Privacy Policy

Last updated: 1 April 2026

1. Who we are

Hire2Skill AS ("Hire2Skill", "we", "our") is the controller of your personal data. We operate the Hire2Skill platform at hire2skill.com, which connects task posters with local helpers across Norway. We are based in Oslo, Norway and process personal data in accordance with the General Data Protection Regulation (GDPR) as implemented in Norwegian law through the Personal Data Act (personopplysningsloven).

You can contact us at: [email protected]

2. Data we collect

We collect personal data in the following categories:

  • Account data: name, email address, password (hashed), profile photo, phone number
  • Profile data: bio, skills, service categories, location (city level), hourly rate
  • Booking data: task descriptions, booking history, messages exchanged through the platform
  • Verification data: identity document images submitted for helper verification (stored encrypted)
  • Usage data: IP address, device type, pages visited, session duration (via server logs)
  • Payment data: billing information processed by our payment provider — we do not store card details

3. Why we use your data

To provide and operate the platform (Contract)

Account management, task booking, messaging between users, payment processing.

For safety and trust (Legitimate interest)

Identity verification, fraud prevention, review moderation, platform security.

Legal compliance (Legal obligation)

Tax records, response to lawful requests from Norwegian authorities.

Marketing communications (Consent)

Email newsletters and promotional messages — only if you opt in. Withdrawable at any time.

4. Who we share data with

We do not sell your personal data. We share data only with:

  • Other platform users: your public profile (name, bio, photo, rating) is visible to other users. Your contact details are never shared without your consent.
  • Supabase (data storage): our database and authentication provider, operating in EU/EEA data centres.
  • Resend (email delivery): used to send transactional emails. Processes only recipient email addresses.
  • Payment processors: handle payment transactions under their own GDPR-compliant terms.
  • Norwegian authorities: when required by law (e.g. Datatilsynet, tax authority, court orders).

5. How long we keep your data

  • Account data: retained while your account is active, plus 2 years after deletion for legal compliance
  • Booking and message history: 5 years (Norwegian accounting requirements)
  • Verification documents: deleted within 30 days of verification decision
  • Server logs: 90 days

6. Your rights (GDPR)

As a resident of the EEA, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten"), subject to legal retention requirements
  • Restrict processing in certain circumstances
  • Object to processing based on legitimate interests
  • Data portability — receive your data in a structured, machine-readable format
  • Withdraw consent at any time for consent-based processing
  • Lodge a complaint with Datatilsynet (datatilsynet.no) if you believe we have breached GDPR

To exercise any of these rights, email [email protected]. We respond within 30 days.

7. Cookies

We use cookies for authentication, session management, and usage analytics. See our Cookie Policy for full details.

8. Changes to this policy

We may update this policy from time to time. We will notify registered users by email of any material changes at least 30 days before they take effect. Continued use of the platform after changes take effect constitutes acceptance.