NastaNasta

Privacy Policy

Last Updated: May 7, 2026

1. Introduction

Nasta ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App" or "Platform").

2. Information We Collect

2.1 Information You Provide

Account Information:

  • Name, email address, phone number
  • Profile information (bio, location, skills, experience)
  • Profile photos and avatars
  • Payment information (processed securely through Stripe)

Verification Information:

  • Government-issued ID documents (passport, national ID, residence permit)
  • Selfie photos for identity verification
  • Criminal record certificates for background checks
  • Driver license documents (front and back) for driving-related job categories
  • Vehicle photos (front, back, sides, license plate) and vehicle registration documents for transport-related job categories

Job and Application Information:

  • Job postings and descriptions
  • Applications and proposals
  • Work history and portfolio items
  • Reviews and ratings

Communication Data:

  • Messages sent through the Platform's chat system
  • Support tickets and correspondence
  • Survey responses and feedback

Location Data:

  • GPS coordinates (with your permission)
  • Location preferences for job matching
  • Work location history

2.2 Information Automatically Collected

Device Information:

  • Device type, model, and operating system
  • Unique device identifiers
  • IP address
  • Mobile network information

Usage Information:

  • App features you use
  • Pages and screens you view
  • Time spent on the Platform
  • Search queries
  • Interactions with other users

Technical Information:

  • App version and build number
  • Crash reports and error logs
  • Performance data
  • Push notification tokens

2.3 Information from Third Parties

Payment Processors:

  • Stripe provides payment processing data
  • Transaction history and payment methods

Verification Services:

  • Third-party identity verification services
  • Background check providers

3. How We Use Your Information

3.1 Service Provision

  • Create and manage your account
  • Process job postings and applications
  • Facilitate communication between users
  • Process payments and transactions
  • Provide customer support
  • Verify identity and conduct background checks

3.2 Platform Improvement

  • Analyze usage patterns to improve the Platform
  • Develop new features and services
  • Personalize your experience
  • Conduct surveys and research

3.3 Safety and Security

  • Detect and prevent fraud
  • Verify user identities
  • Enforce Platform rules and policies
  • Investigate abuse reports
  • Protect user safety

3.4 Communication

  • Send service-related notifications
  • Respond to support requests
  • Send important updates about the Platform
  • Marketing communications (with your consent)

4. Information Sharing and Disclosure

4.1 With Other Users

  • Profile information visible to other users
  • Job postings and applications
  • Reviews and ratings (after service completion)
  • Public profile information

4.2 With Service Providers

  • **Stripe**: Payment processing
  • **Cloud Storage**: Secure document storage
  • **Analytics Services**: Usage analytics (anonymized)
  • **Email Services**: Transactional and marketing emails
  • **Push Notification Services**: Mobile notifications

4.3 Legal Requirements

We may disclose information if required by:

  • Law or legal process
  • Government requests
  • Court orders
  • To protect rights, property, or safety
  • To prevent fraud or abuse

4.4 Business Transfers

  • In case of merger, acquisition, or sale
  • Information may be transferred to the new entity
  • Users will be notified of such changes

4.5 With Your Consent

  • We share information when you explicitly consent
  • You can withdraw consent at any time

5. Data Storage and Security

5.1 Data Storage

  • Data is stored on secure servers
  • We use industry-standard encryption
  • Sensitive documents are encrypted at rest
  • Data is stored in compliance with applicable laws

5.2 Security Measures

  • Encryption of data in transit (SSL/TLS)
  • Encryption of sensitive data at rest
  • Access controls and authentication
  • Regular security audits
  • Secure document storage for verification

5.3 Data Retention

  • Account data: Retained while your account is active
  • Verification documents: Retained as required by law or for dispute resolution
  • Transaction records: Retained for 7 years (tax/legal requirements)
  • Deleted accounts: Data is deleted within 30 days of account deletion request
  • Some data may be retained longer if required by law

6. Your Privacy Rights

6.1 Access and Correction

  • You can access your personal information through the App
  • You can update your profile information at any time
  • You can request a copy of your data

6.2 Deletion

  • You can request account deletion
  • We will delete your data within 30 days
  • Some data may be retained for legal compliance

6.3 Data Portability

  • You can request your data in a portable format
  • We will provide data in a machine-readable format

6.4 Opt-Out Rights

  • You can opt out of marketing communications
  • You can disable push notifications in device settings
  • You can limit location tracking

6.5 Verification Document Deletion

  • You can request deletion of verification documents
  • Deletion may affect your ability to use certain Platform features
  • Some documents must be retained for legal compliance

7. Children's Privacy

  • The Platform is not intended for users under 18 years of age
  • We do not knowingly collect information from children
  • If we discover we have collected information from a child, we will delete it immediately

8. International Data Transfers

  • Your data may be transferred to and processed in countries other than your country of residence
  • We ensure appropriate safeguards are in place
  • Data transfers comply with applicable data protection laws

9. Cookies and Tracking Technologies

9.1 Cookies

  • We use cookies and similar technologies
  • Essential cookies are necessary for the Platform to function
  • Analytics cookies help us improve the Platform
  • You can manage cookie preferences in device settings

9.2 Mobile App Tracking

  • We use mobile analytics to understand app usage
  • Location tracking (with your permission)
  • Push notification tokens for messaging

10. Third-Party Services

10.1 Payment Processing (Stripe)

  • Stripe processes all payments
  • Stripe's privacy policy applies to payment data
  • We do not store full payment card numbers

10.2 Identity Verification

  • Third-party services verify identity documents
  • Verification data is shared only as necessary
  • Verification services have their own privacy policies

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising privacy rights

12. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

12.1 Your GDPR Rights

Right to Access (Article 15 GDPR):

  • You have the right to obtain confirmation as to whether or not personal data concerning you is being processed
  • You can request a copy of your personal data in a structured, commonly used, and machine-readable format
  • We will provide this information within one month of your request

Right to Rectification (Article 16 GDPR):

  • You have the right to have inaccurate personal data corrected
  • You can update your profile information directly in the App
  • You can request correction of any data we hold about you

Right to Erasure - "Right to be Forgotten" (Article 17 GDPR):

  • You have the right to request deletion of your personal data
  • We will delete your data unless we have a legal obligation to retain it
  • Some data may be retained for legal compliance, dispute resolution, or legitimate business interests
  • Account deletion requests are processed within 30 days

Right to Restrict Processing (Article 18 GDPR):

  • You can request that we limit how we use your personal data
  • This right applies when you contest the accuracy of data, object to processing, or when processing is unlawful
  • We will continue to store your data but will not process it further except with your consent or for legal claims

Right to Data Portability (Article 20 GDPR):

  • You have the right to receive your personal data in a structured, commonly used, and machine-readable format
  • You can request transfer of your data to another service provider
  • We will provide your data in JSON or CSV format within one month

Right to Object (Article 21 GDPR):

  • You have the right to object to processing of your personal data for direct marketing purposes
  • You can object to processing based on legitimate interests
  • We will stop processing unless we can demonstrate compelling legitimate grounds

Right to Withdraw Consent (Article 7 GDPR):

  • You can withdraw consent for data processing at any time
  • Withdrawal does not affect the lawfulness of processing before withdrawal
  • You can manage consent preferences in the App settings

12.2 Legal Basis for Processing (Article 6 GDPR)

We process your personal data based on the following legal bases:

Consent (Article 6(1)(a)):

  • Marketing communications
  • Non-essential cookies and tracking
  • Location data (when explicitly requested)

Contract Performance (Article 6(1)(b)):

  • Account creation and management
  • Job matching and application processing
  • Payment processing and transaction management
  • Service delivery and communication

Legal Obligation (Article 6(1)(c)):

  • Identity verification (KYC) requirements
  • Tax and financial record keeping
  • Fraud prevention and security
  • Compliance with employment and labor laws

Legitimate Interests (Article 6(1)(f)):

  • Platform security and fraud prevention
  • Service improvement and analytics
  • Customer support and dispute resolution
  • Business operations and administration

Vital Interests (Article 6(1)(d)):

  • Protection of life and physical safety
  • Emergency situations

12.3 Data Protection Officer (DPO)

As required by GDPR Article 37, we have appointed a Data Protection Officer (DPO) for EU users:

  • **Email:** dpo@nasta.app
  • **Website:** https://nasta.app/privacy

You can contact our DPO for:

  • Questions about data processing
  • Exercising your GDPR rights
  • Reporting data protection concerns
  • Filing complaints about data handling

12.4 International Data Transfers (Chapter V GDPR)

Adequacy Decisions:

  • We transfer data to countries with adequacy decisions by the European Commission
  • These countries are recognized as providing adequate data protection

Standard Contractual Clauses (SCCs):

  • For transfers to countries without adequacy decisions, we use Standard Contractual Clauses approved by the European Commission
  • These clauses ensure your data receives equivalent protection

Safeguards:

  • All data transfers comply with GDPR requirements
  • We ensure appropriate technical and organizational measures are in place
  • Third-party processors are bound by data protection agreements

12.5 Data Breach Notification (Article 33 & 34 GDPR)

Our Obligations:

  • We will notify the relevant supervisory authority within 72 hours of becoming aware of a data breach
  • We will notify affected users without undue delay if the breach poses a high risk to their rights and freedoms
  • Notifications will include details of the breach, potential consequences, and measures taken

Your Rights:

  • You will be informed of any data breach that affects your personal data
  • You will receive clear information about what happened and what we're doing about it

12.6 Supervisory Authority

If you are in the EEA, you have the right to lodge a complaint with your local data protection supervisory authority:

  • **List of EU Supervisory Authorities:** https://edpb.europa.eu/about-edpb/board/members_en
  • **European Data Protection Board:** https://edpb.europa.eu

You can file a complaint if you believe we have not handled your personal data in accordance with GDPR.

13. Changes to This Privacy Policy

  • We may update this Privacy Policy from time to time
  • Material changes will be notified through the App or email
  • Continued use after changes constitutes acceptance
  • The "Last Updated" date indicates when changes were made

14. Contact Us

For privacy-related questions or requests:

  • **Email:** privacy@nasta.app
  • **Website:** https://nasta.app/privacy
  • **Support Portal:** Available in the App

15. Data Protection Officer

For EU users, you can contact our Data Protection Officer at:

  • **Email:** dpo@nasta.app
  • **Website:** https://nasta.app/privacy

---

By using Nasta, you acknowledge that you have read and understood this Privacy Policy.