Last updated: 5 July 2026 · Version 2.0

This Privacy Policy describes how FindYourOneDayJob (“FindYourOneDayJob”, “the Platform”, “we”, “us” or “our”), operated by Steven Smith, Im Oberwald 13, 67661 Kaiserslautern, Germany, collects, uses, discloses and otherwise processes personal data in connection with our websites, applications, AI features and related services (collectively, the “Services”). It also explains your rights under the EU General Data Protection Regulation (“GDPR”) and, where applicable, other privacy laws such as US state privacy laws.

Please read this Policy carefully. By using the Services you acknowledge that you have read and understood it. If you do not agree with our practices, please do not use the Services. This Policy should be read together with our Global Terms of Service and our Legal Notice (Impressum).

1. Controller and contact

The controller within the meaning of Art. 4(7) GDPR for the processing described in this Policy is:

Steven Smith
FindYourOneDayJob
Im Oberwald 13
67661 Kaiserslautern, Germany
Email: info@findyouronedayjob.com
Phone: +49 176 42279350

For all privacy-related requests, please use the email address above with the subject line “Privacy Request”. We respond to verified requests within the statutory deadlines (in general, one month under Art. 12(3) GDPR).

2. Definitions

Customer” means a user who posts a task or books services through the Platform. “Helper” (also “One-Day-Jober”) means a user who offers and performs services sourced through the Platform. “User“, “you” or “your” means any person accessing the Services. “Personal data“, “processing”, “controller” and “processor” have the meanings given in Art. 4 GDPR. “Job” means a task posted, agreed or completed between a Customer and a Helper.

3. Our role: a neutral marketplace (important)

3.1 Intermediary only. FindYourOneDayJob is a neutral online marketplace. We provide the technical infrastructure that enables Customers and Helpers to find each other, communicate, contract and pay. We are not a party to the service contract concluded between Customer and Helper, we are not an employer, staffing agency or temporary-work agency, and we do not ourselves provide the services offered by Helpers. Helpers act as independent contractors in their own name and on their own account.

3.2 Data protection roles. We act as controller for the operation of the Platform (accounts, listings, matching, messaging infrastructure, payments facilitation, security, support and marketing of the Platform). Where a Customer and a Helper exchange personal data to prepare and perform a Job (for example a Customer’s address communicated to the Helper, or job details shared with a Customer), each of Customer and Helper processes such data as an independent controller for their own purposes and is responsible for handling it lawfully. We are not responsible for the processing that Users carry out outside the Platform.

3.3 No monitoring obligation. As a hosting-type intermediary we do not proactively monitor User content. We act on specific indications of unlawful content in accordance with applicable law (including the German Digital Services Act implementation and the EU Digital Services Act, as applicable).

4. Categories of personal data we process

4.1 Account and registration data: name, email address, password (stored as a salted hash — we never see your plain-text password), account type (Customer/Helper), language, country and time zone.

4.2 Profile data (Helpers): profile photo, skills and categories, service radius, hourly or fixed rates, biography, qualifications you choose to list, ratings and written reviews received.

4.3 Job and booking data: task descriptions, categories, budgets, offers and counter-offers, booking confirmations, job locations and time windows, completion confirmations, cancellations and dispute records.

4.4 Communication data: messages exchanged through the Platform messaging system, support requests, complaint and dispute correspondence. Message content is processed to deliver the message, to comply with legal obligations and — where justified under Art. 6(1)(f) GDPR — to investigate fraud, scams or violations of our Terms.

4.5 Payment-related data: transaction amounts, currency, fee calculations, payout status, invoice data, and the limited payment metadata returned to us by our payment processor. We never store full card numbers, CVCs or online-banking credentials. These are collected directly by Stripe (see Section 7).

4.6 Identity and verification data: where required for payouts, anti-fraud or legal compliance, Stripe may collect identity documents and bank details from Helpers directly. We receive only verification statuses (e.g. “verified”), not the underlying documents.

4.7 Technical data: IP address, device and browser type, operating system, referrer URL, pages viewed, timestamps, approximate location derived from IP, crash and error logs, and security events (e.g. failed login attempts).

4.8 Cookie and similar data: see Section 9.

4.9 AI interaction data: prompts and inputs you type into our AI assistant (“Findy”) and AI job post generator, and the generated outputs (see Section 8).

4.10 Marketing data: newsletter subscription status, consent records, and interaction data for emails we send (open/click, where you have consented).

5. Sources of personal data

We obtain personal data (a) directly from you (registration, profiles, postings, messages, support), (b) automatically through your use of the Services (technical data, cookies), (c) from other Users (e.g. reviews about you, messages addressed to you), and (d) from our service providers (e.g. payment status information from Stripe).

6. Purposes and legal bases of processing

We process personal data only where a legal basis under Art. 6 GDPR exists:

6.1 Contract performance (Art. 6(1)(b) GDPR): providing your account; publishing listings and profiles; matching Customers and Helpers; enabling bookings, messaging and reviews; facilitating payments and payouts; providing customer support.

6.2 Legal obligations (Art. 6(1)(c) GDPR): tax and commercial retention duties (§ 147 AO, § 257 HGB), accounting, responding to lawful requests by authorities, anti-money-laundering obligations of our payment processor.

6.3 Legitimate interests (Art. 6(1)(f) GDPR): securing the Platform against fraud, scraping, spam and abuse; enforcing our Terms; defending legal claims; measuring and improving Platform performance; direct marketing to existing users within the limits of § 7(3) UWG. Where we rely on legitimate interests we balance them against your rights; you may object at any time (Section 16).

6.4 Consent (Art. 6(1)(a) GDPR): non-essential cookies and similar technologies, newsletters to non-customers, and any optional features clearly marked as consent-based. You can withdraw consent at any time with effect for the future.

7. Payments and payouts (Stripe)

7.1 Processor. All payments on the Platform are processed by Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (“Stripe”), and its affiliates, including Stripe, Inc. (USA).

7.2 What Stripe receives. When you pay or receive payouts, Stripe collects the data required for the transaction directly from you: name, email, billing address, card or payment method details, bank account/IBAN for payouts, transaction amount, device data used for fraud prevention, and — for Helpers receiving payouts — identity verification data required under EU anti-money-laundering law (e.g. date of birth, ID document).

7.3 Roles. For core payment processing, fraud prevention and its own legal compliance, Stripe acts as an independent controller; for certain auxiliary services Stripe acts as our processor. Details: Stripe Privacy Policy.

7.4 What we see. We receive transaction metadata (amounts, statuses, fees, last four digits/brand of a card at most) — never full card numbers or credentials.

7.5 Escrow-style protection. To provide payment protection, payment for a Job is captured when a booking is made and released to the Helper after completion. The associated data processing is necessary for the performance of the contract (Art. 6(1)(b) GDPR).

8. AI features (Findy assistant & job post generator)

8.1 What happens to your inputs. Text you enter into our AI chat or generator, together with limited context (e.g. the page you are on), is transmitted to our AI infrastructure providers to generate a response. Providers are bound by data processing agreements pursuant to Art. 28 GDPR and process the data on our documented instructions.

8.2 No training on your data. We do not permit our AI providers to use your inputs to train their general-purpose models.

8.3 Your responsibility. Please do not enter sensitive personal data (health data, financial credentials, data about third parties) into AI fields. AI outputs can be inaccurate; they are suggestions, not advice.

8.4 Helper matching. When the assistant suggests Helper profiles, it only surfaces information those Helpers have chosen to publish on their public profiles.

9. Cookies and similar technologies

9.1 Strictly necessary cookies (Art. 6(1)(f) GDPR; § 25(2) TDDDG): login/session cookies, security tokens (CSRF), load balancing, cart/booking state, cookie-consent status. These cannot be switched off because the Platform does not function without them.

9.2 Performance and caching: we use LiteSpeed Cache and the QUIC.cloud CDN to deliver pages quickly. These may set technically necessary cookies and process your IP address to route content efficiently and mitigate attacks (legitimate interest, Art. 6(1)(f) GDPR).

9.3 Non-essential cookies (statistics, marketing) are set only with your prior consent (Art. 6(1)(a) GDPR; § 25(1) TDDDG), which you can withdraw at any time via the cookie settings or your browser.

9.4 Browser controls. You can delete or block cookies in your browser settings at any time; core functions such as login will then be unavailable.

10. Hosting, infrastructure and service providers

We use carefully selected service providers that process personal data on our behalf under Art. 28 GDPR data processing agreements, including: web hosting and server infrastructure (EU-based hosting), content delivery and DDoS protection (QUIC.cloud CDN), email delivery, error monitoring, and AI infrastructure (Section 8). A current list of processors is available on request via info@findyouronedayjob.com.

11. Recipients of personal data

Depending on the situation, personal data is disclosed to: (a) other Users — e.g. your public profile, ratings and first name are visible to potential contract partners; the counterparty to a confirmed Job receives the contact and location details needed to perform it; (b) service providers/processors (Section 10); (c) Stripe (Section 7); (d) authorities, courts and legal advisers where required by law or necessary to establish, exercise or defend legal claims; (e) successors in the event of a business transfer, under confidentiality safeguards. We do not sell personal data, and we do not share it with third parties for their own advertising.

12. International data transfers

Where data is transferred to countries outside the EU/EEA without an adequacy decision (for example to US-based infrastructure or AI providers), we implement appropriate safeguards pursuant to Art. 44 et seq. GDPR — in particular the EU Standard Contractual Clauses (2021/914) supplemented by technical measures, and, where providers are certified, the EU-US Data Privacy Framework. Copies of relevant safeguards are available on request.

13. Retention periods

We store personal data only as long as necessary: account data — for the life of your account and up to 3 years after closure (limitation periods, § 195 BGB); transaction, invoice and booking records — up to 10 years (§ 147 AO, § 257 HGB); messages — for the life of the account, unless needed longer for disputes; server and security logs — typically 7–30 days, longer only for incident investigation; consent records — for the duration of the consent plus statutory limitation periods; support correspondence — up to 3 years after the case is closed. Thereafter data is deleted or irreversibly anonymised.

14. Security

We apply technical and organisational measures pursuant to Art. 32 GDPR, including TLS encryption in transit, salted password hashing, role-based access controls, hardened server configuration, web application firewalling, DDoS mitigation, regular updates and backups, and the principle of least privilege for administrative access. No system is 100% secure; please use a strong, unique password and keep it confidential.

15. Your rights under the GDPR

You have the following rights vis-à-vis us as controller, exercisable free of charge via info@findyouronedayjob.com:

15.1 Access (Art. 15): confirmation whether we process your data, a copy of it, and information about purposes, categories, recipients, retention and safeguards.

15.2 Rectification (Art. 16): correction of inaccurate and completion of incomplete data — most profile data you can correct yourself in your account.

15.3 Erasure (Art. 17, “right to be forgotten”): deletion where data is no longer necessary, consent is withdrawn, or processing is unlawful — subject to statutory retention duties (Section 13).

15.4 Restriction (Art. 18): restriction of processing while accuracy or lawfulness is contested.

15.5 Data portability (Art. 20): receipt of data you provided to us in a structured, commonly used, machine-readable format.

15.6 Withdrawal of consent (Art. 7(3)): at any time with effect for the future, without affecting the lawfulness of prior processing.

15.7 Complaint (Art. 77): with a supervisory authority — competent for us: Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz, Hintere Bleiche 34, 55116 Mainz, Germany.

16. Right to object (Art. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data based on Art. 6(1)(f) GDPR (legitimate interests). We will then no longer process the data unless we demonstrate compelling legitimate grounds overriding your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims. Where personal data is processed for direct marketing purposes, you may object at any time without stating reasons; we will then stop marketing processing immediately.

17. Automated decision-making and profiling

We do not make decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you (Art. 22 GDPR). Our matching and ranking features merely suggest Jobs and Helpers; all contracting decisions are made by the Users themselves.

18. Minors

The Services are directed at persons aged 18 or over. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, contact us and we will delete it.

19. Public content, reviews and messages

19.1 Public profiles. Helper profiles, ratings and reviews are public by design — consider carefully what you publish. Search engines may index public pages.

19.2 Reviews. Reviews you write are attributed to your profile name and visible to all Users. Factual, lawful reviews cannot be deleted merely because the reviewed party disagrees.

19.3 Responsibility of Users. Each User is responsible for the personal data of others that they obtain through the Platform (e.g. addresses) and may use it exclusively to perform the Job in question. Any further use (advertising, disclosure, storage beyond the Job) is prohibited and may violate data protection law.

20. Third-party links

The Services contain links to external websites (including our partner platform BaseNeed). We are not responsible for the content or privacy practices of external sites; their own privacy policies apply.

21. Notice for users in the United States

If you are a resident of a US state with a comprehensive privacy law (e.g. California — CCPA/CPRA), the following applies: we do not “sell” or “share” personal information as defined by those laws and have not done so in the preceding 12 months; we do not use or disclose sensitive personal information for purposes requiring a right to limit; you have rights to know, access, correct, delete and to non-discrimination, which you can exercise via info@findyouronedayjob.com. Authorized agents may submit requests on your behalf with proof of authorization. Categories of personal information collected and purposes correspond to Sections 4 and 6 of this Policy.

22. Data breach notification

In the event of a personal data breach we act in accordance with Art. 33 and 34 GDPR, including notification of the supervisory authority within 72 hours where required and communication to affected Users where the breach is likely to result in a high risk to their rights and freedoms.

23. Changes to this Policy

We may update this Policy to reflect changes in the Services or in the law. The current version is always available at this address; material changes will be announced in the Services with reasonable notice. The “Last updated” date at the top indicates the latest revision.

24. Statutory or contractual requirement to provide data

Providing account data is required to conclude and perform the Platform contract — without it, we cannot provide the Services. Providing payout and verification data is required by Stripe for legal reasons; without it, payouts cannot be made. All other data is provided voluntarily.

25. Contact for data protection

Steven Smith · FindYourOneDayJob · Im Oberwald 13 · 67661 Kaiserslautern · Germany
Email: info@findyouronedayjob.com · Subject: “Privacy Request”
We may ask for information to verify your identity before fulfilling a request; this protects your data from unauthorised access.

Part of the FindYourOneDayJob family — BaseNeed: the community platform for military families · housing, careers & PCS support.