Privacy Policy

Last Updated: March 29, 2026

1. Introduction

PhaseContract is operated by Michael Delgado, sole proprietor, trading as PhaseContract. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, and services (collectively, the "Service").

By using the Service, you acknowledge that your personal information will be processed as described in this Privacy Policy. The legal basis for that processing depends on the context, as described below. If you do not agree, please do not use the Service.

The transactional Service is currently offered only in the United States only, excluding California. This Privacy Policy also covers the public website, contact requests, waitlist or outreach interactions, and other pre-launch or pre-contract processing that may occur from outside that supported service area.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service with a new effective date. Where required by law, we will provide additional notice or obtain any consent that is legally required before those changes take effect.

1.1 Controller Information

Unless this policy states otherwise, the controller for personal data covered by this policy is Michael Delgado, sole proprietor, trading as PhaseContract.

Address:
Maßbornstraße 8
60437 Harheim, Hessen, Germany

Email: hello@phasecontract.com . Additional provider details are available on our Legal Notice / Impressum page.

1.2 Plain-Language Summary

We built this policy to be specific and practical. In short: we use account data to run jobs, process payments, prevent fraud, and provide support. We keep records only as long as required for legal, tax, dispute, and operational reasons. We do not sell user data as part of an advertising marketplace.

You control critical decisions around your account. You can request access, correction, deletion, and export where law grants those rights. Some records must remain in place for compliance windows, chargeback handling, and anti-fraud review, but we limit retention to the minimum period needed for those obligations.

When we rely on service providers, we require contractual protections and review controls for security, confidentiality, and processing scope. If this document feels too legal, use the contact route at the end of this page and we will answer with plain, direct guidance.

We also run periodic internal reviews of retention schedules, access controls, and deletion workflows to keep policy language aligned with operational reality.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

  • Account Information: Name, email address, phone number, password, and business name
  • Profile Information: Profile photo, business description, and professional credentials
  • Payment Information: Bank account details (for contractors), billing address, and payment card information (processed by Stripe)
  • Job Information: Job descriptions, pricing, timelines, photos, documentation, and communications
  • Client Information: Your clients' names, email addresses, phone numbers, and payment details you enter
  • Communications: Messages, support requests, and feedback you send us
  • Voice Recordings: Audio recordings when you use voice input features (processed for transcription only)

2.2 Information Collected Automatically

When you use the Service, we automatically collect:

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Information: Pages viewed, features used, actions taken, time spent on pages
  • Log Data: Access times, error logs, referring URLs (and associated request identifiers used for incident investigation)
  • Location Information: Approximate location based on IP address
  • Cookies and Similar Technologies: Session cookies, authentication tokens, and limited local storage preference flags required for core operation and user experience

2.3 Information from Third Parties

We may receive information from:

  • Stripe: Payment verification, transaction status, account verification status, and payment method/card-network attributes relevant to fraud checks and fee calculation (for example card issuer country and funding type)
  • Other Users: If a contractor invites a client, creates a job for a client, or uploads project/contact data, we receive the information that user provides to us about the other person or project
  • Authentication Providers: Information from services you use to log in (if applicable)
  • Analytics Services (if enabled): Aggregated usage data

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Providing the Service

  • Create and manage your account
  • Process transactions and payments
  • Facilitate communication between contractors and clients
  • Store and display job information and documentation
  • Send transactional notifications, including email for verification codes, payment/milestone updates, cancellation/approval events, and account security alerts

3.2 Improving the Service

  • Analyze usage patterns and trends
  • Debug and fix technical issues
  • Develop new features and functionality
  • Train and improve AI features (using anonymized or aggregated data)

3.3 Security and Compliance

  • Detect, prevent, and address fraud and abuse
  • Verify user identity and prevent unauthorized access
  • Enforce geographic and jurisdiction eligibility controls (including regional access restrictions where the Service is not offered)
  • Comply with legal obligations and respond to legal requests
  • Enforce our Terms of Service

3.4 Communications

  • Respond to your inquiries and support requests
  • Send service announcements and updates
  • Send marketing communications (with your consent, where required)

4. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area or United Kingdom, our legal basis for processing your information includes:

  • Contract Performance: Processing necessary to provide the Service you requested
  • Legitimate Interests: Processing for fraud prevention, security, service improvement, and marketing (where appropriate)
  • Legal Obligations: Processing required to comply with applicable laws
  • Consent: Processing based on your explicit consent, which you may withdraw at any time

Some information is required to enter into or perform the Service, including account identifiers, payment or payout setup details, verification data, job records, and dispute-evidence records. Some information is required by law, payment-network rules, or fraud controls. If you do not provide required information, we may be unable to create an account, authorize a job, process a payment, verify identity, or release payouts.

5. Information Sharing and Disclosure

We do not sell your personal information, and we do not share personal information for cross-context behavioral advertising. We may share your information in the following circumstances:

5.1 With Other Users

  • Contractors see client names, contact information, and payment status for their jobs
  • Clients see contractor business names, profile information, and job details
  • Job-related communications and documentation are visible to both parties

5.2 With Service Providers

We share information with third-party service providers who assist us in operating the Service:

  • Stripe: Payment processing and identity verification
  • Supabase: Database hosting and authentication
  • Twilio: SMS notifications (when enabled)
  • Resend: Email delivery
  • OpenAI/Anthropic: AI-powered features (voice transcription, job structuring)
  • Cloudflare: Hosting and content delivery

These providers are contractually obligated to protect your information and may only use it for the specific services they provide to us. They may process data in countries other than your own, subject to the transfer safeguards described in Section 9.

5.3 For Legal Reasons

We may disclose your information if required to do so by law or in response to:

  • Valid legal process (subpoenas, court orders, legal requests)
  • Government or regulatory agency requests
  • Enforcement of our Terms of Service
  • Protection of our rights, property, or safety, or that of our users or the public

5.4 Business Transfers

If PhaseContract is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

5.5 Controller / Processor Roles

PhaseContract acts as a controller for account administration, identity verification, payments, fraud prevention, dispute evidence, support, product security, service analytics, and legally required compliance activities. Contractors and clients remain responsible for the lawfulness of the contract, scope, pricing, and their off-platform conduct.

Where a contractor uses the Service to store or transmit personal data about a client, site contact, or other project participant, and PhaseContract processes that data only to host, organize, secure, transmit, support, or otherwise operate the Service for that contractor, PhaseContract acts as a processor or service provider to the extent required by applicable law.

For that processor relationship, the subject matter of processing is the operation of the Service; the duration is the time the contractor uses the Service plus any applicable retention, dispute, fraud, tax, security, or legal-hold period; the data subjects may include contractors, clients, payers, site contacts, support correspondents, and other persons whose data a contractor uploads; and the data may include contact details, job records, communications, uploaded photos or documents, billing and transaction status, device data, and dispute-evidence records.

  • We process such data on the contractor's documented instructions as expressed through the Service configuration, supported product features, and direct support requests, except where applicable law, payment-provider rules, or card-network obligations require otherwise.
  • People authorized to process that data are subject to confidentiality obligations.
  • We implement technical and organizational security measures appropriate to the risks of the processing.
  • We use sub-processors and service providers such as the providers listed in Section 5.2 under written terms designed to protect personal data.
  • We provide reasonable assistance with data-subject requests, personal-data incidents, and compliance inquiries when the contractor needs our help to respond.
  • At the end of the processing relationship, we delete or return personal data as required by applicable law, contract, and our retention obligations, including legal holds, dispute defense, and tax or financial recordkeeping.
  • Contractors who need a separately executed DPA may request one at hello@phasecontract.com .

6. Data Retention

We retain your information for as long as necessary to:

  • Provide the Service and maintain your account
  • Comply with legal obligations (tax records, financial regulations)
  • Resolve disputes and enforce agreements
  • Prevent fraud and abuse

Specific retention periods:

  • Account data: Retained while your account is active, plus 7 years after deletion for legal compliance
  • Transaction records: Retained for 7 years for tax and financial reporting
  • Job documentation and photos: Retained for 3 years after job completion
  • Operational logs (info/warn): Retained for up to 30 days
  • Security/error logs: Retained for up to 90 days for incident response and debugging
  • Dispute and payment evidence records: Retained for up to 24 months unless a longer legal hold is required
  • Voice recordings: Deleted immediately after transcription processing

These periods can be extended where we must preserve records for an active dispute, chargeback, fraud review, legal hold, tax matter, or other legitimate compliance need.

7. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit (TLS/HTTPS) and at rest
  • Access Controls: Strict access controls and authentication requirements
  • Secure Infrastructure: Hosted on secure, compliant cloud infrastructure
  • Payment Security: Payment card data is handled directly by Stripe (PCI-DSS compliant) and never stored on our servers
  • Regular Audits: Security practices are regularly reviewed and updated

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

8. Your Rights and Choices

8.1 All Users

You have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Portability: Request a copy or export of your data where applicable law provides that right
  • Opt-out: Unsubscribe from marketing communications at any time
  • Account Closure: Close your account by contacting us

8.2 EEA/UK Users (GDPR Rights)

If you are in the European Economic Area or United Kingdom, you also have the right to:

  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
  • Complaint: Lodge a complaint with your local data protection authority

8.3 California Users (CCPA Rights)

If you are a California resident, you have the right to the following privacy rights under applicable law even though core transactional Service access may be restricted in California:

  • Know: Request information about the categories and specific pieces of personal information we collect
  • Delete: Request deletion of your personal information
  • Correct: Request correction of inaccurate personal information
  • Opt-out of sale/sharing: Direct a business not to sell or share personal information for cross-context behavioral advertising
  • Limit sensitive information: Request limits on the use and disclosure of sensitive personal information where that right applies
  • Non-Discrimination: Not be discriminated against for exercising your privacy rights

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising. We use sensitive personal information only as reasonably necessary to provide the Service, process payments, prevent fraud, maintain security, and comply with law. For statutory background, you can review GDPR reference text and California CCPA guidance .

8.4 Exercising Your Rights

To exercise any of these rights, please use our privacy contact route or email hello@phasecontract.com . We will respond to your request within the timeframe required by applicable law (typically 30 days). We may need to verify your identity before processing your request.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer data outside the EEA/UK, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries deemed to have adequate data protection
  • Other legally recognized transfer mechanisms

You may request more information about the safeguards relevant to your data by contacting hello@phasecontract.com .

10. Cookies and Tracking Technologies

We currently use limited storage technologies for:

  • Essential Authentication Cookies: Required for sign-in, session continuity, and security
  • Essential Preference Storage: Limited first-party storage for UI preferences (for example, dismissing in-app beta notices)

We do not currently deploy advertising cookies or third-party analytics cookies on public product pages. If we introduce non-essential cookies or tracking technologies in the future, we will provide notice and obtain consent where required by applicable law (including EU/Germany requirements).

You can manage storage controls through your browser settings. Disabling essential auth/session storage can prevent sign-in and core Service functionality.

Because we do not currently sell or share personal information for cross-context behavioral advertising, Global Privacy Control and similar opt-out preference signals do not currently change product behavior. If that changes, we will update this policy and honor applicable signals where required by law.

11. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

If we learn that we have collected information from a child under 18, we will promptly delete that information. If you believe we have information from a child under 18, please contact us immediately.

12. Third-Party Links and Services

The Service may contain links to third-party websites or services that we do not control. This Privacy Policy does not apply to those third parties.

We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you access.

13. Automated Decision-Making

We may use automated systems for:

  • Fraud detection and prevention
  • Trust level assessment for payment timing (determines whether charges occur at phase start or on approval, based on your payment history)
  • Automatic approval of completed work after 72 hours if no action is taken by the client
  • AI-powered job structuring assistance (voice transcription and phase generation)

These systems rely on inputs such as transaction patterns, account age, dispute history, device and IP consistency, payment-provider risk signals, and job state. They can affect payment timing, verification requirements, payout holds, fraud reviews, or temporary account restrictions.

If you believe an automated decision has adversely affected you, you may contact us to request human review at hello@phasecontract.com or through our contact route .

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Post the updated policy on the Service with a new effective date
  • Notify you by email or through the Service (for significant changes)
  • Obtain your consent where required by applicable law

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Michael Delgado, sole proprietor, trading as PhaseContract
Maßbornstraße 8
60437 Harheim, Hessen, Germany
Privacy requests:
hello@phasecontract.com
Contact route: Privacy contact route

For general inquiries:
General contact route
Legal notice:
Legal Notice / Impressum

For EEA/UK users, you also have the right to lodge a complaint with your local supervisory authority if you believe your data protection rights have been violated.