1. Data We Collect
We collect the following categories of personal data:
| Category | Examples | Purpose |
|---|---|---|
| Identity | First name, last name | Account management, booking |
| Contact | Email address, phone number | Booking confirmations, support |
| Account | Login credentials (via Clerk) | Authentication and security |
| Transactional | Booking history, services booked, amounts paid | Service delivery, dispute resolution |
| Financial | Stripe payment references (no raw card data) | Payment processing |
| Partner banking | IBAN, BIC, account holder name | Payout processing (Partners only) |
| Reviews | Star ratings, written reviews | Platform quality, partner ranking |
| Technical | IP address, browser, device, session data | Security, fraud prevention, analytics |
| Usage | Pages visited, clicks, search queries | Platform improvement (Vercel Analytics) |
2. Legal Basis for Processing
We process your personal data on the following legal bases:
- Contract performance — to process bookings, handle payments, and provide platform services.
- Legitimate interests — for fraud prevention, security, platform improvement, and marketing to existing users.
- Legal obligation — to comply with Lithuanian and EU tax, financial, and consumer protection law.
- Consent — for non-essential cookies, marketing emails (where required), and analytics. You may withdraw consent at any time.
3. Who We Share Data With
We do not sell your personal data. We share data only as needed to operate the platform:
- Partners — receive your name, contact details, and booking information to fulfil your appointment.
- Stripe — processes payments. Stripe is PCI-DSS compliant. We never see or store raw card numbers.
- Clerk — manages authentication and identity verification.
- Resend — sends transactional emails (booking confirmations, reminders).
- Supabase / Vercel — cloud infrastructure for data storage and platform hosting (EU region).
- Sentry — receives anonymised error reports (no PII in error logs).
- Authorities — where required by law or a valid court order.
All third-party processors are bound by data processing agreements and comply with GDPR.
4. Data Retention
We retain your data for as long as your account is active or as needed to provide services.
- Account data — retained while your account is open, deleted within 30 days of account deletion request
- Booking records — retained for 7 years for tax and financial compliance (Lithuanian law)
- Payment references — retained for 7 years (Stripe records)
- Reviews — retained while the Partner profile is active; anonymised after account deletion
- Technical logs — retained for 90 days
5. Your Rights Under GDPR
As an EU resident, you have the following rights:
- Access — request a copy of all personal data we hold about you
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion of your account and personal data (right to be forgotten)
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interests
- Restriction — request we limit processing of your data
- Withdraw consent — at any time for consent-based processing
You can exercise your rights from your account settings page (data export and deletion) or by emailing privacy@greenparrot.lt.
You have the right to lodge a complaint with the State Data Protection Inspectorate of Lithuania (VDAI).
7. International Transfers
Your data is primarily stored within the European Economic Area (EEA). Where any transfer outside the EEA is necessary (e.g. certain Stripe or Clerk infrastructure), it is protected by Standard Contractual Clauses (SCCs) approved by the European Commission.
8. Children
GreenParrot is not intended for users under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
9. Contact and DPO
For privacy questions, data requests, or complaints, contact our privacy team:
privacy@greenparrot.lt
GreenParrot UAB, Vilnius, Lithuania
We aim to respond to all data requests within 30 days as required by GDPR.