Privacy Policy

Welcome to Skillza ("we", "our", or "us"). We operate the website skillza.fr (the "Service"), a freelance marketplace connecting buyers and sellers of digital services.

This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have. By using Skillza, you agree to the practices described in this policy.

We collect the following categories of personal data:

• Account information: name, email address, profile picture, username, and password (hashed). When you sign in with Google, we receive your name, email, and profile picture from Google.
• Profile data: biography, skills, portfolio items, seller level, and any other information you voluntarily add to your profile.
• Transaction data: order details, payment amounts, messages exchanged between buyers and sellers, and review/rating content.
• Usage data: pages visited, search queries, click events, browser type, device type, IP address, and session duration — collected via cookies and Google Analytics 4.
• Communications: support tickets and emails sent to us.

We use your personal data to:

• Create and manage your account.
• Process orders, payments, and disputes.
• Display your public profile and gigs to potential buyers.
• Send transactional emails (order confirmations, notifications, password resets).
• Improve and personalize the Service using aggregated analytics data.
• Detect and prevent fraud, abuse, and violations of our Terms of Service.
• Comply with legal obligations.

We do not sell your personal data to third parties, and we do not use it for automated decision-making that produces legal effects.

For users in the European Economic Area (EEA), we process your data under the following legal bases:

• Contract performance: to provide the Service you signed up for.
• Legitimate interests: to improve the platform, prevent fraud, and send relevant notifications.
• Consent: for analytics cookies — you may withdraw consent at any time.
• Legal obligation: to comply with applicable laws.

We may share your data with the following categories of recipients:

• Other users: your public profile, gigs, reviews, and portfolio are visible to all visitors of the platform.
• Service providers: hosting infrastructure (VPS provider), email delivery services, and payment processors — bound by data processing agreements.
• Google LLC: we use Google OAuth 2.0 for optional sign-in and Google Analytics 4 for anonymized usage analytics. Google may process data as described in the Google Privacy Policy.
• Law enforcement / authorities: when required by applicable law or to protect our legal rights.

We do not transfer your data outside the EEA except with appropriate safeguards in place.

We use the following types of cookies:

• Strictly necessary: authentication tokens and session cookies required for the Service to function.
• Analytics: Google Analytics 4 cookies to measure usage patterns (anonymized IP).

You can disable analytics cookies via your browser settings. Disabling strictly necessary cookies may prevent you from logging in.

We retain your personal data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are required to retain it longer by law (e.g., transaction records for tax purposes — up to 7 years).

We implement industry-standard technical and organizational measures to protect your data:

• All data in transit is encrypted via TLS 1.2 / TLS 1.3 (HTTPS).
• Passwords are stored as bcrypt hashes — never in plain text.
• Authentication tokens are short-lived (15 minutes) with secure HTTP-only refresh tokens.
• Database access is restricted to internal network only (no public exposure).
• Regular dependency audits and security patches are applied.

Despite our efforts, no system is 100% secure. In the event of a data breach affecting your rights, we will notify you and the relevant authorities as required by law.

Under applicable law (including GDPR), you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase your data ("right to be forgotten").
• Restrict processing in certain circumstances.
• Data portability — receive your data in a machine-readable format.
• Object to processing based on legitimate interests or for direct marketing.
• Withdraw consent at any time (for cookie analytics).

To exercise any of these rights, contact us at privacy@skillza.fr. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority (e.g., CNIL in France).

Skillza is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with their data, please contact us and we will delete it promptly.

We may update this policy from time to time. Material changes will be notified via email or a prominent notice on the platform at least 14 days before taking effect. The "Last updated" date at the top reflects the most recent revision.

For any privacy-related questions or requests:

• Email: privacy@skillza.fr
• Website: https://skillza.fr