Privacy Policy

1. Introduction

Servicito ("Servicito", "we", "us", "our") operates a local services marketplace available at servicito.replit.app and associated domains (the "Platform"). This Privacy Policy explains how we collect, use, disclose, and protect your personal data in accordance with Singapore's Personal Data Protection Act 2012 ("PDPA") and its subsidiary regulations.

By creating an account or using the Platform you consent to the collection and use of your personal data as described in this policy. If you do not agree, please discontinue use of the Platform.

2. Personal Data We Collect

We collect the following categories of personal data:

• ·Account data (via Replit authentication): Full name, email address, profile picture URL, and Replit user ID — provided automatically when you log in via Replit's OpenID Connect service.
• ·Provider verification data: Government-issued identity document (e.g. NRIC, passport), legal name, and nationality — collected solely for KYC (Know Your Customer) verification before a provider may list services.
• ·Service listing data: Service titles, descriptions, pricing, availability, and service area (district or region) — provided by providers when creating listings.
• ·Booking data: Booking dates, times, service details, the identities of the customer and provider involved, booking status, and any notes added during the booking.
• ·Payment data (via Stripe): Payments are handled by our payment processor, Stripe. We do not collect or store full card or bank account numbers — these are entered directly with Stripe. We retain only non-sensitive payment metadata (such as card brand, last four digits, expiry date, and Stripe customer, account, and transaction identifiers) to display your saved payment methods, process bookings, and release provider payouts.
• ·Crypto wallet data (optional): Blockchain wallet address and associated network. For addresses verified via MetaMask, the cryptographic challenge string and resulting signature used to confirm ownership. This data is optional and stored only if you choose to add a wallet to your profile.
• ·Communications: In-app messages exchanged between users on the Platform.
• ·Review data: Ratings and written reviews submitted by customers following confirmed bookings.
• ·Usage data: Pages visited, features used, device type, browser, and approximate geographic location derived from IP address. This data is collected in aggregate and is not used to identify individuals.

3. How We Use Your Personal Data

We use your personal data for the following purposes:

• ·To create, authenticate, and maintain your account
• ·To verify provider identities and maintain platform trust and safety
• ·To display provider profiles, services, and reviews to other users
• ·To facilitate bookings and communications between customers and providers
• ·To investigate and resolve disputes, complaints, or safety reports
• ·To send platform notifications, including booking confirmations, messages, and system alerts
• ·To improve Platform features and user experience through aggregated, anonymised analytics
• ·To comply with applicable Singapore laws and regulatory requirements

4. Data Visibility and Sharing

Provider profile data — including display name, profile photo, service listings, aggregate ratings, and verified status — is visible to all users of the Platform, including unauthenticated visitors.

After a booking is confirmed, the provider receives the customer's display name and any contact details the customer has made available, to the extent necessary to deliver the booked service.

Servicito does not sell, rent, or trade personal data with any third parties for marketing or commercial purposes.

We may share identity verification documents with authorised KYC verification partners, who are bound by confidentiality obligations and data protection requirements at least as protective as this policy.

We share booking and payment information with Stripe, our third-party payment processor, as necessary to process payments, verify Provider payout accounts, and issue refunds. Stripe processes this information under its own privacy policy.

We may disclose personal data to government authorities, law enforcement, or regulators where we are legally required to do so or where we reasonably believe disclosure is necessary to protect the safety of any person.

5. Payments

Payments on the Platform are processed by Stripe, our third-party payment processor. When you book a service, you pay through the Platform and the funds are held by our payment processor until the service is completed, at which point they are released to the provider. Holding funds this way protects both customers and providers — it allows a refund to be issued before the money is released if a booking is not completed as agreed. We do not store your full card or bank account details — these are handled directly by Stripe.

Servicito currently takes zero commission: the provider receives the full service price, and the customer additionally pays a card processing fee passed through at cost. Refunds, where applicable, are issued through Stripe. Providers receive payouts through a Stripe Connect account that they set up and verify directly with Stripe, including any identity and bank details Stripe requires.

For a plain-language summary of how cancellations and refunds work for Customers, see our Cancellation & Refund Policy.

6. Crypto Wallet Data

You may optionally link one or more blockchain wallet addresses to your provider profile. Wallet addresses you provide are stored and displayed on your public provider profile.

If you verify a wallet address using MetaMask, we store the cryptographic signature produced during the verification challenge as proof of address ownership at the time of verification. This signature is not used for any transaction or financial purpose.

Servicito does not hold, transfer, interact with, or have access to any cryptocurrency or digital assets associated with any wallet address. You may remove linked wallet addresses at any time through your profile settings.

7. Data Retention

• ·Account data is retained while your account is active and for 3 years following account deletion.
• ·Identity verification documents are retained for 5 years from the date of submission, in compliance with applicable anti-money laundering and identification record-keeping requirements.
• ·Booking records and in-app messages are retained for 3 years from the date of the relevant booking.
• ·Review data is retained for the lifetime of the platform unless removed under our content policies.
• ·Usage data is retained in aggregated, anonymised form for internal analytics purposes.

You may request deletion of your personal data at any time. We will action your request as promptly as we can, subject to any legal or regulatory retention obligations that prevent immediate deletion.

8. Your Rights Under the PDPA

Under Singapore's Personal Data Protection Act 2012, you have the following rights with respect to your personal data:

• ·Right of access — to request confirmation of whether we hold personal data about you, and to receive a copy of that data.
• ·Right of correction — to request correction of any inaccurate or incomplete personal data we hold about you.
• ·Right of withdrawal — to withdraw consent to the collection, use, or disclosure of your personal data, subject to legal or contractual restrictions.
• ·Right to erasure — to request deletion of your personal data, subject to any legal retention obligations.

To exercise any of the above rights, please write to our Data Protection Officer at contact.servicito@gmail.com. We will respond to your request as promptly as we can.

9. Cookies and Tracking

We use session cookies for authentication and functional cookies to retain your location and display preferences between visits. These are strictly necessary for the Platform to operate correctly.

We do not use third-party advertising networks, cross-site tracking pixels, or behavioural advertising cookies. We do not sell data to or share data with any advertising platforms.

You may configure your browser to reject cookies. If you do so, some features of the Platform — including the ability to remain logged in — may not function correctly.

10. Security

We implement reasonable and appropriate technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include access controls, encrypted data transmission (HTTPS), and regular security reviews.

No method of transmission over the internet is completely secure. While we take data security seriously, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your Replit account credentials.

11. Children

The Platform is intended for users aged 18 and above. We do not knowingly collect personal data from persons under 18 years of age. If you have reason to believe that a minor has registered an account, please contact us immediately at contact.servicito@gmail.com and we will investigate and take appropriate action.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable laws, or Platform features. When we make material changes, we will notify users via an in-platform notification before the changes take effect. Your continued use of the Platform after the effective date of any updated policy constitutes your acceptance of the changes.

13. Contact Us

For any privacy-related questions, data access requests, or concerns, please contact our Data Protection Officer:

We aim to respond to all privacy enquiries as promptly as we can.