Privacy Policy

Last updated: November 1, 2025

1. Introduction

1.1. This Privacy Policy explains how SMYADGT LTD ("Company", "we", "our", or "us") collects, uses, stores, shares, and protects personal data of individuals who use our platform, mobile applications, websites, or related services (collectively, the "Platform"). It also describes the rights of Users under applicable data protection laws, including the General Data Protection Regulation (GDPR).

1.2. The data controller responsible for processing personal data is SMYADGT LTD, registration number 16784848, VAT EE102647345, with its registered office at Harju maakond, Tallinn, Kesklinna linnaosa, Vesivärava tn 50-201, 10152, Estonia.

1.3. This Privacy Policy applies to Clients who use the Platform to request services, Service Providers who offer services, visitors who access or browse our website, and any other individual whose personal data we may process in connection with the operation of the Platform.

1.4. Our data processing is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation — GDPR), the Estonian Personal Data Protection Act, and other applicable EU and international data protection rules, including the ePrivacy Directive (2002/58/EC) as implemented in Estonian law with respect to cookies and electronic communications.

1.5. This Privacy Policy must be read together with our Terms of Use, which govern the use of the Platform. In the event of conflict between this Privacy Policy and the Terms of Use regarding the handling of personal data, this Privacy Policy shall prevail.

2. Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings set out below. These definitions are consistent with our Terms of Use to ensure clarity and uniform interpretation.

2.1. "Personal Data" – means any information relating to an identified or identifiable natural person, such as name, contact details, identification numbers, online identifiers, or any other data that can reasonably be linked to an individual.

2.2. "Processing" – means any operation performed on Personal Data, whether or not by automated means, such as collection, storage, recording, organisation, adaptation, alteration, retrieval, consultation, use, disclosure, transmission, dissemination, restriction, erasure, or destruction.

2.3. "Controller" – means the natural or legal person which, alone or jointly with others, determines the purposes and means of Processing Personal Data. For the purposes of this Privacy Policy, the Controller is SMYADGT LTD.

2.4. "Processor" – means a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Controller.

2.5. "User" – means any individual using the Platform, including Clients, Service Providers, and website visitors.

2.6. "Client" – means a User who requests or receives services via the Platform.

2.7. "Service Provider" – means a User who offers services to Clients via the Platform, whether as a natural person or on behalf of a corporate entity.

2.8. "Wallet" – means the User's internal balance within the Platform used for payments, top-ups, and commissions.

2.9. "Escrow" – means the mechanism by which funds deposited by a Client are temporarily held and safeguarded by Stripe until service completion, after which they are released to the Service Provider minus applicable fees.

2.10. "Commission" – means the fees charged by the Company for the use of the Platform, including top-up fees, service commissions, and penalties as set out in the Terms of Use.

2.11. "Stripe" – means Stripe Payments Europe, Limited, Company number 513174, the exclusive payment processor of the Platform.

2.12. "Supervisory Authority" – means an independent public authority established by a Member State under Article 51 of the GDPR. In Estonia, this is the Estonian Data Protection Inspectorate.

2.13. "EEA" – means the European Economic Area, which includes all Member States of the European Union, as well as Iceland, Liechtenstein, and Norway.

2.14. "Third Country" – means any country outside the EEA that is not subject to an adequacy decision of the European Commission under Article 45 GDPR.

3. Principles of Data Processing

3.1. The Company processes Personal Data in accordance with the fundamental principles established by the GDPR and applicable Estonian law. All Processing activities carried out through the Platform are guided by these principles to ensure that the rights of Users are fully respected.

3.2. We process Personal Data lawfully, fairly, and transparently, making sure that Users are informed about how their data is collected, used, and shared. The purposes of Processing are specified in advance, and Personal Data is collected only for explicit, legitimate purposes and not further processed in a manner incompatible with those purposes.

3.3. We follow the principle of data minimisation, meaning that we only collect the Personal Data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. We take reasonable steps to ensure the accuracy of Personal Data and allow Users to request corrections or updates where necessary.

3.4. Personal Data is kept in a form which permits identification of Users for no longer than is necessary for the purposes for which the data was collected, unless a longer retention period is required by law or justified by legitimate interests such as legal claims or compliance obligations. Once retention periods expire, data is securely deleted or anonymised.

3.5. We implement appropriate technical and organisational measures to ensure the security, integrity, and confidentiality of Personal Data, protecting it against unauthorised or unlawful Processing and against accidental loss, destruction, or damage.

3.6. Finally, the Company acknowledges its accountability under the GDPR and takes responsibility for demonstrating compliance with these principles at all times.

4. Categories of Data Collected

4.1. The Company collects and processes different categories of Personal Data in order to provide, secure, and improve the Platform. The data collected depends on the role of the User (Client, Service Provider, or visitor), as well as on the features and services used.

4.1. Identification Data

When registering an Account, Users provide basic identification data such as:

• name and surname;
• email address or telephone number;
• password;
• city of residence.

Clients may also choose to upload a profile photo (optional). Service Providers are required to provide additional onboarding information, including their city, service categories, and in some cases price lists.

4.2. Verification Data (KYC/KYB)

To comply with applicable anti-money laundering (AML) and know-your-customer (KYC) or know-your-business (KYB) regulations, the Platform may request additional verification data.

• For individual Service Providers: identity documents, date of birth, nationality, and address details.
• For corporate Service Providers: company registration information, beneficial ownership details, and related documentation.

4.3. Transactional and Financial Data

When Users interact with the Platform, transactional data is collected, including:

• Wallet top-ups;
• commissions charged;
• payments released through escrow;
• invoices, refunds, and related financial details.

While the Company does not store or process card details directly, payment data is transmitted to and processed by Stripe as the exclusive payment provider.

4.4. Technical Data

Technical data is collected automatically when using the Platform. This may include:

• IP addresses;
• device identifiers;
• browser type and operating system;
• log data;
• cookie-related information.

Such data is used for service functionality, security, analytics, and fraud prevention.

4.5. Communication Data

The Company processes data generated through the Platform's communication channels, including:

• messages exchanged between Clients and Service Providers;
• dispute records;
• reviews and feedback;
• customer support interactions.

4.6. Preferences and Marketing Data

The Company may process preference and marketing data, including:

• communication preferences;
• marketing consents;
• responses to optional surveys or promotional campaigns.

4.7. Special Categories of Data

The Company does not intentionally collect special categories of Personal Data (sensitive data) unless explicitly required by law for compliance purposes, such as identity verification under AML/KYC regulations.

5. Sources of Data

5.1. Personal Data processed by the Company is obtained from several sources, depending on how Users interact with the Platform and which services they use. The primary source of data is the User directly, when registering an Account, completing onboarding, using services, or communicating with Clients, Service Providers, or the Company. Information such as name, contact details, city, service category, and documents provided for verification are submitted voluntarily by Users as part of the normal use of the Platform.

5.2. In addition, certain data is collected automatically when Users access or interact with the Platform. This includes technical and usage information such as IP address, device type, operating system, browser type, login dates and times, and cookies. Such data is generated as part of the normal operation of online services and is used to maintain security, functionality, and performance of the Platform.

5.3. The Company may also receive Personal Data from trusted third parties in the context of providing services. This includes payment data received from Stripe Payments Europe, Limited, the exclusive payment processor of the Platform, as well as verification results from external KYC or KYB providers, fraud prevention tools, or compliance partners. In limited cases, information may also be obtained from publicly available sources, such as company registers, sanction lists, or court databases, where required by law or to protect legitimate interests.

5.4. Together, these sources of data allow the Company to operate the Platform securely, ensure compliance with legal obligations, prevent fraud, and improve the overall user experience.

6. Purposes and Legal Bases

6.1. The Company processes Personal Data only where there is a clear and lawful basis under the GDPR and other applicable laws. Each category of data is collected and used exclusively for specific, legitimate purposes, and the Company does not process data in ways incompatible with those purposes.

6.2. The primary purpose of processing is the performance of contracts between Users and the Company, and between Clients and Service Providers through the Platform. This includes account registration, onboarding, enabling Clients to request services, enabling Service Providers to respond to requests, facilitating payments and escrow, and managing commissions, invoices, and Wallet balances. Such processing is necessary to deliver the core functionality of the Platform.

6.3. The Company also processes Personal Data to comply with legal obligations. These include obligations under tax, accounting, and anti-money laundering (AML) or know-your-customer (KYC/KYB) laws, as well as requirements to cooperate with competent authorities, courts, or regulators. In these cases, processing is necessary to fulfil duties imposed by law.

6.4. Processing may also be carried out on the basis of the Company's legitimate interests. These interests include ensuring the security and integrity of the Platform, preventing fraud and abuse, resolving disputes, improving user experience, and developing new features or services. In all cases, such interests are balanced against the rights and freedoms of Users, and appropriate safeguards are applied.

6.5. Where required, processing may rely on the consent of the User. This applies in particular to the use of cookies and similar technologies for analytics or marketing, as well as to optional marketing communications, newsletters, or surveys. Users are free to withdraw their consent at any time without affecting the lawfulness of processing prior to withdrawal.

6.6. By applying these legal bases, the Company ensures that all processing activities are lawful, necessary, and proportionate to the purposes for which data is collected.

7. Payments and Financial Data

7.1. All online payments carried out through the Platform are processed exclusively by Stripe Payments Europe, Limited, a licensed payment institution in the European Union. The Company itself does not provide payment services, does not act as a payment institution, and does not store or manage Users' payment card details. Instead, Stripe acts as an independent controller with respect to payment processing and applies its own contractual and regulatory framework.

7.2. When Clients top up their Wallets or make payments via the Platform, certain Personal Data must be transmitted to Stripe. This includes the User's name, contact information, transaction details, and, where relevant, payment card data. Stripe may also request additional information for compliance with anti-money laundering (AML) and strong customer authentication (SCA) requirements under the Payment Services Directive (PSD2).

7.3. The Company only receives limited financial information necessary for accounting and commission purposes, such as the amount of the transaction, the applicable fees, and confirmation of payment or settlement. Detailed payment credentials, such as full card numbers or bank login details, are never accessible to the Company.

7.4. By using the Platform, Users acknowledge and accept that their payment data will be processed by Stripe under its own Services Agreement and Privacy Policy, which are available at https://stripe.com/legal and https://stripe.com/privacy. Any issues relating to failed, delayed, or reversed payments, chargebacks, or settlement errors fall under Stripe's responsibility.

7.5. The Company may also receive and process financial data for legal and compliance purposes, including accounting records, tax filings, audit obligations, and cooperation with competent authorities. All such processing is strictly limited to what is necessary to comply with applicable laws and to ensure the lawful operation of the Platform.

8. Data Storage and Retention

8.1. Personal Data collected through the Platform is stored primarily on secure servers located within the European Economic Area (EEA). The Company may use reputable cloud service providers to host and manage data, and in such cases contractual safeguards are applied to ensure compliance with the GDPR and Estonian data protection law.

8.2. The Company retains Personal Data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law or justified by legitimate interests such as dispute resolution or the establishment, exercise, or defence of legal claims. For example, account information and basic transaction records may be retained for the duration of the contractual relationship with the User and for up to seven years thereafter to comply with tax and accounting regulations.

8.3. Data collected for KYC or KYB verification purposes may be retained for the period required under anti-money laundering legislation, which can extend beyond the termination of the User's Account. Communication records, including chats, dispute files, and reviews, may be stored for as long as necessary to protect Users' rights and ensure the integrity of the Platform.

8.4. Once the applicable retention period expires, Personal Data is securely deleted, anonymised, or aggregated so that it no longer identifies an individual. Deletion is carried out using industry-standard methods to prevent recovery or misuse of the data.

8.5. By applying strict retention schedules and secure deletion practices, the Company ensures that Personal Data is not kept longer than necessary and that Users' rights to privacy are respected throughout the lifecycle of the data.

9. Data Security Measures

9.1. The Company implements appropriate technical and organisational measures to ensure the security, confidentiality, integrity, and availability of Personal Data processed through the Platform. These measures are designed in accordance with industry standards and the requirements of the GDPR.

9.2. Technical measures include the use of encryption for data transmission, secure protocols (such as HTTPS and TLS), firewalls, intrusion detection systems, access controls, and regular system updates to address known vulnerabilities. Data stored on servers is protected through physical security safeguards, redundant storage, and backup systems to prevent loss or unauthorised access.

9.3. Organisational measures include strict internal policies governing access to Personal Data, staff training on data protection and confidentiality, and contractual commitments with employees and subcontractors to maintain security standards. Access to Personal Data is granted only to authorised personnel on a need-to-know basis, and such access is regularly reviewed.

9.4. The Company also maintains an incident response plan for handling potential data breaches or security incidents. In the event of a breach that poses a risk to Users' rights and freedoms, the Company will notify the competent supervisory authority without undue delay and, where required, inform affected Users in accordance with GDPR obligations.

9.5. While the Company takes robust steps to protect Personal Data, Users are responsible for maintaining the confidentiality of their account credentials and ensuring that their devices and connections are secure when accessing the Platform.

10. Cookies and Tracking

The Platform uses cookies and similar tracking technologies to ensure its proper functioning, improve user experience, analyse usage patterns, and provide personalised content or marketing where permitted by law. Cookies are small text files stored on a User's device when visiting the Platform. They may be session-based (deleted once the browser is closed) or persistent (stored for a defined period).

10.1. Essential Cookies

These cookies are necessary for the core functionality of the Platform, including:

• enabling secure login;
• remembering session information;
• facilitating transactions.

Without these cookies, the Platform cannot operate properly.

10.2. Functional Cookies

These cookies remember User preferences, such as:

• selected language;
• location;
• display settings.

They improve convenience but are not strictly necessary for the operation of the Platform.

10.3. Analytics Cookies

These cookies collect aggregated information about how Users interact with the Platform, for example:

• most frequently visited pages;
• navigation paths;
• performance and error statistics.

This data helps the Company improve functionality and design new features. Where required by law, analytics cookies are only placed with the User's consent.

10.4. Marketing Cookies

These cookies and similar technologies may be used to:

• deliver personalised advertisements;
• measure the effectiveness of campaigns;
• prevent repetitive ads.

They are placed only where the User has provided explicit consent.

10.5. Cookie Management

Users can manage or withdraw consent to non-essential cookies at any time through the cookie banner or browser settings. Most browsers allow Users to block or delete cookies, though this may affect the availability or functionality of the Platform.

Information collected through cookies may be shared with trusted service providers assisting the Company in analytics or marketing, subject to contractual safeguards. All cookie data is processed in accordance with this Privacy Policy and applicable laws, including the ePrivacy Directive as implemented in Estonia.

11. Analytics, Profiling, and Automated Decisions

11.1. The Company uses analytics tools and techniques to understand how the Platform is used, identify trends, improve performance, and enhance the overall user experience. Such analytics may include aggregated statistics on website traffic, user engagement, service categories in demand, and transaction volumes. To achieve this, the Company may rely on internal analytics systems or reputable third-party service providers that process limited technical and behavioural data on its behalf.

11.2. Profiling may be carried out to detect fraud, ensure Platform security, and tailor the presentation of services to Users' preferences. For example, location data may be used to suggest relevant Service Providers to Clients, or transaction history may be analysed to identify unusual behaviour that could indicate misuse. Such profiling is limited to what is necessary for the legitimate operation of the Platform and does not involve decisions that produce significant legal effects without human oversight.

11.3. The Company does not engage in fully automated decision-making within the meaning of Article 22 of the GDPR. Any decisions with legal or similarly significant effects on Users, such as account suspension or restriction of access, are made with meaningful human involvement and subject to review.

11.4. Users may object at any time to the use of their data for profiling related to direct marketing. Where consent is required for analytics or marketing, Users may withdraw such consent at any time without affecting the lawfulness of processing carried out before withdrawal.

12. Sharing of Personal Data

12.1. The Company shares Personal Data only where it is necessary for the operation of the Platform, compliance with legal obligations, or with the explicit consent of the User. Sharing is carried out in accordance with the principles of transparency, proportionality, and data minimisation, and only with trusted recipients that provide sufficient guarantees of data protection.

12.2. Within the Platform, certain Personal Data is shared between Users. Clients and Service Providers may see limited profile information necessary to initiate and complete an Order, such as names, cities, service categories, and messages exchanged through the Platform. Service Providers may also be required to provide verification information to Clients in order to establish trust and confirm professional qualifications.

12.3. For payment processing, the Company shares Personal Data with Stripe Payments Europe, Limited, which acts as an independent controller of financial data. Information transmitted to Stripe may include names, contact details, transaction information, and identifiers required for fraud prevention and compliance with payment regulations.

12.4. The Company also engages third-party service providers to support the operation of the Platform. These may include hosting and cloud providers, communication and email platforms, analytics and marketing services, KYC/KYB verification partners, and IT support contractors. Such providers act as processors under written agreements that require them to handle data securely and in accordance with GDPR.

12.5. In certain cases, Personal Data may be disclosed to public authorities, regulators, tax offices, courts, or law enforcement agencies where required by law or in response to valid legal requests. The Company may also disclose data to legal, accounting, or auditing professionals for the purposes of compliance and risk management.

12.6. Where Personal Data is disclosed to public authorities, regulators, courts, or other entities as required by law, the Company may be legally restricted from notifying Users of such disclosures (for example, in the context of official investigations). Where such restrictions do not apply, and where appropriate, the Company will inform affected Users about the disclosure in accordance with applicable data protection laws.

12.7. The Company does not sell or rent Personal Data to third parties. Any data sharing outside the scenarios described in this Privacy Policy will be subject to prior notification or the User's consent.

13. International Data Transfers

13.1. Personal Data processed by the Company is generally stored and handled within the European Economic Area (EEA). Wherever possible, the Company ensures that data remains within the EEA to benefit from the high level of protection guaranteed by the GDPR.

13.2. In limited circumstances, Personal Data may be transferred to third countries outside the EEA. Such transfers may occur, for example, when the Company uses cloud or IT service providers with infrastructure located outside the EEA, when engaging global communication or marketing tools, or when Stripe or other partners rely on international processing networks.

13.3. When transfers take place to a country that does not benefit from an adequacy decision of the European Commission under Article 45 GDPR, the Company applies appropriate safeguards in accordance with Articles 46 and 47 GDPR. These safeguards include the use of Standard Contractual Clauses (SCCs), binding corporate rules of the recipient, or other recognised mechanisms.

13.4. Where applicable, additional technical and organisational measures are implemented to ensure that the level of protection of Personal Data is not undermined by international transfers. This may include encryption, pseudonymisation, strict access controls, and minimisation of data provided to external partners.

13.5. Users may request further information about international transfers, including copies of the safeguards applied, by contacting the Company at the details provided in Section 18 of this Privacy Policy.

14. User Rights under GDPR

Users whose Personal Data is processed by the Company enjoy all rights granted by the GDPR. These rights are designed to provide transparency and control over how personal information is collected and used. The Company respects and facilitates the exercise of these rights without undue delay and within the timelines established by law.

14.1. Right of Access

Users have the right to access their Personal Data, including information about:

• purposes of processing;
• categories of data;
• recipients of data;
• retention periods;
• sources of data (where not collected directly from the User).

They may also obtain a copy of the Personal Data being processed.

14.2. Right to Rectification

Users have the right to request the correction of inaccurate or incomplete Personal Data.

14.3. Right to Erasure ("Right to be Forgotten")

Users may request the deletion of their Personal Data where:

• the data is no longer necessary for the purposes collected;
• consent has been withdrawn;
• processing is unlawful.

14.4. Right to Restriction of Processing

Users may request the restriction of processing in certain circumstances, for example:

• while the accuracy of data is contested;
• where processing is unlawful, but restriction is preferred to deletion.

14.5. Right to Data Portability

Users have the right to receive their Personal Data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller, where technically feasible. This applies when processing is based on consent or contract and carried out by automated means.

14.6. Right to Object

Users may object to processing carried out on the basis of legitimate interests, including profiling. Where Personal Data is processed for direct marketing, Users may object at any time, and such processing will cease immediately.

14.7. Right to Withdraw Consent

Where processing is based on consent, Users have the right to withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

14.8. Right to Lodge a Complaint

Users have the right to lodge a complaint with a supervisory authority if they believe their rights have been infringed. In Estonia, the competent authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon). Users located in other EU Member States may also contact their local data protection authority.

15. Minors' Data

15.1. The Platform is intended exclusively for use by individuals who are at least eighteen (18) years of age or have reached the age of majority in their country of residence, whichever is higher. The Company does not knowingly collect or process Personal Data of minors who do not meet this age requirement.

15.2. If the Company becomes aware that Personal Data has been collected from a minor without the necessary parental or guardian consent, it will take immediate steps to delete such information from its systems. Where deletion is not technically feasible, the Company will ensure that the data is anonymised and no longer linked to the individual.

15.3. Parents or legal guardians who believe that their child has provided Personal Data to the Platform without appropriate consent are encouraged to contact the Company at the address provided in Section 18. The Company will promptly address such requests in accordance with applicable law.

15.4. By using the Platform, Users confirm that they meet the minimum age requirement. The Company reserves the right to request proof of age where there are reasonable grounds to suspect that a User may be underage.

16. Third-Party Links and Services

16.1. The Platform may contain links to external websites, applications, or services operated by third parties. These links are provided for convenience or as part of the normal functioning of the Platform, for example to enable communication, verification, or payment processing. When Users follow such links, they leave the environment controlled by the Company.

16.2. The Company does not control and is not responsible for the privacy practices, content, or security of third-party websites or services. Users are encouraged to review the privacy policies of such third parties before providing any Personal Data.

16.3. In addition to Stripe as the exclusive payment processor, the Company may engage other third-party service providers to support the operation of the Platform. These may include hosting providers, analytics and marketing services, communication tools, fraud prevention systems, and KYC/KYB verification partners. While the Company ensures that such providers are bound by contractual obligations to process Personal Data securely and in compliance with GDPR, Users acknowledge that these providers apply their own privacy practices which may differ from those of the Company.

16.4. The inclusion of third-party links or integrations on the Platform does not imply endorsement or responsibility for those services. Users interact with third-party providers at their own discretion and in accordance with the applicable terms and policies of those providers.

17. Changes to this Policy

17.1. The Company may update or amend this Privacy Policy from time to time in order to reflect changes in legal requirements, industry practices, or the operation of the Platform. Updates may also be made to clarify provisions, introduce new safeguards, or address feedback from Users or regulators.

17.2. When significant changes are introduced, the Company will provide Users with clear and timely notice. This may include an email notification, a message within the Platform, or a banner displayed on the website. The revised Privacy Policy will indicate the date of its latest update at the top of the document.

17.3. Continued use of the Platform after the effective date of an updated Privacy Policy constitutes acceptance of the revised terms. Users who do not agree with the updated terms have the right to discontinue use of the Platform and to request closure of their Account.

17.4. The Company encourages Users to review this Privacy Policy periodically to stay informed about how their Personal Data is collected, used, and protected.

18. Contact Information

18.1. The data controller responsible for the processing of Personal Data under this Privacy Policy is:

SMYADGT LTD

Registration number: 16784848
VAT: EE102647345
Registered office: Harju maakond, Tallinn, Kesklinna linnaosa, Vesivärava tn 50-201, 10152, Estonia

18.2. For all questions, requests, or complaints concerning the processing of Personal Data or the exercise of rights described in this Privacy Policy, Users may contact the Company at:

Email: support@takeeasy.com

18.3. Users also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or with the supervisory authority of their habitual residence within the European Union.