Privacy Policy

# Perfection Dynamics — Privacy Policy

**Effective date:** 2026-05-25
**Version:** v1.0-2026-05-25

This Privacy Policy explains what data Perfection Dynamics ("the Platform", "we", "us") collects about you, what we do with it, and what choices you have. It applies to your use of the Platform at perfectiondynamics.com and our transactional emails.

By using the Platform, you agree to the data practices described here. If you do not agree, do not use the Platform.

---

## 1. What we collect

### Account information

- Email address
- Password (stored as a cryptographic hash; we never see the plaintext)
- Full legal name
- Phone number
- ZIP code and service address (Homeowners) or service-radius ZIP (Tradesmen)
- Whether you have a Homeowner capability, a Tradesman capability, or both (we run a single dual-capability account model)

### Tradesman-specific

- Business name (optional)
- Service radius (miles) and trades description (free-text list of work you accept)
- General-liability insurance policy number (if you carry one; we record it but do not verify it)
- Stripe Connect account identifier and capability flags (`charges_enabled`, `payouts_enabled`, `transfers`)

### Job-related

- Job postings: title, description, task list, materials specification, address, postal code, ZIP, bounty, scheduling preferences
- Photos and video you attach to jobs at posting time
- Work-completion documentation: photos and notes the Tradesman uploads at mark-complete
- Dispute submissions: written reasons + photos from each party, stored in **segregated evidence pools** so the opposing party never sees your dispute documentation. Only the Platform reviewer sees both pools.
- Structured-coordination state: arrival window, running-late pulse
- Notification records (which transactional message we sent you when, and what payload was assembled)

### Support tickets

- Subject, body, optional Stripe / opaque-error reference number
- Up to 3 screenshots per ticket
- The page URL you were on when you opened the support widget (auto-captured)
- Your IP address at submission time (for rate-limiting and abuse detection)

### Behavioral analytics

- Product analytics events captured via Posthog (page views you opt into, button clicks, funnel progression). We use **explicit-only capture** — no autocapture, no auto-pageview. The event taxonomy is published at `/admin/funnel`.

### Operational signals (used for security, fraud prevention, and ban-evasion detection)

- IP address from each request
- User-agent string and basic device characteristics
- Geographic centroid derived from your ZIP code
- Address and identity overlap with other accounts
- Stripe Connect identity-verification status

We use these signals to detect duplicate or evasive accounts. They are not used for advertising or shared with third parties for marketing.

## 2. Third-party services that hold your data

Each of the following services holds a slice of your data per its own privacy policy. We choose vendors that comply with industry-standard security practices.

| Service | What they hold | Their privacy notice |
| --- | --- | --- |
| **Supabase** | Database, authentication, file storage (Job + dispute + support attachments). U.S.-hosted. | supabase.com/privacy |
| **Stripe Connect** | Tradesman identity verification (legal name, DOB, SSN/EIN, ID-document images, bank routing/account). We **never see** bank or ID-document information. | stripe.com/privacy |
| **SendGrid (Twilio)** | Email addresses + assembled transactional message bodies. | twilio.com/en-us/legal/privacy |
| **PostHog** | Behavioral event names, timestamps, anonymized distinct IDs, page paths, explicit event properties. **We do not send PostHog** passwords, payment data, or party-to-party content. | posthog.com/privacy |
| **Vercel** | Hosting, edge routing, server logs (IP, user-agent, route). Logs retained per Vercel defaults. | vercel.com/legal/privacy-policy |
| **Cloudflare** (DNS) | DNS resolution. We do not run Cloudflare's WAF/proxy on the application by default. | cloudflare.com/privacypolicy/ |

## 3. What we use it for

- Operate the Platform: route jobs, hold and capture escrow, dispatch notifications, process payouts.
- Enforce the dispute process: surface both parties' submissions to the Platform reviewer (each party never sees the other's submission).
- Detect fraud and ban evasion: identify duplicate accounts, sanction-list users, and circumvention attempts.
- Improve the Platform: behavioral analytics inform what we build next.
- Triage support tickets: we may use AI tooling to classify, summarize, or pre-route incoming tickets. AI classification is not the basis of any binding decision; a human reviews any action that affects your account or balance.
- Anonymized featured-work display ("Hall of Fame"): completed-job titles, descriptions, photos, and rounded prices may appear on `/feed` and in marketing materials with no party identifiers.
- Comply with legal obligations: tax reporting on Stripe's side, lawful subpoenas, court orders.

We do **not** sell your data. We do **not** share your data with advertisers. We do **not** profile you for purposes outside the Platform's operation.

## 4. Who sees what

- **Other Homeowners** never see your data.
- **Other Tradesmen** see open job postings within their service radius (with the full street address — they need it to estimate the work and travel). They do not see your name or contact info until they claim. Tradesmen also see the anonymized neighborhood-activity feed (city only, no names, no addresses, rounded price).
- **The Tradesman who claims your job** sees: your full address, your first name, your phone number (for arrival coordination — released by the Platform to enable on-site service), the job posting (including the photos you attached at posting time), and your work-completion confirmation. They do **not** see your dispute submission or dispute photos if you open a dispute.
- **The Homeowner who posted a job** sees: the Tradesman's business name (or full name if no business name), their trades description, and their Stripe-verified status. The Homeowner does **not** see the Tradesman's work-completion photos at any point — they are expected to inspect the work physically. The Homeowner also does not see the Tradesman's dispute response or response photos if a dispute is opened.
- **The Platform principal** has administrative read access for support, dispute resolution, and analytics. Administrative reveals of personally identifying fields are logged for audit.
- **The public web** sees only the anonymized neighborhood-activity feed and Hall of Fame content (no names, no addresses, no exact prices).

## 5. Cookies and tracking

The Platform uses:

- **Authentication cookies** (Supabase Auth). These are essential; you cannot use the Platform without them.
- **PostHog analytics cookies** (anonymous distinct ID). You can opt out by clearing site data or by using a browser-level Do Not Track signal.
- **Support widget context capture**: when you open the support widget, the page URL you are on is captured and attached to your ticket so we can reproduce the issue. No additional cookies are set for this.

No third-party advertising cookies. No cross-site tracking pixels. No data brokers.

## 6. Your rights

You may at any time:

- **Access** the information we hold about you by emailing **support@perfectiondynamics.com** or using the in-Platform support widget.
- **Correct** inaccurate information by editing your profile or by request.
- **Delete** your account and associated data. Records required for legal, regulatory, dispute-resolution, or anti-fraud purposes (completed-job ledger entries, dispute records, tax-relevant payout records, ban-evasion signal history) may be retained for the period required. See Section 7 (Data retention) for the specific categories; note that ban-evasion signals are subject to indefinite retention under Section 7 as a load-bearing platform safety mechanism and are NOT removed by a delete request.
- **Export** your account data in a portable JSON format on request.

Stripe Connect–held data is governed by Stripe's privacy practices; account closure with Stripe must be initiated through Stripe directly.

## 7. Data retention

- **Account data**: retained while your account is active; deletable on request subject to legal-retention obligations.
- **Job postings, completion records, and dispute submissions**: retained for at least **24 months** after capture for dispute, chargeback, audit, and regulatory purposes.
- **Notifications log**: retained indefinitely as an audit trail of platform-to-user communication.
- **Support tickets and attachments**: retained for at least 24 months after resolution.
- **Ban-evasion signals** (IP, device characteristics, identity overlap): retained indefinitely for the user accounts they were derived from.
- **Behavioral analytics**: per PostHog's retention defaults.
- **Server logs (Vercel, Supabase)**: per the providers' retention defaults (Vercel: short-lived; Supabase Pro: 7 days).

## 8. Security

- All Platform traffic is HTTPS (TLS terminated by Vercel).
- Authentication cookies are HTTP-only and secure.
- Sensitive credentials (database service role keys, Stripe secret, SendGrid API key, PostHog personal API key) are server-side only and never exposed to the browser.
- Dispute evidence and support-ticket attachments are stored in private Supabase Storage buckets; access requires server-mediated signed URLs.
- We use industry-standard practices (row-level security policies in the database, MFA-elevated access for admin surfaces, principle-of-least-privilege on third-party scopes).

No system is perfectly secure. If you suspect your account has been compromised, contact support immediately.

## 9. Fraud and ban-evasion

We retain operational signals (Section 1) for the explicit purpose of detecting duplicate accounts, sanction-list users, and circumvention of bans. These signals include IP address, device characteristics, identity attestations, and address overlap. We do not publish our detection thresholds.

If we determine that an account is a ban-evasion attempt, we will terminate that account and any related accounts and retain the underlying signals indefinitely for future detection. This is a foundational part of how the Platform maintains a trustworthy marketplace; it is not negotiable.

## 10. AI-assisted operations

We may use AI tooling (currently the Anthropic Claude API) for internal operations:

- Triaging incoming support tickets (classification + summary)
- Surfacing patterns across notifications and logs
- Drafting templated communications for human review

AI tooling is **not** the basis of any binding decision affecting your account, balance, dispute outcome, or eligibility. A human reviews any action that affects you materially.

We do not send the following to AI tooling: passwords, payment card data, Stripe Connect identity-verification data, or any field whose value is not appropriate for a third-party LLM provider.

## 11. Children

The Platform is not directed to anyone under 18, and we do not knowingly collect data from minors. If you believe a minor has provided us data, contact support and we will remove it.

## 12. Geographic scope

The Platform is operated from South Carolina and serves the United States with the exception of states whose legal frameworks structurally prevent the marketplace-facilitator model from operating efficiently. As of the effective date, the excluded states are California, Massachusetts, New Jersey, New York, and Vermont (see Terms §2 for the operative list). Data is processed and stored in U.S.-based facilities operated by our infrastructure providers. The Platform is not designed for users in jurisdictions whose data-protection law requires explicit transfer mechanisms (e.g., GDPR's standard contractual clauses); users outside the United States should not register accounts.

## 13. Neighborhood Activity and Hall of Fame

The `/feed` surface has two distinct columns with two distinct privacy postures.

**Neighborhood Activity** — a text-only listing of recent completed work in your area. Job title, anonymized homeowner-written description, "what got done" task summary, category, city, rounded price, and time-since-completion. **No photos are shown.** Even though we round prices and strip names and addresses from the projection, photos themselves can incidentally reveal identifying details (house numbers in the background, license plates, neighbors visible, papers on a counter). Anonymization-by-projection cannot reach what's inside an image. So we never show photos on this surface.

**Hall of Fame** — a curated editorial column highlighting specific completed jobs. Includes the job title, anonymized description, the editor's note, the rounded price, **and the work-completion photos**. The photo display is the differentiator. This is **strictly opt-in**: we do not feature your work without first contacting you (the Homeowner and the Tradesman) by email or in-Platform message, describing the proposed display, and obtaining your permission. Declining is consequence-free; we may offer an account credit as recognition for participation.

If you previously consented and wish a specific Hall of Fame entry removed, email **support@perfectiondynamics.com** and we will remove it within a reasonable period.

## 14. Changes to this policy

We may revise this Policy. Material changes will be announced via email and Platform notification at least 14 days before they take effect. The effective date at the top of this document tracks revisions. Continued use of the Platform after revisions take effect constitutes acceptance.

## 15. Contact

Privacy questions or data-rights requests: **support@perfectiondynamics.com**

---

Perfection Dynamics · Upstate South Carolina