PRIVACY POLICY
Draak-app Platform
Effective Date: April 09, 2026
1. Introduction
Welcome to the Draak-App platform! Draak-App is a digital ecosystem consisting of a Website (for Clients) and a Mobile Application (for Service Providers). Your privacy is fundamental to us. This Privacy Policy explains how we collect, use, disclose and protect your personal information when using any part of our Platform. By accessing the Site or downloading the Application, the user agrees to the practices described in this policy, which complies with the General Data Protection Regulation (GDPR) of the European Union.
2. Data Controller
The entity responsible for processing your personal data is: Willian Freitas Borges, Unipessoal Lda. Correspondence Address: Rua Pedro Alvares Cabral, 205, 4A, São Domingos de Rana, Cascais, 2785-396, Portugal. Privacy Email: [email protected]
3. Personal Data We Collect
| Category | Data Collected |
|---|---|
| General (All Users) | IP address, technical access data (dates, times), browser type, device model and operating system. |
| Clients | When booking: Name, phone number and email address (optional). Browsing: Search history and providers visited (anonymous data or associated with cookies). We do not collect the Client's Tax Identification Number. |
| Service Providers | Name, email, phone, professional address, service/product details and profile/work photos. Transaction Data (Subscription): Payment confirmation provided by the App Store (e.g.: purchase ID, subscription expiry date). We do not have access to your banking or credit card data. We do not collect the Provider's Tax Identification Number, as subscription billing is managed entirely by the App Stores. |
| Authentication and Session | Session token stored locally on the device (valid up to 30 days when "stay connected" or biometric login is active). FCM token from the device for sending push notifications. In case of biometric login, an authentication token (never the fingerprint itself) is stored in the device's secure storage (Android Keystore) and is never transmitted to our servers. |
| App Permissions | Camera and Gallery: We request access if the Provider wishes to upload photos. Notifications: To send alerts for new bookings or reminders. |
4. Purposes of Processing
We process your data for the following specific purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Account Management and Bookings | To allow Provider registration and Client bookings. |
| Connection Between Users | To share Client contact details with the Provider when a booking is confirmed. |
| App Monitoring and Security | Collection of crash reports (logs) to fix bugs and improve Application stability. |
| Communication and Support | To send booking confirmations or respond to enquiries. |
| Marketing | Sending news or promotions (only if authorised). |
5. Sharing of Personal Data
We do not sell your personal data. Data sharing occurs only in the following strict situations:
- Between Client and Provider (Essential): When a Client confirms a booking, their Name, Phone and Email are automatically shared with the selected Provider.
- Payments and Transactions: All subscriptions are processed directly by the Google Play Store or Apple App Store platforms. Draak-app does not collect or store any payment data (such as credit card numbers). The management of such data is the exclusive responsibility of the respective stores, in accordance with their own privacy policies.
- Technology Service Providers: We use trusted partners for hosting (Hostinger), transactional email and reminder sending (PHPMailer/SMTP), push notifications (Firebase Cloud Messaging — Google) and App error analysis, who act under our instructions and confidentiality obligations.
- Authorities: When required by law or court order.
6. Cookies and Tracking Technologies Policy
Our Website uses cookies to improve the browsing experience.
- What are they? Small text files stored in your browser.
- Types of Cookies we use: Essential (necessary for basic operation and booking) and Analytical (optional, used to measure and improve performance).
- Control: The user has full control over non-essential cookies through the site's consent banner.
7. International Transfers
If our external service providers are located outside the European Economic Area (EEA), we ensure that the transfer is made under appropriate safeguards, such as the Standard Contractual Clauses approved by the European Commission.
8. Data Security
We implement technical (encryption, HTTPS) and organisational (restricted access) measures to protect your personal data. However, we remind you that it is the Provider's responsibility to keep Application credentials secure. Third-party authentication keys (Google Firebase) are stored outside the server's public folders, inaccessible via the web. Location data used in the site search are approximate coordinates and are not stored or associated with any user.
9. Data Retention and Deletion
Data is retained for the period necessary for the purposes for which it was collected. The Provider may request account deletion directly in the Application, through the account settings section. After confirmation, personal data is deleted from our servers. Data related to subscriptions may be retained for legal obligations. After subscription cancellation without a deletion request, data is retained for 30 days before being removed.
10. Data Subject Rights
In accordance with the GDPR, you have the right to Access, Rectify, Erase ("Right to be forgotten"), object to processing and request Portability of your data. To exercise these rights, send an email to: [email protected].
10.1. Exception for Professionals Registered by the Provider Company
If you are a professional operating under the management of a Provider Account (account holder company), your registration, data and eventual deletion must be managed primarily by the account holder Provider (the company) through the "Team Management" feature. Draak-app will only process deletion requests from individual professionals upon request or confirmation from the account holder Provider who performed the registration. This measure aims to protect the account data structure and ensure deletion authorisation.
11. Complaints
If you believe your data is not being processed correctly, you have the right to lodge a complaint with the national supervisory authority: Comissão Nacional de Proteção de Dados (CN