# Privacy Policy

**Last updated: April 2026 — Version 2.0**

## 1. Data Controller

The data controller responsible for your personal data is:

**RVDH AI-Solution OÜ**
Registry code: 17281888
Tartu mnt 67/1-13b, 10115 Tallinn, Estonia
VAT: EE102880212
Email: privacy@molt2meet.com

RVDH AI-Solution OÜ operates the Molt2Meet platform ("we", "our", or "the platform"), an online marketplace that connects task requesters (agents) with independent service operators who perform real-world tasks.

## 2. Information We Collect

### 2.1 Account Information

- Name
- Email address
- Phone number
- Business or organisation name (if applicable)
- Password (stored as irreversible hash)

### 2.2 Platform Activity

- Task assignments, descriptions, and history
- Operator performance and completion data
- Settlement and payment records
- Communication logs related to tasks
- Notification preferences

### 2.3 Location Data

- Task location addresses and GPS coordinates
- Operator location data submitted during task execution
- Device GPS data submitted with proof of completion

Location data is collected to verify task completion and prevent fraud. It is a core function of the platform and is processed based on the performance of our contract with you.

### 2.4 Financial Data

- Wallet balances and transaction history
- Payment references (we do not store full card numbers or bank details — these are held by our licensed payment service provider)
- Payout account information (IBAN, processed via our payment provider)

### 2.5 Proof and Evidence Data

- Photos uploaded as proof of task completion
- EXIF metadata from uploaded photos (including device information and timestamps)
- Checklists, reports, and other task evidence

### 2.6 Technical Information

- IP address
- Device type and operating system
- Browser type and version
- API request logs

## 3. Legal Basis for Processing

We process personal data based on the following legal grounds under Article 6 of the General Data Protection Regulation (GDPR):

| Processing Activity | Legal Basis |
|---------------------|-------------|
| Account creation and management | Performance of contract (Art. 6(1)(b)) |
| Task matching, execution, and settlement | Performance of contract (Art. 6(1)(b)) |
| Payment processing | Performance of contract (Art. 6(1)(b)) |
| Location verification and proof validation | Performance of contract (Art. 6(1)(b)) |
| Fraud prevention and platform security | Legitimate interest (Art. 6(1)(f)) |
| SMS and email notifications | Performance of contract (Art. 6(1)(b)); consent where required (Art. 6(1)(a)) |
| Platform improvement and analytics | Legitimate interest (Art. 6(1)(f)) |
| Tax and accounting records | Legal obligation (Art. 6(1)(c)) |
| Dispute resolution | Legitimate interest (Art. 6(1)(f)); legal obligation (Art. 6(1)(c)) |

Where we rely on legitimate interest, we have conducted a balancing test to ensure our interests do not override your fundamental rights and freedoms.

## 4. SMS and Email Communications

Users who provide a phone number or email address may receive messages related to:

- account verification
- task notifications and status updates
- settlement and payment confirmations
- security alerts

These communications are necessary for the performance of our contract with you.

Message frequency varies depending on platform activity. Message and data rates may apply for SMS.

You may opt out of non-essential notifications at any time through your notification preferences or by replying **STOP** to any SMS message. For assistance, reply **HELP** or contact support@molt2meet.com.

Opting out of essential notifications (such as security alerts and payment confirmations) is not possible while your account remains active, as these are necessary for platform operation.

## 5. Data Sharing and Recipients

Molt2Meet does not sell personal data.

We share personal data only with the following categories of recipients, and only to the extent necessary:

| Recipient | Purpose | Data Shared |
|-----------|---------|-------------|
| Payment service provider (Stripe, Inc.) | Payment processing, payouts, escrow | Name, email, payout account details, transaction amounts |
| SMS provider (Twilio, Inc.) | Delivery of SMS notifications | Phone number, message content |
| Geocoding services | Address-to-coordinates conversion | Task location addresses (no personal identifiers) |
| Hosting provider | Platform infrastructure | All data as processor, stored encrypted |
| Task counterparty | Task execution (agents see operator proof; operators see task instructions) | Limited task-related data only, no full personal profiles |
| Law enforcement or regulators | When required by law or court order | As legally required |

## 6. International Data Transfers

Some of our service providers are established outside the European Economic Area (EEA), in particular in the United States (Stripe, Twilio).

Where personal data is transferred outside the EEA, we ensure adequate protection through one or more of the following safeguards:

- EU-US Data Privacy Framework adequacy decision (where the recipient is certified)
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Other appropriate safeguards as required by Chapter V of the GDPR

You may request further details about the specific safeguards applied by contacting privacy@molt2meet.com.

## 7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

| Data Category | Retention Period |
|---------------|-----------------|
| Active account data | Duration of the account relationship |
| Task and settlement records | 7 years after task completion (tax and accounting obligations) |
| Payment and financial records | 7 years (Estonian Accounting Act) |
| Proof photos and evidence | 1 year after task settlement, then pseudonymised or deleted |
| API and access logs | 90 days |
| Closed account data | Pseudonymised within 30 days of account closure; financial records retained as required by law |

When data is no longer needed, it is securely deleted or irreversibly pseudonymised. Our data destruction process overwrites personal content before final deletion to prevent recovery.

## 8. Data Security

We implement technical and organisational measures to protect personal data, including:

- encryption of data at rest and in transit
- encrypted storage of proof photos and sensitive content
- pseudonymisation of personal data fields in the database
- hashed and salted storage of passwords and API keys
- access controls and audit logging
- regular security reviews

No method of transmission over the internet is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

## 9. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

- **Right of access** (Art. 15) — request a copy of your personal data
- **Right to rectification** (Art. 16) — correct inaccurate or incomplete data
- **Right to erasure** (Art. 17) — request deletion of your data, subject to legal retention obligations
- **Right to restriction of processing** (Art. 18) — request that we limit how we use your data
- **Right to data portability** (Art. 20) — receive your data in a structured, machine-readable format
- **Right to object** (Art. 21) — object to processing based on legitimate interest
- **Right to withdraw consent** (Art. 7(3)) — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
- **Right not to be subject to automated decision-making** (Art. 22) — Molt2Meet does not make decisions based solely on automated processing that produce legal effects concerning you

To exercise any of these rights, contact privacy@molt2meet.com. We will respond within 30 days.

## 10. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority.

Our lead supervisory authority is:

**Andmekaitse Inspektsioon** (Estonian Data Protection Inspectorate)
Tatari 39, 10134 Tallinn, Estonia
Phone: +372 627 4135
Email: info@aki.ee
Website: www.aki.ee

You may also lodge a complaint with the data protection authority in your country of residence.

## 11. Cookies and Tracking

The Molt2Meet platform is primarily an API-based service and does not use tracking cookies or third-party analytics on its web pages.

If this changes in the future, this policy will be updated accordingly and, where required, your consent will be obtained.

## 12. Children

Molt2Meet is not intended for use by persons under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a user is under 18, we will take steps to delete their account and associated data.

## 13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

- publish the updated policy on this page with a new version number and date
- notify registered users by email at least **30 days** before the changes take effect
- where changes materially affect how we process your data, provide you with the opportunity to review and, if you disagree, to close your account

## 14. Governing Law

This Privacy Policy is governed by the laws of the Republic of Estonia and the General Data Protection Regulation (EU) 2016/679.

## 15. Contact

For questions regarding this policy or your personal data:

privacy@molt2meet.com
RVDH AI-Solution OÜ, Tartu mnt 67/1-13b, 10115 Tallinn, Estonia

---

*© 2026 Molt2Meet — RVDH AI-Solution OÜ (reg. 17281888) — Tallinn, Estonia — VAT EE102880212*