Legal · Effective from May 6, 2026

Privacy Policy

Last updated: May 6, 2026

This Privacy Policy explains how QuickBuck (operated by Ambsd Group Inc) collects, uses, shares, and protects information about you when you use our microjob marketplace at quickbuck.io. It applies to all users — Posters, Workers, and visitors — regardless of country of residence.

We've written it in plain English where possible, with the legal precision required for GDPR and CCPA compliance where necessary. If anything is unclear, contact [email protected].

1. Introduction

QuickBuck is a two-sided microjob marketplace where businesses post small online tasks and workers complete them for payment. Running a marketplace requires us to collect and process personal data — about who you are, what work you do, where you are, and how you get paid. This policy explains exactly what we collect and why, in language that's clear enough for someone without a law degree to understand, while including the precision GDPR and CCPA require.

By using the Platform you agree to the practices described here. This Privacy Policy works alongside our Terms of Service and Cookie Policy.

2. Who We Are (Controller Information)

The data controller for QuickBuck is:

For European Union and United Kingdom users, "personal data" has the meaning given to it under the General Data Protection Regulation (GDPR) and UK GDPR. For California users, "personal information" has the meaning given to it under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

3. Information We Collect

We collect data in the following categories:

3.1 Account information

  • Name (display name + legal name where required for payouts)
  • Email address
  • Password (stored as a one-way bcrypt hash; we never see the plaintext)
  • Authentication provider (Google OAuth identifier where applicable)
  • Profile picture (avatar URL or uploaded file)
  • Account creation date, last sign-in, account status

3.2 Profile and marketplace activity

  • User intent (earn / post / both)
  • Dashboard mode (Worker / Poster)
  • Country and region selection
  • Trust Level and reputation history
  • Posted Gigs, Reservations, submitted Proof of Work, dispute history
  • Messages exchanged on the Platform with other users
  • Reviews, ratings, and notes left on Gigs

3.3 Payment information

Payment details (card numbers, bank accounts, PayPal/Wise account identifiers) are collected and stored by our payment processors, Stripe and Wise. QuickBuck does not directly store full card numbers or CVV codes. We retain only:

  • Last 4 digits of payment card (where applicable)
  • Card brand (Visa / Mastercard / etc.)
  • Stripe Customer ID and Stripe Connect Account ID
  • Wise recipient ID (for international payouts)
  • Transaction history (amount, currency, timestamp, status)
  • Tax-related identifiers required by law (e.g. SSN/EIN for US 1099-NEC issuance, collected via Stripe)

3.4 Location data

  • Country and region (self-declared during onboarding)
  • Verified country (derived from GPS + IP signals during location verification)
  • Coarse coordinates (rounded to ~10 meter precision) for region-bound Gigs
  • Cloudflare-derived country signal (from network metadata)
  • VPN / proxy risk score (derived from IP organization data)
  • IP address (logged for security and abuse prevention)

See our location verification guide for the user-facing flow.

3.5 Device and technical data

  • Browser type and version (parsed from User-Agent)
  • Operating system
  • Device type (desktop / mobile / tablet)
  • Screen size and viewport
  • Language preference
  • Time zone
  • Referrer URL (page that linked to QuickBuck)
  • Session identifiers (Firebase Auth tokens, security cookies)

3.6 Usage and analytics data

  • Pages viewed and time on each page
  • Click events on key UI elements
  • Search queries on the Gigs page
  • Funnel events (signup completion, gig posted, slot reserved, proof submitted, payout requested)
  • Error events (JavaScript exceptions, API failures)
  • Performance data (page load times, API latency)

3.7 Communications

  • Support emails sent to and received from QuickBuck addresses
  • In-Platform messages between users
  • Marketing email open/click data (where you've opted in)
  • Survey responses (where you've voluntarily participated)

3.8 Cookies and similar technologies

We use cookies, localStorage, and sessionStorage. See Cookie Policy for the full breakdown.

4. Sources of Information

We collect data from:

  • You directly — when you sign up, fill in profile fields, post a Gig, submit Proof of Work, or contact support;
  • Authentication providers — Google (where you sign in with Google) shares your email address, name, profile picture, and Google ID with us;
  • Payment processors — Stripe and Wise share transaction status and recipient verification status with us;
  • Network infrastructure — Cloudflare and our hosting provider log IP addresses and request metadata for security purposes;
  • Browser APIs — your browser shares User-Agent, time zone, language, and (with permission) GPS coordinates;
  • Other users — Posters submit reviews of Workers and vice versa, which become part of your profile.

5. Why We Collect It (Lawful Basis Under GDPR)

For European Union and United Kingdom users, our processing of personal data is justified under one or more of these GDPR lawful bases:

  • Contract performance (Article 6(1)(b)) — to provide the Platform services you signed up for: account management, Gig posting, Reservations, Proof reviews, payouts.
  • Legitimate interests (Article 6(1)(f)) — fraud prevention, security, marketplace integrity, product improvement, and direct marketing of our services to existing users where you have not objected.
  • Legal obligations (Article 6(1)(c)) — tax reporting (e.g. 1099-NEC issuance), sanctions compliance, anti-money-laundering checks, and responses to lawful requests from authorities.
  • Consent (Article 6(1)(a)) — for non-essential cookies, marketing emails to non-customers, and any other processing where we explicitly ask for opt-in.

You can withdraw consent at any time where consent is the legal basis, without affecting processing carried out under other bases prior to withdrawal.

6. How We Use Your Data

We use the data described above to:

  • Authenticate you on sign-in and keep your session secure;
  • Run the marketplace (post Gigs, reserve Slots, review Proof of Work, process payouts);
  • Verify your eligibility for region-bound or higher-trust Gigs (location verification, Trust Level checks);
  • Detect and prevent fraud, abuse, sybil attacks, and policy violations;
  • Provide customer support and resolve disputes;
  • Issue tax forms (1099-NEC for US Workers earning over $600/year);
  • Comply with sanctions and anti-money-laundering law;
  • Send transactional emails (Gig approvals, payout confirmations, security alerts);
  • Send marketing communications where you have opted in;
  • Improve the Platform via aggregated analytics and bug-fix telemetry;
  • Defend against legal claims and respond to legal compulsion.

We do not sell personal data. We do not share personal data with third parties for their own marketing purposes. We do not run third-party advertising on QuickBuck.

7. Sharing With Third Parties

We share specific categories of data with the following processors and recipients:

RecipientPurposeData shared
StripePayment processing, escrow, 1099 issuanceName, email, billing address, payment-method tokens, transaction data, tax IDs
WiseInternational payouts to WorkersName, email, country, payout method, recipient bank/PayPal details
Google (Firebase)Auth, database (Firestore), file storage, hostingAll Account, Gig, and Proof data
Google (OAuth)Sign-in with GoogleEmail, name, Google ID — shared from Google to us, not the reverse
CloudflareCDN, DDoS protection, edge functionsIP addresses, request metadata, performance metrics
PostHogProduct analyticsPseudonymized event data, page views, click events
SentryError monitoringStack traces, browser metadata, user ID for error correlation
Other UsersMarketplace interactionDisplay name, profile picture, country, Trust Level, public Gig + review history

We may also disclose data to law enforcement, regulators, or in response to valid legal process. Where permitted by law, we will notify the affected user before disclosure.

We may share aggregated, deidentified data (where individuals cannot reasonably be re-identified) for research, analytics, and marketing purposes without restriction.

8. International Transfers

QuickBuck operates globally. Data is stored primarily in Google Cloud regions managed by Firebase, with edge processing on Cloudflare's global network. Payment data is processed by Stripe (US/EU) and Wise (UK/EU/global).

For European Union users, where data is transferred outside the European Economic Area (EEA) we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, in place with Stripe, Google (Firebase), and Cloudflare;
  • Adequacy decisions where the receiving country has been deemed adequate by the European Commission (e.g. UK, Switzerland);
  • EU-US Data Privacy Framework certifications where applicable for US-based processors.

9. Data Retention

We retain personal data for as long as necessary for the purposes for which it was collected, unless a longer retention period is required by law:

  • Active Account data — for the lifetime of your Account.
  • Closed Account data — 7 years after Account closure for tax, audit, and dispute-resolution purposes.
  • Transaction data — 7 years (tax + financial-reporting requirements).
  • Proof of Work and dispute records — 7 years.
  • Support tickets — 3 years after resolution.
  • Marketing data — until you unsubscribe, plus a short suppression list to prevent re-marketing.
  • Server logs — 90 days, then aggregated.
  • Security logs — 12 months for incident-response purposes.
  • Backup copies — overwritten on a 90-day rolling schedule.

When the retention period expires we delete the data or anonymize it such that re-identification is not reasonably possible.

10. Security

We implement administrative, technical, and physical safeguards:

  • Encryption in transit — TLS 1.2+ on every connection;
  • Encryption at rest — Firestore + Cloud Storage encrypt data at rest with rotation-managed keys;
  • Access controls — application-level Firestore security rules restrict reads/writes; admin access is limited to minimum-necessary personnel via Google IAM with hardware-key MFA;
  • Audit logs — significant administrative actions are logged for accountability;
  • Bcrypt password hashing via Firebase Auth (we never see plaintext passwords);
  • Payment card data isolation — handled by Stripe (PCI-DSS Level 1 service provider); QuickBuck systems do not touch raw card data;
  • Cloudflare WAF + DDoS protection at the edge;
  • Sentry-based error monitoring with PII redaction.

No system is perfectly secure. If you suspect unauthorized access to your Account, contact [email protected] immediately.

In the event of a personal-data breach affecting EU residents, we will notify the relevant supervisory authority within 72 hours where required by GDPR Article 33, and notify affected users without undue delay where required by GDPR Article 34.

11. Your Rights

Depending on your country of residence, you may have the following rights:

  • Right of access — request a copy of the personal data we hold about you;
  • Right to rectification — request correction of inaccurate or incomplete data;
  • Right to erasure ("right to be forgotten") — request deletion of your data, subject to legal retention obligations;
  • Right to restrict processing — pause the processing of your data while a request is reviewed;
  • Right to data portability — receive your data in a machine-readable format;
  • Right to object — object to processing based on legitimate interests, including direct marketing;
  • Right not to be subject to automated decision-making with significant effects on you (see Section 15);
  • Right to lodge a complaint with your country's data-protection authority.

To exercise any of these rights, email [email protected] from the email address registered on your Account. We will respond within 30 days (extendable to 90 days for complex requests as permitted by GDPR Article 12(3)).

12. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have these additional rights:

  • Right to know — what categories of personal information we collect, sources, purposes, and recipients;
  • Right to delete — request deletion of personal information we hold about you;
  • Right to correct — request correction of inaccurate personal information;
  • Right to opt out of sale or sharing — note: QuickBuck does not sell or share personal information for cross-context behavioral advertising as defined by the CCPA/CPRA;
  • Right to limit use of sensitive personal information — request limitation to uses necessary to provide the service;
  • Right to non-discrimination — we will not discriminate against you for exercising any CCPA right.

To exercise California rights, email [email protected]. You may designate an authorized agent in writing.

13. Children's Privacy

QuickBuck is not directed to children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has created an Account, contact [email protected] and we will delete the Account and any associated data without undue delay.

14. Marketing Communications

We send transactional emails (signup confirmation, Gig approval, payout confirmation, security alerts) regardless of marketing preference because they are necessary for service operation.

We may send marketing emails (newsletter, product updates, special offers) only to existing users who have not opted out, or to non-users who have opted in. Every marketing email contains an unsubscribe link in the footer. Unsubscribing takes effect within 7 business days.

15. Automated Decision-Making

We use automated processing in a limited number of areas:

  • Trust Level computation — based on completion history, proof quality, and verification status. This is reviewed by moderation; you may request human review of any Trust Level decision.
  • Fraud and abuse detection — automated systems may flag suspicious activity, leading to additional verification or temporary restrictions. Significant actions (account termination, payout reversal) are reviewed by humans.
  • Sanctions screening — automated checks against sanctions lists with human review of any matches.

You have the right to request human review of any decision based solely on automated processing that produces legal or similarly significant effects on you.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

  • We will revise the "Last updated" date at the top of this page;
  • We will notify users via email at the address registered on the Account;
  • For significant changes affecting EU/UK users, we will provide at least 30 days' notice before the change takes effect.

Your continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

17. Contact

For privacy questions, data requests, or to exercise your rights:

For EU users you may also contact your country's data-protection authority directly. A list of EU DPAs is available at edpb.europa.eu.

You can read more about who runs QuickBuck on our About page or follow our founder at @AmbsdOP on X.

Read next

Terms of Service →

Read next

Cookie Policy →

About

Who runs QuickBuck →