Last updated: March 8, 2026

This Privacy Policy describes how SAM Service ("we", "us", "our") operating the website at artur.suleymanov.work ("the Website") collects, uses, stores, and protects your information, including information obtained through our integration with the Thumbtack API.

1. Information We Collect

We may collect the following categories of information:

• Booking Information: Your name, phone number, email address, physical address, preferred service date and time, and project description when you submit a booking request through our website.
• Review Information: Your name, city, rating, and review text when you submit a customer review.
• Thumbtack Lead Data: Customer first name, service category, project description, and location data received through the Thumbtack API when a new lead (negotiation) is created on the Thumbtack platform.
• Thumbtack Messages: Text content of messages exchanged between our business and customers through the Thumbtack messaging system.
• Thumbtack Business Data: Business name, business ID, service categories, and account information retrieved via the Thumbtack API.
• Technical Data: Server logs that may include IP addresses, browser type, and access timestamps.

2. How We Use Information

We use the collected information for the following purposes:

• Processing and managing booking requests for handyman services.
• Communicating with you about your service requests and scheduling.
• Displaying approved customer reviews on our website.
• Sending automated responses to new leads received through the Thumbtack platform.
• Logging lead and message activity for operational monitoring.
• Sending booking notifications to our team via Telegram (when enabled).
• Improving our services and website experience.

We do not use personal information for marketing to third parties, user profiling, targeted advertising, or any purpose unrelated to providing our handyman services and facilitating communication via the Thumbtack platform.

3. Data Sharing

We do not sell, rent, trade, or otherwise share your personal information with any third parties, except:

• Thumbtack: Data is transmitted back to Thumbtack as part of normal API communication (e.g., sending reply messages to leads).
• Telegram: When enabled, new booking notifications (service details only) may be sent to our private Telegram channel for scheduling purposes.
• Legal Requirements: We may disclose information if required by law or in response to valid legal process.

4. Data Storage and Security

• All data is stored on a private, access-controlled server.
• The website database (H2) is stored locally with restricted file-system permissions.
• All communications with our website are encrypted via TLS/HTTPS using Let's Encrypt certificates.
• API credentials and OAuth tokens are stored in configuration files with restricted access.
• Thumbtack webhook payloads are verified using HMAC-based secret validation.
• Admin access is protected by password authentication with BCrypt hashing.
• CSRF protection is enabled for all form submissions.

5. Data Retention and Deletion

• Booking data is retained as long as necessary for business operations and record-keeping.
• Customer reviews are retained while they remain relevant and approved.
• Log data is periodically rotated and old logs are removed.
• Thumbtack OAuth tokens are refreshed automatically; old tokens are overwritten.
• Upon termination of our Thumbtack API access or at Thumbtack's request, all Thumbtack-sourced data will be deleted within 5 business days.
• You may request deletion of your personal data by contacting us (see below).

6. Thumbtack API Compliance

Our use of the Thumbtack API is governed by the Thumbtack API Terms of Use. We comply with all applicable data handling requirements, including:

• Using API data only for the purposes described and approved by Thumbtack.
• Not storing data longer than necessary for the stated purpose.
• Deleting all Thumbtack data promptly upon API access revocation.
• Implementing appropriate security measures to protect API data.

7. Your Rights

You have the right to:

• Request information about what personal data we have collected about you.
• Request correction or deletion of your personal data.
• Opt out of receiving automated messages and communications.
• Revoke Thumbtack OAuth authorization at any time through Thumbtack's platform settings.

8. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last updated" date at the top of this page. Continued use of the Website after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Website: artur.suleymanov.work
• Email: [email protected]
• Thumbtack: Contact us through our business profile on Thumbtack