Legal

Privacy Policy

How Doera collects, uses, shares, stores, and protects personal data.

Effective date: 26 April 2026

Doera is operated by Huggalux - SARL - S. Contact: info@doera.lu · +352 691 900 508

All legal documents

1. Controller and contact

Doera is operated in Luxembourg by Huggalux - SARL - S, which acts as controller for the personal data described in this policy when it decides why and how that data is processed.

For privacy questions or rights requests, contact info@doera.lu.

2. Personal data we process

  • Account data such as name, email address, profile role, authentication identifiers, and account preferences.
  • Profile data such as biography, skills, service categories, rates, languages, city, neighbourhood, and profile photos.
  • Job and transaction data such as requests, proposals, agreed amounts, payment status, cancellation records, and dispute records.
  • Communication data such as in-app messages, support tickets, notifications, and moderation signals.
  • Technical data such as IP address, browser and device information, logs, session identifiers, and security events.
  • Optional measurement data where the user consents to analytics or advertising measurement.

3. Why we process data and legal bases

  • To create and manage accounts and provide the platform: Article 6(1)(b) GDPR.
  • To process platform payments, receipts, cancellations, support, and fraud-prevention controls: Articles 6(1)(b), 6(1)(c), and 6(1)(f) GDPR depending on the activity.
  • To meet legal obligations such as accounting, tax, record-keeping, or lawful disclosure duties: Article 6(1)(c) GDPR.
  • To run optional analytics and advertising measurement after consent: Article 6(1)(a) GDPR.

4. Recipients and service providers

Doera uses service providers that support hosting, authentication, email delivery, payment processing, analytics, security monitoring, and customer support operations.

Depending on the feature used, data may be processed by providers such as Supabase, Stripe, Resend, Microsoft Clarity, Google, and PostHog. These providers only receive the data needed for their role and are used under contractual or other lawful safeguards where required.

5. International transfers

Some providers may process data outside Luxembourg or outside the EEA. Where that happens, Doera relies on lawful transfer mechanisms such as adequacy decisions or the European Commission standard contractual clauses where required.

6. Retention

  • Account and profile data is kept while the account remains active and then for a limited follow-up period where needed for legal, fraud, or dispute reasons.
  • Transaction and accounting records are retained for the periods required by applicable Luxembourg legal and tax obligations.
  • Support, moderation, and security records are retained for as long as reasonably necessary for the relevant issue and any follow-up legal need.
  • Consent records are retained for as long as needed to demonstrate consent choices and handle withdrawals.

7. Your rights

  • Access, rectification, erasure, restriction, portability, and objection where the GDPR provides them.
  • Withdrawal of consent at any time for processing based on consent.
  • The right to lodge a complaint with the CNPD in Luxembourg.

8. Security

Doera uses technical and organisational measures appropriate to the risk, including access controls, authentication controls, transport encryption where available, and internal restrictions on production access.

9. Changes

This policy may be updated when the product, providers, or legal requirements change. The latest version is published on this site.