Privacy Policy
Last updated: May 26, 2026
This policy describes how Marketplace ("we", operated by SynthaSkill LLC) collects, uses, and protects information when you use the Service.
1. What we collect
- Account info: name, email, hashed password, profile photo if provided.
- Mechanic profile: FAA certificate number, ratings, service area, hourly rate, skills, and reviews received.
- Work orders and bids: aircraft registration, job description, bid amounts, accepted terms, and completion status.
- Transaction history: payment amounts, dates, and Stripe transaction IDs (never card numbers).
- Usage telemetry: page loads, errors (via Sentry), feature usage. No third-party advertising trackers.
- Payment info: handled by Stripe; we receive a Stripe customer/subscription ID, never your card number.
2. Why we collect it
- To provide the Service you signed up for.
- To facilitate matching between mechanics and customers.
- To process payments and maintain transaction records.
- To bill you for paid plans.
- To diagnose errors and improve the Service.
- To respond to your support requests and resolve disputes.
3. Profile visibility
Mechanic profiles (name, certificate type, ratings, service area, and reviews) are visible to other authenticated users of the Marketplace. You can control which profile fields are public from your profile settings. Work order details are visible only to the parties involved in that order.
4. Where data lives
Production data is hosted in the European Union (Hetzner FSN1-DC11, Helsinki, Finland) on encrypted disks. Backups are encrypted with age (X25519) and replicated to a Hetzner Storage Box in the same region. We never sell or rent your data.
5. Sharing
We share data only with:
- Stripe (payment processing — PCI-compliant)
- Sentry (error tracking — error metadata only)
- Better Auth (session management — open source, self-hosted)
- Resend (transactional email — opt-in only)
- Law enforcement when compelled by valid legal process.
We never sell data to advertisers or data brokers.
6. Your rights (GDPR / CCPA)
- Access: Export your data from Settings → Export.
- Correction: Edit your profile and listings directly in the app.
- Deletion: Settings → Delete account triggers a 30-day grace period, then hard purge. Some records may be retained where required by law or for dispute resolution purposes.
- Portability: JSON export available on request.
- Object / Restrict: Email [email protected].
7. Cookies
We use only essential cookies for authentication (Better Auth session) and an opt-in analytics cookie if you accept it on the banner. See our Cookie Policy for the full list.
8. Children
Marketplace is not directed at users under 18. We do not knowingly collect data from minors.
9. Security
Passwords are hashed via Better Auth's default algorithm (scrypt at time of writing). Sessions use HttpOnly + Secure + SameSite=Lax cookies. We enable TLS 1.3 on all endpoints with HSTS.
10. Changes
Material changes will be announced via in-app notification and email at least 30 days before they take effect.
11. Contact
Data Protection Officer: [email protected].