Who we are
Serverse (“we”, “us”, “our”) is an online marketplace that connects customers with local service providers across the United Kingdom. We are the data controller for the personal information processed through this website and our related services.
You can contact us at privacy@serverse.co.uk with any data-related queries.
Data we collect
We collect personal information in the following categories:
- Account data — name, email address, phone number, password (hashed), and profile photo when you register.
- Identity verification data — government-issued ID documents and selfies submitted through our verification provider (Didit) for vendors and customers who require KYC.
- Booking data — service bookings you make or receive, including dates, amounts, and booking status.
- Payment data — card details are processed directly by Stripe and never stored on our servers. We retain transaction references, amounts, and statuses.
- Communications — messages sent between customers and vendors through our platform, and support tickets.
- Usage data — pages viewed, search queries, device type, browser, and IP address collected automatically via cookies and server logs.
How we use your data
We use your personal information to:
- Create and manage your account.
- Process bookings and facilitate payments between parties.
- Verify the identity of vendors and customers where required.
- Send transactional communications (booking confirmations, OTP codes, receipts).
- Respond to support requests and resolve disputes.
- Detect and prevent fraud, abuse, and illegal activity.
- Improve our platform through aggregated analytics.
- Send marketing emails where you have given consent (you can opt out at any time).
- Comply with our legal obligations.
Legal basis for processing
Under UK GDPR, we rely on the following legal bases to process your data:
- Contract — processing necessary to fulfil the booking contract between you and a service provider, and between you and Serverse.
- Legitimate interests — fraud prevention, platform security, and improving our service, where these interests are not overridden by your rights.
- Legal obligation — complying with financial, anti-money-laundering, and other regulatory requirements.
- Consent — marketing emails and non-essential cookies. You may withdraw consent at any time.
Sharing your data
We do not sell your personal data. We share it only with:
- Service providers on the platform — vendors receive the information necessary to fulfil a booking (name, contact details, booking details).
- Stripe — our payment processor. Their privacy policy applies to payment data.
- Didit — our identity verification provider. Their privacy policy applies to ID documents and biometric data.
- Cloud infrastructure — our hosting and database providers, who process data under data processing agreements.
- Law enforcement — where required by law or to protect the rights and safety of our users.
Data retention
We retain your personal data for as long as your account is active. If you close your account, we delete or anonymise your data within 90 days, except where we are required to retain it for legal or regulatory purposes (for example, financial records which we keep for 6 years under UK tax law).
Your rights
Under UK GDPR, you have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure— request deletion of your data (“right to be forgotten”) where there is no overriding legal basis to retain it.
- Restriction — ask us to restrict processing in certain circumstances.
- Portability — receive your data in a structured, machine-readable format.
- Object — object to processing based on legitimate interests or for direct marketing.
- Withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting prior processing.
To exercise any of these rights, email privacy@serverse.co.uk. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
Cookies
We use cookies and similar tracking technologies. For full details, please see our Cookie Policy.
Security
We implement appropriate technical and organisational measures to protect your personal data, including encrypted data transmission (TLS), hashed passwords, and access controls. However, no system is completely secure and we cannot guarantee absolute security.
Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the effective date at the top of this page. Continued use of the platform after changes constitutes acceptance of the updated policy.
For any privacy-related questions or requests, please contact us at: