where the emergency work is to be carried out.
3.4 Payment Data

Payments are processed through Stripe and Stripe Connect:

  • Stripe Customer ID — a unique identifier assigned by Stripe to your payment profile.
  • Stripe Connect Account ID — for Helpers, the unique identifier for their connected Stripe payout account.
  • Transaction records — amounts paid, platform fees deducted, and payout amounts.
  • Last four digits of card number — for display purposes only, provided by Stripe.

We never store full card numbers, CVV codes, or complete card details on our servers. All payment card data is handled exclusively by Stripe in accordance with PCI-DSS standards.

3.5 Chat Messages

The Platform provides a live chat feature between Customers and Helpers. We collect and store:

  • The content of messages exchanged between Customer and Helper during a Booking.
  • Timestamps of messages sent and received.
  • The identities of message participants.

Chat messages are retained for the purpose of dispute resolution, quality assurance, and compliance with legal obligations. Messages may be reviewed by our team if a dispute is raised.

3.6 Session and Technical Data
  • Session data: We use Express sessions stored in Redis to maintain your logged-in state. Session data includes your session ID, authentication status, and CSRF tokens.
  • IP address: Logged by our web server for security, fraud prevention, and rate limiting.
  • Browser and device information: User-Agent strings may be logged for compatibility and analytics purposes.
3.7 Cookie Data

We use a small number of cookies essential to the operation of the Service. Full details are available in our Cookie Policy. The cookies we use include:

  • connect.sid — Express session cookie (stored in Redis).
  • app_theme — your light/dark mode preference.

4. How We Use Your Data

We process your personal data for the following purposes:

Purpose Legal Basis (UK GDPR)
Providing the Service (matching, booking, chat, payments) Performance of a contract (Art. 6(1)(b))
Account creation and authentication Performance of a contract (Art. 6(1)(b))
Processing payments via Stripe Performance of a contract (Art. 6(1)(b))
Location-based matching (postcode geocoding) Performance of a contract (Art. 6(1)(b))
Sending service-related notifications and emails Legitimate interests (Art. 6(1)(f))
Fraud prevention and security Legitimate interests (Art. 6(1)(f))
Dispute resolution and quality assurance Legitimate interests (Art. 6(1)(f))
Compliance with legal obligations (e.g., tax records) Legal obligation (Art. 6(1)(c))

5. Data Sharing

We do not sell your personal data. We share your data only in the following circumstances:

5.1 Between Customers and Helpers
  • When a Booking is created, limited information is shared between the Customer and the assigned Helper to facilitate the Job (e.g., name, postcode area, service type, problem description).
  • Full premises addresses are shared only once a Booking is confirmed and accepted.
  • Personal phone numbers are never shared through the Platform. All communication prior to the Helper's arrival takes place via the Platform's live chat.
5.2 Third-Party Service Providers

We share data with the following categories of third-party processors, solely for the purposes of providing the Service:

Provider Purpose Data Shared
Stripe / Stripe Connect Payment processing and Helper payouts Name, email, payment card details (handled by Stripe), transaction amounts
Redis (self-hosted) Session storage Session identifiers, authentication tokens
Map Providers (OpenStreetMap / Google Maps) Displaying maps and geocoding postcodes Postcode, approximate coordinates
Email provider Sending transactional emails Name, email address
5.3 Legal and Regulatory

We may disclose your personal data where required by law, regulation, legal process, or governmental request, or where necessary to protect our rights, safety, or property.

6. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes described in this Policy:

Data Category Retention Period
Account data Duration of account plus 2 years after deletion request
Booking and job data 6 years (for tax and legal compliance)
Payment transaction records 6 years (HMRC requirements)
Chat messages 2 years from the date of the Booking
Session data Expires automatically (typically 24 hours of inactivity)
Server logs (IP addresses) 90 days

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption in transit (HTTPS/TLS) for all data transmitted between your browser and our servers.
  • Password hashing using industry-standard bcrypt algorithms.
  • Session management via secure, HttpOnly cookies backed by Redis.
  • Access controls limiting data access to authorised personnel only.
  • Regular security reviews and updates to our infrastructure.
  • PCI-DSS compliant payment processing through Stripe (we never handle raw card data).

8. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — You may request a copy of the personal data we hold about you.
  • Right to rectification — You may request correction of inaccurate or incomplete data.
  • Right to erasure — You may request deletion of your personal data, subject to legal retention obligations.
  • Right to restrict processing — You may request that we limit how we process your data in certain circumstances.
  • Right to data portability — You may request a machine-readable copy of data you provided to us.
  • Right to object — You may object to processing based on legitimate interests.
  • Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at privacy@emergencyhelper.co.uk or write to our Data Protection Officer at dpo@tyga.cloud.

We will respond to your request within one calendar month. If your request is complex, we may extend this by a further two months, in which case we will inform you.

9. International Transfers

Your data is primarily stored and processed within the United Kingdom and European Economic Area. Where data is transferred outside the UK/EEA (for example, to Stripe's infrastructure in the United States), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions.

10. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete that data promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective Date" at the top of this page and, where appropriate, notify you by email or through the Platform. We encourage you to review this Policy periodically.

12. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK's supervisory authority:

  • Information Commissioner's Office (ICO)
  • Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • Website: ico.org.uk
  • Helpline: 0303 123 1113

We would appreciate the opportunity to address your concerns before you contact the ICO. Please reach out to us at privacy@emergencyhelper.co.uk first.

13. Contact Information

For any questions or concerns regarding this Privacy Policy or our data practices, please contact us:

  • EmergencyHelper Division
  • Tyga.Cloud Ltd
  • Ground Floor, Unit 2 Mallard Court, Mallard Way, Crewe Business Park, Crewe, Cheshire, England, CW1 6ZQ
  • Company No: 14643275
  • Privacy Enquiries: privacy@emergencyhelper.co.uk
  • Data Protection Officer: dpo@tyga.cloud

EmergencyHelper is a division of Tyga.Cloud Ltd (Company No: 14643275).

Registered Address: Ground Floor, Unit 2 Mallard Court, Mallard Way, Crewe Business Park, Crewe, Cheshire, England, CW1 6ZQ.