1. Who we are
Fiksit is a Belgian platform that connects consumers with neighbours ("helpers") for small jobs such as cleaning, garden maintenance and small moves. During the pilot phase we operate under the Belgian tax regime for miscellaneous income (art. 90 Income Tax Code '92); after recognition as a collaborative economy platform (application submitted, expected Q4 2026), we will switch to the collaborative economy regime. Fiksit is operated by Fiksit BV (in formation until 30 June 2026), based in Belgium.
By "we", "our" or "Fiksit" we mean Fiksit BV. By "you" we mean the user (consumer or helper) who uses the app or website.
This privacy policy explains which personal data we collect, why, how we use it and what rights you have.
2. Which data we collect
2.1 Data you provide directly
- Account: first name, last name, e-mail address, password (hashed), phone number (optional), language preference, profile picture
- Helper identification: date of birth, national register number (for collaborative economy recognition), copy of identity document (via itsme), bank account number (IBAN for payouts)
- Addresses: street, postal code, municipality, GPS coordinates, labels (e.g. "Home", "Parents")
- Bookings: service, date/time, duration, price, notes to helper
- Messages: all chat conversations between consumer and helper
- Photos: before/after photos for each job, uploaded by the helper
- Reviews: star rating and textual reviews
2.2 Data we collect automatically
- Location: during an active session as helper (GPS check-in/out), or when entering an address as consumer
- Device data: operating system, app version, push token (Expo)
- Usage data: which screens you visit, which buttons you use (via PostHog analytics)
- Log files: IP address, timestamp, URLs used, error messages
2.3 Data from third parties
- Stripe: payment data is processed by Stripe Payments Europe (Ireland) — we only receive transaction IDs and status, not card numbers
- itsme: identity verification for helpers — we only receive a "verified ✓" confirmation, no transfer of the national register number
- Apple/Google: with social login we receive name + e-mail as you authorised
2.4 Special categories of personal data (GDPR art. 9)
Fiksit processes no special categories of personal data (health, race, ethnic origin, religion, biometric data, sexual orientation, political opinions, etc.) — unless a user voluntarily shares them in a task description or chat message (e.g. "dust-free please due to asthma"). In that case:
- They are used only for the specific assignment
- They are not stored in a structured or searchable way
- They are automatically deleted at the standard chat history retention period (2 years)
- Helpers are explicitly trained to treat such information confidentially
3. Why we process this data
| Purpose | Legal basis (GDPR art. 6) |
|---|---|
| Account creation + authentication | Contract performance |
| Matching helpers and customers (zone, availability, ranking) | Contract performance |
| Processing payments via Stripe | Contract performance + legal obligation |
| Sending push notifications (new job, chat message, reminders) | Legitimate interest |
| Chat moderation (spam, fraud, off-platform offers) | Legitimate interest + safety |
| Storing before/after photos as evidence in case of dispute | Legitimate interest |
| GPS check-in/out to confirm attendance | Legitimate interest + insurance |
| Helper payouts + tax filing (fiche 281.50 pilot / 281.29 after recognition) | Legal obligation (Belgian ITC '92, RD 12/01/2015) |
| DAC7 reporting to Belgian Tax Authority | Legal obligation (EU 2021/514, since 2023) |
| Improving the platform (analytics) | Legitimate interest |
| Marketing e-mails (only after opt-in) | Consent |
4. With whom we share data
We do not share your data with third parties for commercial purposes. We do share with the parties in the table below — only to the extent necessary for the operation of the Platform or as legally required:
| Processor / Third party | Role | Country | Safeguard |
|---|---|---|---|
| The other party in a booking | Consumer ↔ Helper see each other's name, profile picture, reviews, address (after match) and chat history | BE | Necessary for booking execution |
| Stripe Payments Europe | Payment processor (consumer payments + Stripe Connect for helper payouts) | IE | PCI-DSS compliant, EU-hosted, adequacy decision |
| itsme | Helper identity verification (KYC) | BE | Compliant with Belgian DPA, no raw ID data stored at our end |
| Supabase | Database hosting + edge functions + storage | EU (Frankfurt) | GDPR-compliant, DPA available |
| Resend | Transactional e-mails (auth, bookings, notifications) | US | Standard Contractual Clauses (EU 2021/914) |
| Expo Push API | Push notification delivery (iOS + Android) | US | SCCs, no content stored — routing only |
| Apple Push / Google FCM | Underlying push infrastructure per OS | US | Under Apple/Google's own DPAs |
| OpenAI | Chat moderation API (anti-fraud, anti-spam) | US | SCCs, content not retained by OpenAI for training |
| Mapbox | Map rendering + address autocomplete | US | SCCs, limited data transfer |
| Ethias | Insurer liability + execution damages — only on claim file opening | BE | Compliant with Belgian DPA |
| PostHog (future) | Product analytics — anonymous usage data | EU (Frankfurt) | EU hosting, no marketing tracking |
| Fiksit BV accountant | Accounting + tax filings | BE | Compliant with Belgian DPA, professional secrecy |
| Belgian Tax Authority | Statutory tax reporting (fiche 281.50 pilot / 281.29 after recognition + DAC7) | BE | Legal obligation — no choice |
| Data Protection Authority / Police / Justice | On legal obligation (court order, data breach notification) | BE | Legal obligation |
Fiksit never sells your data to third parties for commercial purposes.
5. International transfers
Some of our processors (Resend, Expo) are based outside the EEA. We ensure an adequate level of protection via Standard Contractual Clauses (EU 2021/914) or via an adequacy decision of the European Commission.
6. How long we retain data
| Category | Retention period |
|---|---|
| Account (after deactivation) | 30 days, then anonymisation |
| Bookings + invoicing | 7 years (legal obligation Belgian Companies Code) |
| Chat messages | 2 years after last job between parties, then anonymisation |
| Before/after photos | 90 days after the job, then deletion |
| GPS check-in/out | 90 days, then deletion |
| Moderation logs | 5 years (anti-fraud) |
| Marketing e-mails | Until opt-out |
| Cookies | See our Cookie Policy |
7. Your rights (GDPR art. 15-22)
You have the right to:
- Access to your data (art. 15) — request an export via your profile
- Rectification of incorrect data (art. 16) — directly via your profile
- Erasure ("right to be forgotten") (art. 17) — via your profile → Delete account, or e-mail to info@fiksit.app
- Restriction of processing (art. 18)
- Portability (art. 20) — request a JSON export
- Objection to processing based on legitimate interest (art. 21)
- Not be subject to automated decision-making (art. 22) — our helper ranking is automated; you can request human intervention by contacting us
- Right to withdraw consent: for processing based on your consent (e.g. marketing e-mails, cookie categories) you can withdraw consent at any time via your profile settings or the cookie banner. Withdrawal does not affect the lawfulness of processing before the withdrawal.
Filing a complaint: You can always file a complaint with the Belgian Data Protection Authority (Rue de la Presse 35, 1000 Brussels).
8. Security
- Passwords are hashed with bcrypt
- All connections via HTTPS (TLS 1.3)
- Database access via Row-Level Security (PostgreSQL RLS)
- Multi-factor authentication available for admin accounts
- Pen-test at minimum yearly
- Data breach notification within 72h to the Data Protection Authority (GDPR art. 33)
9. Changes to this policy
We can change this policy. For material changes we will send you an e-mail or in-app notification at least 30 days before entry into force. The version history is at the bottom of this page.
10. Contact
Questions about your data or this policy? E-mail info@fiksit.app.
For formal rights exercise (art. 15-22): attach a copy of your ID for verification (we anonymise it once your request is handled).
Version history
- v1.0 (11 May 2026): first version, drafted by Sam Knaepen