Privacy Policy

Version 1.0 · Effective 2026-04-24

1. Overview

This Privacy Policy describes how MySkii Ltd. (“MySkii”, “we”) handles personal data when you use the MySkii marketplace. It applies to the website, mobile browsers, and any API you access as a registered member.

We aim to collect the minimum personal data required to run the service and to tell you plainly what happens with it.

2. Who We Are

MySkii Ltd. operates the MySkii marketplace. Registered address: 155 Thomas Slee Dr, Kitchener ON, N2P 0J8, Canada. Privacy questions go to privacy@myskii.com.

3. Information We Collect

You give us your email on signup, and optionally a handle, display name, avatar, bio, skill categories, portfolio links, and timezone. You also give us the tasks you post or claim, messages you send through the platform, reviews you write, and files you upload as deliverables.

We generate credit balances and transaction records, reputation scores, badges, notifications, and audit-log entries of administrative actions.

Automatically from your device: basic request metadata (IP address, browser user-agent, timestamps, pages visited). We use IP address briefly for security (rate-limit identification, abuse detection) and do not retain it as a long-term profile attribute.

4. How We Use Information

We process data for the following purposes and legal bases:

Service delivery (contract performance, GDPR Art. 6(1)(b)): running the marketplace, matching buyers and sellers, processing escrow, holding messages, generating receipts.
Security and fraud prevention (legitimate interest, Art. 6(1)(f)): rate limits, abuse reports, dispute review, account integrity.
Legal compliance (Art. 6(1)(c)): keeping transaction records for accounting and dispute retention periods.
Service improvement & analytics (consent, Art. 6(1)(a)): aggregated usage patterns via PostHog. This is opt-in; if you decline the cookie banner, we don't set these cookies or run autocapture / session replay.
Error monitoring (legitimate interest, Art. 6(1)(f)): Sentry captures server and unhandled browser errors. We mask all text and inputs in session replays so message content and form data don't leave your browser.

6. Data Retention

Profile data is kept while your account is active. Deleting your account anonymizes the profile in place — email, handle, display name, bio, avatar, and portfolio are scrubbed; the row remains so transaction and dispute records stay intact.

Messages are kept for 12 months after the associated task closes, then decayed.

Transaction records and dispute decisions are kept for at least 7 years for accounting and legal retention.

Analytics events (when consented) are kept per PostHog's retention policy — 7 years by default; we may shorten this.

Error events in Sentry are kept for 90 days.

7. Your Rights

Under GDPR (EU/UK) and comparable laws you can:

Access a copy of your data. Download it as JSON while signed in.
Rectify inaccurate data via Settings.
Erase your account via Settings → Delete Account, which anonymizes personal identifiers while preserving transaction records as described above.
Restrict or object to processing of analytics (click “Essential only” on the cookie banner or revisit your choice in Settings).
Port your data to another service (the JSON export is the vehicle).
Complain to a supervisory authority — the Office of the Privacy Commissioner of Canada (priv.gc.ca) for Canadian residents, the Information and Privacy Commissioner of Ontario (ipc.on.ca) for Ontario residents, your local data-protection regulator for EU/UK residents, or the California Privacy Protection Agency for California residents.

To exercise rights not exposed via self-serve, email privacy@myskii.com. We respond within 30 days.

8. Cookies & Similar Technologies

Essential cookies (always on): authentication session, CSRF protection, consent preference.

Analytics cookies (opt-in): PostHog for product analytics and masked session replay. These load only if you accept on the cookie banner; we don't use tracking pixels from ad networks.

9. International Transfers

Our processors operate globally. When personal data leaves the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses or equivalent safeguards in the data-processing agreements with each processor listed above.

10. Children

MySkii is not directed to people under 16. We don't knowingly collect data from children under 16. If you believe we have, email privacy@myskii.com and we'll delete it.

11. Security

We protect data with TLS in transit, at-rest encryption on our database and object storage, strict CSP, regular dependency updates, and principle-of-least-privilege access controls on administrative tools. No system is perfect; if you see something, email security@myskii.com.

12. Changes to This Policy

Material changes bump the Version and Effective Date. Active users get an email on material changes.

13. Contact

For anything privacy-related, email privacy@myskii.com.

MySkii Ltd.. 155 Thomas Slee Dr, Kitchener ON, N2P 0J8, Canada.

Privacy Policy

Version 1.0 · Effective 2026-04-24

1. Overview

We aim to collect the minimum personal data required to run the service and to tell you plainly what happens with it.

2. Who We Are

MySkii Ltd. operates the MySkii marketplace. Registered address: 155 Thomas Slee Dr, Kitchener ON, N2P 0J8, Canada. Privacy questions go to privacy@myskii.com.

3. Information We Collect

We generate credit balances and transaction records, reputation scores, badges, notifications, and audit-log entries of administrative actions.

4. How We Use Information

We process data for the following purposes and legal bases:

Service delivery (contract performance, GDPR Art. 6(1)(b)): running the marketplace, matching buyers and sellers, processing escrow, holding messages, generating receipts.
Security and fraud prevention (legitimate interest, Art. 6(1)(f)): rate limits, abuse reports, dispute review, account integrity.
Legal compliance (Art. 6(1)(c)): keeping transaction records for accounting and dispute retention periods.
Service improvement & analytics (consent, Art. 6(1)(a)): aggregated usage patterns via PostHog. This is opt-in; if you decline the cookie banner, we don't set these cookies or run autocapture / session replay.
Error monitoring (legitimate interest, Art. 6(1)(f)): Sentry captures server and unhandled browser errors. We mask all text and inputs in session replays so message content and form data don't leave your browser.

6. Data Retention

Messages are kept for 12 months after the associated task closes, then decayed.

Transaction records and dispute decisions are kept for at least 7 years for accounting and legal retention.

Analytics events (when consented) are kept per PostHog's retention policy — 7 years by default; we may shorten this.

Error events in Sentry are kept for 90 days.

7. Your Rights

Under GDPR (EU/UK) and comparable laws you can:

Access a copy of your data. Download it as JSON while signed in.
Rectify inaccurate data via Settings.
Erase your account via Settings → Delete Account, which anonymizes personal identifiers while preserving transaction records as described above.
Restrict or object to processing of analytics (click “Essential only” on the cookie banner or revisit your choice in Settings).
Port your data to another service (the JSON export is the vehicle).
Complain to a supervisory authority — the Office of the Privacy Commissioner of Canada (priv.gc.ca) for Canadian residents, the Information and Privacy Commissioner of Ontario (ipc.on.ca) for Ontario residents, your local data-protection regulator for EU/UK residents, or the California Privacy Protection Agency for California residents.

To exercise rights not exposed via self-serve, email privacy@myskii.com. We respond within 30 days.

8. Cookies & Similar Technologies

Essential cookies (always on): authentication session, CSRF protection, consent preference.

Analytics cookies (opt-in): PostHog for product analytics and masked session replay. These load only if you accept on the cookie banner; we don't use tracking pixels from ad networks.

9. International Transfers

10. Children

MySkii is not directed to people under 16. We don't knowingly collect data from children under 16. If you believe we have, email privacy@myskii.com and we'll delete it.

11. Security

12. Changes to This Policy

Material changes bump the Version and Effective Date. Active users get an email on material changes.

13. Contact

For anything privacy-related, email privacy@myskii.com.

MySkii Ltd.. 155 Thomas Slee Dr, Kitchener ON, N2P 0J8, Canada.

Privacy Policy

1. Overview

2. Who We Are

3. Information We Collect

4. How We Use Information

5. Who We Share Data With

6. Data Retention

7. Your Rights

8. Cookies & Similar Technologies

9. International Transfers

10. Children

11. Security

12. Changes to This Policy

13. Contact

Privacy Policy

1. Overview

2. Who We Are

3. Information We Collect

4. How We Use Information

5. Who We Share Data With

6. Data Retention

7. Your Rights

8. Cookies & Similar Technologies

9. International Transfers

10. Children

11. Security

12. Changes to This Policy

13. Contact