Last updated: May 2026
NearUs is built on trust. We collect only what's needed to make the app work, protect it with multiple security layers, and give you full control. Your data is never sold or shared for advertising.
How We Protect You
HTTPS / TLS
All traffic encrypted in transit
JWT Auth
15-min tokens + silent refresh
Escrow Payments
Razorpay holds funds safely
Rate Limiting
API abuse prevention on all endpoints
Signed Uploads
Backend-signed Cloudinary tokens
Firebase Identity
Google-grade authentication layer
Token Rotation
Refresh tokens rotate on every use
Device Tokens
FCM tokens cleared on logout
Data We Collect
Only what's necessary to run the platform — nothing extra.
Account info
Name, email, optional phone — used for identity, login, and support.
Profile details
Username, bio, avatar — publicly visible on your NearUs profile.
Location
GPS coordinates when you open the app — for nearby task discovery only. Never stored persistently or shared as precise coordinates.
Chat messages
Messages between task poster and helper. Visible only to those two users.
Uploaded images
Task photos and your profile picture — stored on Cloudinary, scoped to your account.
Payment data
Order IDs, amounts, payment status. We never see or store card numbers or CVV.
Device & browser info
Browser type and OS — used only for debugging and app compatibility.
Notification tokens
Firebase FCM tokens for your device — used to send task and message alerts.
Location Privacy
You decide when and whether NearUs can see your location.
Location is only read when you browse tasks or post a task — never in the background.
Other users see the general area of a task, never your precise GPS coordinates.
You can deny location permission entirely and still use the app — task discovery radius will be wider.
Revoke location access anytime via your browser or device settings without affecting any other feature.
If denied, you can manually set your city on your profile so relevant tasks still appear.
Account & Authentication
Multiple layers protect your login and session at all times.
Firebase Authentication
Login is backed by Google Firebase — the same identity infrastructure used by millions of apps worldwide.
Short-lived access tokens
JWT tokens expire in 15 minutes. Your session is silently refreshed in the background before expiry — you never get logged out unexpectedly.
Token rotation
Each time a refresh happens, a new refresh token is issued and the old one is invalidated. A stolen token cannot be reused.
Encrypted connections
All API calls use HTTPS/TLS. Real-time chat uses WSS (WebSocket Secure). No plain-text data ever leaves your device.
Admin panel protection
The admin dashboard is behind an obfuscated URL and requires a valid JWT verified server-side on every request.
Instant logout
Signing out immediately clears all local tokens, cancels your FCM push registration, and invalidates your session on the server.
Password change
Changing your password re-authenticates you with Firebase. After a password change, re-login is required on all other devices.
Payments & Transactions
Your money is protected from the moment you pay until the task is confirmed complete.
Escrow model: When you pay for a task, funds are held by Razorpay — not released to the helper until you confirm the task is done.
No card data stored: NearUs never sees your card number, CVV, or UPI PIN. All card data is handled exclusively by Razorpay's PCI-DSS compliant systems.
What we store: Only the Razorpay order ID, payment ID, and transaction amount — the minimum needed for dispute resolution.
10% platform fee: The fee covers payment processing, escrow management, and platform operations. Helpers receive 90% of the task amount.
Refunds: Post-payment cancellations are supported with valid reasons. Refunds process within 3–7 business days via Razorpay.
Payout security: Helper earnings are transferred to verified bank accounts or UPI IDs. Withdrawal requests are reviewed before processing.
Chat & Communication
Messages are encrypted in transit and only visible to the two participants.
All messages travel over WSS (WebSocket Secure) — the same encryption standard as HTTPS.
Chat is between the task poster and accepted helper only. No one else can read your conversation.
NearUs moderation can access messages only when a formal abuse report is filed — for investigation purposes only.
You can block any user from their profile. Blocked users cannot message you or see your tasks.
Spam and abusive behaviour can be reported directly from within the chat. Reports are reviewed by our moderation team.
Push Notifications
You choose exactly what we can send you and when.
Notifications use Firebase Cloud Messaging (FCM). Your device token is stored securely and used only to deliver alerts to you.
Control notification types granularly in Settings — tasks, messages, and payment alerts can each be toggled on or off.
Disabling notifications in Settings immediately stops push delivery without affecting any other app feature.
Your FCM token is removed from our servers on logout. No notifications can be sent to that device after sign-out.
When you reinstall or rotate the app, the old token is automatically cleaned up and replaced with a fresh one.
Your Controls
Edit Profile
Update your name, bio, photo, and location
Notification Preferences
Choose which alerts you receive
Location Access
Manage via your browser or device settings
Change Password
Update your account password anytime
Sign Out
Clears all tokens and push registration
Delete Account
Permanently remove your account and all data
Data Retention
We retain data only as long as necessary or required by law.
While account is active
Profile, tasks, messages, wallet, and preferences stay as long as your account exists.
Within 30 days of deletion
Profile, bio, location, chat messages, and task data are permanently erased from our servers.
7 years (legal requirement)
Transaction records, payment references, and financial logs are retained as required by Indian financial law and GST regulations.
90 days
Anonymised usage logs, deleted notification records, and expired session data are purged after 90 days.
Our Trusted Partners
Razorpay
PCI-DSS CompliantPayment processing & escrow
Razorpay order ID, payment ID, transaction amount. Never card numbers, CVV, or bank credentials.
Firebase (Google)
ISO 27001Authentication & push notifications
User identity (email, Firebase UID), FCM device tokens for push delivery.
Cloudinary
SOC 2 Type IIImage storage & delivery
Uploaded images, stored in user-scoped folders. Access requires backend-signed tokens.
NearUs does not share your data with advertisers, data brokers, or any party outside the essential providers listed above. All partners are contractually bound to protect your information.
Frequently Asked Questions
Contact & Support
Our team responds within 48 hours on business days.
This page reflects how NearUs actually works — not just legal boilerplate.
© 2026 NearUs · Jaipur, Rajasthan, India