Privacy Policy

Operator: [USTIO LLC / "Ustio" Mas'uliyati cheklangan jamiyat] (the "Operator", "we", "us", "our") Registered office: [TBD, Toshkent, Republic of Uzbekistan] STIR (Taxpayer Identification Number): [TBD] State registration: [TBD] Contact e-mail (data protection enquiries): privacy@ustio.app General support e-mail: support@ustio.app Telegram (official channel): @ustio_uz

Effective date: [DATE OF PUBLICATION] Version: 1.0

1. Introduction and scope

This Privacy Policy ("Policy") governs the collection, processing, storage, transfer and disclosure of personal data by the Operator in connection with the Ustio service (the "Service"), accessible through:

the Ustio mobile application for Android and iOS ("Mobile App");
the website located at https://ustio.app and its subdomains ("Website");
any application programming interfaces, dashboards, communications, support channels, or related services operated by us (together with the Mobile App and Website, the "Platform").

The Service is a marketplace that connects customers seeking household, professional or trade services ("Customers") with independent service providers ("Providers"). This Policy applies to both Customers and Providers and to any visitor of the Website (each, a "User" or "you").

By creating an account, by using the Service, by submitting a request for services, by submitting an offer in response to a request, or by browsing the Website beyond the cookie banner, you confirm that you have read, understood, and accepted the practices set out in this Policy and that you grant the consents described herein where consent is required.

This Policy is drafted to comply with:

the Law of the Republic of Uzbekistan No. ZRU-547 dated 2 July 2019 "On Personal Data" (as amended) (the "PDP Law");
the Cabinet of Ministers of the Republic of Uzbekistan Resolution No. 1107 dated 31 December 2020 (and subsequent regulations on personal data protection);
the Law of the Republic of Uzbekistan No. ZRU-684 dated 22 May 2020 "On Electronic Commerce";
the Law of the Republic of Uzbekistan "On Telecommunications" and applicable subordinate acts;
the Law of the Republic of Uzbekistan "On Protection of Consumer Rights" (No. ZRU-221, as amended);
the requirements of the State Inspection for Control in the Sphere of Informatization and Telecommunications (the "Inspection") and the personal data registry maintained by the authorised state body.

Where you are situated in or are a citizen of another jurisdiction, additional protections may apply to you under the law of that jurisdiction. To the maximum extent compatible with the laws of the Republic of Uzbekistan, this Policy is intended to satisfy the substantive requirements of Regulation (EU) 2016/679 ("GDPR") as well.

2. Defined terms

In this Policy, the following terms have the meanings set out below:

"Personal Data" – any information relating to an identified or identifiable natural person, including, by way of example only, telephone number, name, address, identity document, photograph, transaction history, device identifiers, and IP address.
"Sensitive Personal Data" – Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation, criminal convictions, and any data classified as such by the PDP Law and related regulations.
"Processing" – any operation or set of operations performed on Personal Data, whether or not by automated means, including collection, recording, organisation, structuring, storage, alteration, retrieval, use, disclosure, transmission, restriction, erasure, and destruction.
"Data Subject" – the natural person to whom the Personal Data relates (the User).
"Operator" – the legal person that determines, alone or jointly with others, the purposes and means of Processing.
"Processor" – a third party that Processes Personal Data on behalf of the Operator.
"Consent" – any freely given, specific, informed, and unambiguous indication of the Data Subject's wishes by which the Data Subject signifies agreement to the Processing of Personal Data relating to him or her.
"Service" – the Ustio marketplace platform described in section 1.

Capitalised terms used and not defined in this Policy have the meanings given to them in our Terms of Service.

3. Identity and contact details of the Operator

The Operator is the data controller for all Personal Data Processed in connection with the Service, except where it is expressly stated that a third party acts as an independent controller.

The Operator's full contact details are stated at the beginning of this Policy. Communications relating to Personal Data Processing, including the exercise of your rights set out in section 12, should be addressed to privacy@ustio.app or sent in writing to the registered office.

The Operator is registered in the personal data operators' registry maintained by the competent state body of the Republic of Uzbekistan; the registration number will be disclosed upon request once issued.

The Operator has appointed a person responsible for personal data protection. Requests addressed to privacy@ustio.app are handled by this person.

4. Personal Data we collect

We collect Personal Data that is necessary, adequate, relevant, and limited to the purposes for which it is Processed. The categories of Personal Data we Process are described below. Some categories are necessary for the Service to function; others depend on optional features and on the role of the User (Customer or Provider).

4.1 Information you provide directly

(a) Account registration and authentication

Mobile telephone number (in E.164 international format, e.g. +998901234567). Required.
A hashed (one-way irreversible) representation of your telephone number used for fraud prevention and rate limiting. Required.
The one-time password ("OTP") that we send to you by SMS for authentication. The OTP is stored for a short period only and is erased on successful verification or expiry.
Your preferred application language (Uzbek, Russian, or English). Required for localisation; defaults to Uzbek.

(b) Profile completion

First name and last name. Required.
E-mail address. Optional; required only if you wish to enable e-mail-based features such as receipts and data export delivery by e-mail. We store a flag indicating whether your e-mail address has been verified.
Date of birth. Optional. You must be at least 18 years old to use the Service (see section 9).
Gender (selected from: male, female, other, prefer-not-to-say). Optional.
Avatar / profile photograph. Optional.

(c) Location and address data

City of residence and district code, used by the Service to display locally relevant categories and to match Customers with Providers operating in the same area. Required.
A textual address description ("address text") supplied at the moment of submitting a service request. Optional.
Latitude/longitude coordinates derived from the address you supply, where you choose to enable location enrichment. Optional.

(d) Customer service requests

Free-text description of the work you require ("note"). Optional.
Answers to structured category questions (for example, type of work, materials, area in square metres, urgency). Optional except where the selected category mandates them.
Photographs uploaded by you. Optional.
Preferred contact channels (phone, Telegram, or both). At least one channel is mandatory.
An optional "urgent" indicator.
Desired expiry of the request (defaults to fourteen (14) days, configurable by you within limits set by us).

(e) Provider profile and offers

Provider biography ("bio"), languages spoken, years of experience, working hours.
Categories of services you offer (subject to a per-provider maximum, currently thirty (30) categories).
Service area: city and district codes where you accept work.
Offer text and price for individual offers you submit in response to Customer requests. The offer message is subject to automated and human moderation, including detection of attempts to share private contact details outside the Platform.

(f) "Know your customer" data (Providers only) — sensitive category

Document type (e.g. passport, national identity card).
Front side image of the identity document.
Back side image of the identity document (where applicable).
A "selfie" photograph showing your face, used to verify that the holder of the identity document corresponds to the registered Provider.
Optional administrative notes recorded by our compliance reviewers (these are visible only to us).

Identity-document data and the selfie photograph are categorised by us as sensitive Personal Data within the meaning of Article 3 of the PDP Law and equivalent regulations. We Process this data only with your explicit Consent obtained during the verification flow, only for the purposes set out in section 5.1(c), and only for the limited retention period set out in section 8.

(g) Communications

Content of in-app messages and offers you exchange through the Platform.
Records of customer-support conversations you initiate (including the content of messages and any files you attach).
Telegram chat identifier, if you choose to link your Telegram account to the Service.
Notification preferences (per channel: push, e-mail, SMS, Telegram; per category; "do not disturb" hours).

(h) Payment and wallet data

Wallet balance, top-up history, lead-fee deductions, and other wallet transactions. Wallet balance is denominated in Uzbek soum (UZS) and reflects sums credited to the wallet for the payment of lead fees.
For top-ups conducted through Click or Payme: transaction identifiers, payment status, and the raw payload returned by the payment provider in their webhook callback. We do not receive or store your full card primary account number (PAN), card verification value (CVV/CVC), or full card expiry data: those are handled exclusively by the payment provider in their certified PCI-DSS environment.

(i) Reviews and ratings

Star rating you submit after the completion of a service.
Optional textual review and tags.
A version history of edits you make within the editing window we provide.

(j) Consents and preferences

A record of the consents you have granted or revoked, including consent type, version of the relevant document, timestamp of action, IP address used at the time of action, and User Agent string of the device used.

4.2 Information collected automatically

(a) Device and connection information

A device identifier generated by your device or by the Mobile App. This identifier is not linked to your hardware MAC address or to other persistent hardware-level identifiers.
Device platform and operating-system version.
Application version.
IP address.
User Agent of your browser or Mobile App.

(b) Push-notification credentials

The Firebase Cloud Messaging ("FCM") token issued by Google to your installation of the Mobile App. The token is used solely to deliver push notifications you have requested and is rotated by your device from time to time.

(c) Authentication tokens

A short-lived "access token" embedded with the user identifier, role, locale, and a unique token identifier ("jti"). Access tokens are not stored server-side once issued; their integrity is verified cryptographically on each request.
A hashed representation of a "refresh token" used to issue replacement access tokens. The raw refresh token is delivered to your device once at issuance and is never recoverable from our systems.

(d) Diagnostic and analytics events

Application-level events such as "app open", "screen view", "login success", and the corresponding event properties (for example, the screen path with personal identifiers redacted to the pattern :id). Event properties are designed to be non-identifying; we do not include free-text user input in analytics events.
Error reports, including stack traces, breadcrumbs, the user identifier, the route at which the error occurred, and minimal device context. Error reports are filtered to remove categories of input that are likely to contain Personal Data (for example, the body of authentication requests).

(e) Server logs

Records of API requests, response codes, latency, and trace identifiers used for debugging and incident response. These logs retain User Agent and IP address for security-investigation purposes.

(f) Cookies on the Website

Please see section 11 for our cookie policy.

4.3 Information received from third parties

From Eskiz.uz (our SMS-gateway provider): delivery and failure receipts for OTP messages.
From Click and Payme (our payment-acceptance partners): webhook callbacks containing transaction status, merchant transaction identifiers, and limited masked card metadata as supplied by them.
From Firebase Cloud Messaging: delivery status of push notifications.
From Telegram: the chat identifier corresponding to your Telegram account, after you have actively linked your account by pressing the link generated for you within the Mobile App.
From other Users: reviews, ratings, complaints, and reports concerning your conduct on the Platform.

We do not purchase Personal Data from data brokers, nor do we obtain Personal Data from publicly available scraped sources.

5. Purposes and legal bases for Processing

The Processing of your Personal Data is carried out only for the specific, declared, and lawful purposes set out below. For each purpose we state (i) the categories of Personal Data Processed, (ii) the legal basis under the PDP Law and other applicable legislation, and (iii) the consequences of refusing to provide the Personal Data.

5.1 Provision of the Service

(a) Authentication and account management

Data categories: sections 4.1(a), 4.1(b), 4.2(a)–(c).
Legal basis: PDP Law Article 17 (necessity for the performance of an agreement to which the Data Subject is a party); your Consent at registration.
Consequence of refusal: the Service cannot be provided without authentication data; you will not be able to register or to use the Service.

(b) Operation of the marketplace

Data categories: sections 4.1(c), 4.1(d), 4.1(e), 4.1(g).
Legal basis: PDP Law Article 17 (necessity for the performance of an agreement); legitimate interest of the Operator and of other Users in the proper functioning of the marketplace, in compliance with PDP Law Article 17.
Consequence of refusal: without these data categories you cannot publish requests, submit offers, or exchange messages with other Users.

(c) Provider identity verification (KYC) — sensitive Personal Data

Data categories: section 4.1(f).
Legal basis: your explicit Consent given during the KYC flow; performance of an agreement with Providers; legitimate interest in fraud prevention and in protecting Customers from impersonation; compliance with anti-money-laundering and consumer-protection legislation of the Republic of Uzbekistan.
Consequence of refusal: Providers cannot become "verified", cannot unlock paid offer submissions, and cannot operate within the Service. KYC is mandatory for Providers and is not requested from Customers.

(d) Payment processing and lead-fee billing

Data categories: section 4.1(h).
Legal basis: PDP Law Article 17 (performance of an agreement); compliance with accounting and tax legislation of the Republic of Uzbekistan; legitimate interest in detecting fraud and chargeback abuse.
Consequence of refusal: Providers will not be able to top up their wallets or submit paid offers; the Service can otherwise be used.

5.2 Communications

(a) Service-related notifications (push, e-mail, Telegram, in-app)

Data categories: sections 4.1(a), 4.1(b), 4.1(g), 4.2(b).
Legal basis: PDP Law Article 17 (performance of an agreement); legitimate interest in informing Users of events relating to their requests, offers and account status.
Consequence of refusal: you can opt out of optional channels in your settings; transactional notifications (such as KYC outcome, dispute resolution and account-security events) are essential and may continue to be delivered.

(b) Marketing communications

Data categories: contact details and an indicator of your interest categories.
Legal basis: your separate explicit Consent. Marketing communications are not sent without prior Consent.
Consequence of refusal: none; you will continue to receive only transactional notifications.

5.3 Safety, integrity, and abuse prevention

Data categories: sections 4.1, 4.2, 4.3 as applicable.
Legal basis: legitimate interest of the Operator and of other Users in keeping the Service safe and lawful; compliance with the laws of the Republic of Uzbekistan, including content-moderation obligations; protection of minors; fraud prevention.
Processing activities include, without limitation: automated and human review of free-text fields and photographs for prohibited content (including contact-detail evasion patterns); detection of multi-account abuse; detection of payment-card fraud; detection of fake reviews; investigation of complaints.

5.4 Analytics, performance, and product improvement

Data categories: section 4.2(d), pseudonymous identifiers, and aggregated metrics derived from sections 4.1(c)–(e).
Legal basis: your Consent, which is requested at first launch of the Mobile App and through the cookie banner of the Website; legitimate interest in operating and improving the Service to the extent that Processing is strictly pseudonymous and aggregated.
Consequence of refusal: you can decline analytics consent without affecting your ability to use the Service.

5.5 Compliance with legal obligations

Data categories: sections 4.1(a)–(d), 4.1(f), 4.1(h), 4.1(j); audit logs (see section 8).
Legal basis: compliance with the laws of the Republic of Uzbekistan, including accounting, taxation, consumer-protection, anti-money-laundering, anti-fraud and electronic-commerce legislation; response to lawful requests of competent state authorities.
Consequence of refusal: certain features (in particular payment functionality) cannot be provided.

5.6 Establishment, exercise, or defence of legal claims

Data categories: as relevant to the claim, including transactional history, communications, audit logs, IP addresses, and identity-verification data.
Legal basis: legitimate interest of the Operator in protecting its rights and defending against claims.
Retention: as set out in section 8.

We do not carry out any automated decision-making that produces legal effects concerning you or that similarly significantly affects you within the meaning of Article 22 of the GDPR. Decisions on KYC verification, on dispute resolution, on account suspension, and on category activation are taken by humans, supported by automated tools.

6. Recipients of Personal Data

We disclose Personal Data only to the recipients listed below and only to the extent necessary for the purposes described in section 5. We require all Processors to operate under written agreements obliging them to protect Personal Data to a standard at least equivalent to that imposed by this Policy and the PDP Law.

6.1 Internal recipients

Employees, officers, contractors, and authorised agents of the Operator who need to access Personal Data to perform their duties, under strict role-based access controls, on a need-to-know basis, and under contractual confidentiality obligations.

6.2 Service providers acting as Processors on our behalf

Processor	Function	Country of establishment / Processing location	Categories of Personal Data
Eskiz LLC ("eskiz.uz")	SMS gateway for OTP delivery	Republic of Uzbekistan	Telephone number, OTP code
Click LLC ("click.uz")	Payment acceptance for wallet top-ups	Republic of Uzbekistan	Transaction identifiers, payment status, masked card metadata
Paycom Ltd. ("payme.uz")	Payment acceptance for wallet top-ups	Republic of Uzbekistan	Transaction identifiers, payment status, masked card metadata
Google LLC (Firebase Cloud Messaging)	Push-notification delivery	Republic of Ireland and United States	FCM token, notification title and body, deep-link identifier
Functional Software, Inc. ("Sentry")	Application error monitoring	United States; data is filtered at source to remove sensitive fields	Stack traces, user identifier, route, request metadata, IP address
PostHog Inc.	Product analytics and event tracking	European Union ("eu.posthog.com")	Pseudonymous distinct identifier, event names and properties with personal identifiers redacted
Resend, Inc.	Transactional e-mail delivery	United States	E-mail address, name, e-mail subject and body, delivery status
OpenAI, L.L.C.	Automated content moderation (text and images) and pseudonymous text embedding for search	United States; we strip patterns that are likely to contain personal contact details prior to transmission	Free-text fields submitted by you (after stripping), photographs submitted for moderation, and provider biography for search embedding
Telegram FZ-LLC	Optional notification delivery and account linkage	United Arab Emirates and other locations	Telegram chat identifier, message body
MinIO, Inc. (self-hosted by us)	Object storage for photographs, KYC documents, and exported data archives	Republic of Uzbekistan (under our operational control)	All file uploads, including identity documents
Backblaze Inc.	Off-site encrypted backups of databases	United States; data is encrypted at rest with keys held exclusively by the Operator	Encrypted database dumps
Yandex LLC (in respect of map tiles and geocoding services, where used)	Display of maps and reverse geocoding	Russian Federation; we do not transmit Personal Data identifying you; transmissions are limited to geographic coordinates without account identifiers	Geographic coordinates only
Hosting and infrastructure providers	Servers, content delivery, DNS, e-mail routing	Republic of Uzbekistan (primary); other jurisdictions only if you grant Consent under section 7	Personal Data necessary to operate the underlying infrastructure

6.3 Other Users

Customers and Providers see Personal Data of one another only to the extent necessary for the operation of the marketplace, namely: first name (without surname for Customers in offer cards), city and district code, free-text note (if any), photographs you uploaded as part of a request or profile, ratings and reviews you submitted publicly, and contact channel handles only after both Users have agreed to unlock the contact (see Terms of Service section 7).

6.4 Authorities and other third parties

We may disclose Personal Data to:

the Inspection, the State Tax Committee, law-enforcement bodies, courts and other competent state authorities of the Republic of Uzbekistan, on the basis of a lawful request, court order, or other binding legal instrument;
our professional advisers (lawyers, auditors, accountants) under strict confidentiality;
any acquirer in connection with a sale of all or substantially all of our business or assets, subject to that acquirer undertaking obligations no less protective than those of this Policy.

We do not sell Personal Data to advertisers or other third parties for monetary or other valuable consideration.

7. Cross-border transfers

We process Personal Data of citizens of the Republic of Uzbekistan and natural persons residing in the Republic of Uzbekistan within the territory of the Republic of Uzbekistan, in compliance with the data-localisation requirements of the PDP Law.

Certain ancillary Processing operations described in section 6.2 take place outside the territory of the Republic of Uzbekistan. Each such cross-border transfer is undertaken only:

(a) where it is necessary for the performance of an agreement between you and the Operator (PDP Law Article 27); (b) where you have provided your explicit Consent to the transfer at the moment of registration or at the moment of enabling the relevant feature; or (c) where it is required by the law of the Republic of Uzbekistan or by an international treaty to which the Republic of Uzbekistan is a party.

We have assessed each cross-border recipient as offering an adequate level of protection of Personal Data through a combination of (i) contractual safeguards (in particular data-processing addenda and standard contractual clauses where applicable), (ii) technical safeguards (encryption in transit, encryption at rest, role-based access controls, audit logging), and (iii) organisational safeguards.

By accepting this Policy at the moment of registration you provide your Consent under the PDP Law to the cross-border transfers described in this section 7. You may withdraw such Consent at any time by writing to privacy@ustio.app, in which case features relying on cross-border Processing will be disabled and your account may be suspended where such Processing is essential to its operation.

8. Retention

We retain Personal Data only for as long as is necessary for the purposes described in section 5, after which we either erase the data or anonymise it irreversibly. The retention periods we apply are as follows.

Category of Personal Data	Retention period
Authentication data (phone, hashed phone, locale)	For the duration of the account, plus a grace period of thirty (30) days from your account-deletion request, after which it is irreversibly anonymised.
Profile data (name, e-mail, avatar, birth date, gender)	Same as authentication data.
KYC documents (identity-document images, selfie)	Until KYC outcome is reached, then for as long as the Provider account is active; on account deletion, the storage object keys are replaced with the literal string "anonymized" within thirty (30) days; underlying storage objects are then purged on the next scheduled storage-compaction cycle. Where applicable laws of the Republic of Uzbekistan require longer retention (for example for anti-money-laundering purposes), we retain only the minimum metadata required by such laws.
Service requests, offers, messages, photographs of work performed	Indefinitely while the account is active and for at least one (1) year after account deletion, after which they may be retained in anonymised form for statistical purposes. Photographs may be deleted earlier on your written request, except where retention is required for a pending dispute or legal claim.
Payment records, wallet transactions, top-up and lead-fee history	Ten (10) years from the date of the transaction, in accordance with the accounting legislation of the Republic of Uzbekistan.
Webhook payloads received from payment providers	Three (3) years from receipt, for the purpose of reconciliation and dispute defence.
Reviews and ratings	Indefinitely; reviews you have posted remain on the Platform after your account is closed, in anonymised form, unless they violate our content rules.
Notification history	One (1) year from creation.
Server logs, request traces	Ninety (90) days from creation; longer in respect of records related to ongoing security investigations.
Authentication refresh tokens	Maximum ninety (90) days from issuance or until revocation, whichever is sooner.
Push-notification tokens (FCM)	Until the device deregisters or the token becomes invalid, plus a grace period of seven (7) days.
Audit logs of administrative actions	Ten (10) years from the date of the action.
Search-query logs (anonymous), analytics events	Twenty-four (24) months from creation.
Consent records	Indefinitely while the account is active and for ten (10) years after account closure.

Where Personal Data is retained beyond the duration of the account (for example, payment records or audit logs), we apply strict access controls and Process the data only for the residual purpose that justified its retention.

9. Children

The Service is intended exclusively for natural persons aged eighteen (18) years or older. We do not knowingly Process Personal Data of persons under the age of eighteen (18). If you are under eighteen (18), you must not register for or use the Service.

If we become aware that we have Processed Personal Data of a person under the age of eighteen (18), we will erase that data without undue delay and we will close the account. If you believe that a minor has registered for the Service, please contact us at privacy@ustio.app so that we can investigate and take appropriate action.

10. Security

We apply technical and organisational measures appropriate to the nature, scope, context, and purposes of Processing and to the risks of varying likelihood and severity for the rights and freedoms of Data Subjects. These measures include, without limitation:

transport-layer encryption (TLS 1.2 or above) on all connections to our public endpoints;
encryption at rest of databases and object-storage volumes;
one-way hashing of telephone numbers used for indexing and rate limiting;
one-way hashing of refresh tokens before persistence;
role-based access controls for employees and contractors, granted on the principle of least privilege and reviewed periodically;
two-factor authentication for administrative consoles and infrastructure access;
network segmentation between application servers and database servers;
web application firewall and rate-limit controls on public endpoints;
comprehensive audit logging of administrative actions;
automated content moderation supported by human review;
secrets and credentials managed through a secrets manager and rotated periodically;
vulnerability scanning, dependency monitoring, and security patching;
regular off-site encrypted backups with periodic restoration drills;
documented incident-response and breach-notification procedures.

Notwithstanding these measures, no method of transmission over the Internet and no method of electronic storage is one hundred per cent (100 %) secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

In the event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent state authority and, where required by the PDP Law, the affected Data Subjects without undue delay and in accordance with the timelines set out in the applicable regulations.

11. Cookies and similar technologies (Website only)

When you visit the Website, we and our authorised partners use cookies and similar technologies as follows.

11.1 Strictly necessary cookies

These cookies are required for the operation of the Website (for example, to remember your language preference and to remember whether you have dismissed the cookie banner). They cannot be disabled in our systems without rendering parts of the Website inoperable. They do not store directly identifying Personal Data.

11.2 Analytics cookies

These cookies allow us to measure visits and traffic sources so that we can improve the Website. They are set only after you have provided your Consent through the cookie banner.

11.3 Marketing cookies

We do not currently use marketing cookies. If we do so in the future, we will update this Policy and request your Consent.

You can manage your cookie preferences at any time by following the link in the footer of the Website or by clearing cookies in your browser. The Mobile App does not use HTTP cookies; analytics in the Mobile App are governed by the rules of section 5.4 and section 13.

12. Your rights as a Data Subject

Subject to the limitations and exceptions provided by the PDP Law and other applicable legislation, you have the following rights in respect of your Personal Data.

12.1 Right of access

You have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being Processed, and where this is the case, access to the Personal Data and information about the Processing.

We provide self-service access to most of your Personal Data through the Mobile App (in the section "Settings → Privacy and data"). On request, we will also provide a structured machine-readable archive of your Personal Data (see section 12.6).

12.2 Right to rectification

You have the right to obtain from us without undue delay the rectification of inaccurate Personal Data concerning you. Most profile fields can be edited directly within the Mobile App. For fields that cannot be edited directly (for example, telephone number associated with the account), please contact privacy@ustio.app.

12.3 Right to erasure

You have the right to request the erasure of Personal Data concerning you. You can initiate account deletion directly within the Mobile App ("Settings → Delete account"); upon confirmation, your account enters a grace period of thirty (30) days during which you may cancel the deletion, after which the Personal Data described in section 8 is irreversibly anonymised.

We may retain certain Personal Data even after you have requested erasure where retention is necessary (i) for compliance with a legal obligation, (ii) for the establishment, exercise or defence of legal claims, or (iii) for archiving in the public interest. In those cases the retained Personal Data is accessible only to persons authorised by reason of their function.

12.4 Right to restriction of Processing

You have the right to request that we restrict the Processing of your Personal Data where (i) the accuracy of the Personal Data is contested, for a period enabling us to verify the accuracy, (ii) the Processing is unlawful and you oppose erasure, or (iii) we no longer need the Personal Data for the purposes of the Processing but you require it for the establishment, exercise or defence of legal claims.

12.5 Right to object

You have the right to object, on grounds relating to your particular situation, to the Processing of Personal Data concerning you based on the legitimate interests of the Operator. We will cease such Processing unless we demonstrate compelling legitimate grounds which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

You have the absolute right to object at any time to the Processing of your Personal Data for direct-marketing purposes; following such objection we will cease to Process your Personal Data for those purposes.

12.6 Right to data portability

You have the right to receive the Personal Data you have provided to us, in a structured, commonly-used, and machine-readable format. We provide a self-service data-export tool within the Mobile App ("Settings → Privacy and data → Export my data") that produces an archive containing your Personal Data in JSON and CSV formats. The link to your archive is delivered to you (i) inside the Mobile App and (ii) to your verified e-mail address, valid for a limited time, and is then permanently deleted from our systems.

For operational reasons (server load, abuse prevention) the data-export tool can be invoked no more frequently than once every twenty-four (24) hours.

12.7 Right to withdraw Consent

Where Processing is based on your Consent, you have the right to withdraw that Consent at any time, without affecting the lawfulness of Processing based on your Consent before its withdrawal. Withdrawal of certain Consents (for example, Consent to cross-border transfers) may make it impossible for us to continue to provide the Service to you, in which case we will inform you of the consequence and may suspend or close your account.

12.8 Right to lodge a complaint

You have the right to lodge a complaint with the competent state authority of the Republic of Uzbekistan responsible for the protection of personal data, in particular the State Inspection for Control in the Sphere of Informatization and Telecommunications, and, where applicable, with the supervisory authority of your habitual residence.

12.9 How to exercise your rights

You may exercise the rights described above by:

using the self-service tools within the Mobile App where available;
writing to privacy@ustio.app from the e-mail address registered against your account, or by including in your request information sufficient for us to verify your identity;
writing to our registered office at the address stated at the beginning of this Policy.

We will respond to your request within thirty (30) calendar days of receipt. Where the request is particularly complex or where you have submitted multiple requests, we may extend this period by up to a further sixty (60) calendar days, in which case we will notify you of the extension and of the reasons for it within the initial thirty-day period.

Exercise of these rights is free of charge, except where requests are manifestly unfounded or excessive (in particular because of their repetitive character), in which case we may charge a reasonable fee or refuse to act on the request.

13. Mobile-application permissions

The Mobile App requests the following device permissions. Each permission is requested only when needed to deliver a feature that you have invoked, and you may revoke any permission at any time through the settings of your device.

Permission	Used for
Camera	Taking photographs of work requests and KYC documents.
Photo library / storage	Selecting existing photographs of work or KYC documents.
Notifications	Delivering push notifications about your requests, offers, KYC outcome, and account-security events.
Location (optional, foreground)	Pre-filling your city and district at registration. We do not run background location tracking.
Microphone, contacts, calendar, telephone state	Not requested.
Approximate device identifier (for FCM)	Push-notification delivery only.

Withholding a permission disables only the related feature; you can continue to use the rest of the Service.

14. Changes to this Policy

We may amend this Policy from time to time, in particular to reflect changes in legislation, in our practices, or in the categories of Processing we carry out. The current version is always accessible within the Mobile App and on the Website.

Where an amendment is material, we will notify you in advance through one or more of the following channels: an in-app banner upon next launch, a push notification, or an e-mail to your verified e-mail address. The amendment will become effective on the date stated in the notice; if you do not agree, you may terminate your account before that date.

Minor and clarifying amendments may take effect immediately upon publication. The "Effective date" and "Version" fields at the top of this Policy indicate the most recent amendment.

We retain previous versions of this Policy for at least ten (10) years and will provide them on request.

15. Contact

For questions about this Policy or about the Processing of your Personal Data, you may contact us:

by e-mail at privacy@ustio.app (dedicated address for privacy enquiries);
by e-mail at support@ustio.app for general support;
by writing to our registered office at the address stated at the beginning of this Policy;
through the Telegram channel @ustio_uz.

We do not require you to use the Telegram channel for any privacy request; we will respond through the channel you used to contact us.

Annex A — Consent text used at registration

"I hereby confirm that I have read and understood the Privacy Policy of Ustio, including the description of the categories of Personal Data Processed, the purposes of Processing, the recipients (including those located outside the Republic of Uzbekistan), and my rights as a Data Subject. I consent to the Processing of my Personal Data for the purposes set out in section 5 of the Privacy Policy, including the cross-border transfers described in section 7. I am at least eighteen (18) years old."

Annex B — Consent text used before KYC submission

"I confirm that the identity document and the selfie photograph I am about to submit relate to me personally. I consent to the Processing of these images by the Operator for the purposes of identity verification and fraud prevention, including their disclosure to authorised employees and reviewers of the Operator, for the retention periods stated in section 8 of the Privacy Policy. I understand that these images constitute sensitive Personal Data."

Annex C — Glossary of authorities and laws referenced

PDP Law: Law of the Republic of Uzbekistan No. ZRU-547 dated 2 July 2019 "On Personal Data" (as amended).
E-Commerce Law: Law of the Republic of Uzbekistan No. ZRU-684 dated 22 May 2020 "On Electronic Commerce".
Consumer Protection Law: Law of the Republic of Uzbekistan No. ZRU-221 (as amended) "On Protection of Consumer Rights".
Inspection: State Inspection for Control in the Sphere of Informatization and Telecommunications under the Cabinet of Ministers of the Republic of Uzbekistan.
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of personal data and on the free movement of such data.

End of Privacy Policy.