Privacy & Security

Privacy & Security

Last updated: May 2026

NearUs is built on trust. We collect only what's needed to make the app work, protect it with multiple security layers, and give you full control. Your data is never sold or shared for advertising.

Encrypted
Transparent
Protected
You Control

How We Protect You

HTTPS / TLS

All traffic encrypted in transit

JWT Auth

15-min tokens + silent refresh

Escrow Payments

Razorpay holds funds safely

Rate Limiting

API abuse prevention on all endpoints

Signed Uploads

Backend-signed Cloudinary tokens

Firebase Identity

Google-grade authentication layer

Token Rotation

Refresh tokens rotate on every use

Device Tokens

FCM tokens cleared on logout

Data We Collect

What NearUs Collects

Only what's necessary to run the platform — nothing extra.

Account info

Name, email, optional phone — used for identity, login, and support.

Profile details

Username, bio, avatar — publicly visible on your NearUs profile.

Location

GPS coordinates when you open the app — for nearby task discovery only. Never stored persistently or shared as precise coordinates.

Chat messages

Messages between task poster and helper. Visible only to those two users.

Uploaded images

Task photos and your profile picture — stored on Cloudinary, scoped to your account.

Payment data

Order IDs, amounts, payment status. We never see or store card numbers or CVV.

Device & browser info

Browser type and OS — used only for debugging and app compatibility.

Notification tokens

Firebase FCM tokens for your device — used to send task and message alerts.

Location Privacy

Location is Always Your Choice

You decide when and whether NearUs can see your location.

Location is only read when you browse tasks or post a task — never in the background.

Other users see the general area of a task, never your precise GPS coordinates.

You can deny location permission entirely and still use the app — task discovery radius will be wider.

Revoke location access anytime via your browser or device settings without affecting any other feature.

If denied, you can manually set your city on your profile so relevant tasks still appear.

Account & Authentication

How Your Account Is Secured

Multiple layers protect your login and session at all times.

Firebase Authentication

Login is backed by Google Firebase — the same identity infrastructure used by millions of apps worldwide.

Short-lived access tokens

JWT tokens expire in 15 minutes. Your session is silently refreshed in the background before expiry — you never get logged out unexpectedly.

Token rotation

Each time a refresh happens, a new refresh token is issued and the old one is invalidated. A stolen token cannot be reused.

Encrypted connections

All API calls use HTTPS/TLS. Real-time chat uses WSS (WebSocket Secure). No plain-text data ever leaves your device.

Admin panel protection

The admin dashboard is behind an obfuscated URL and requires a valid JWT verified server-side on every request.

Instant logout

Signing out immediately clears all local tokens, cancels your FCM push registration, and invalidates your session on the server.

Password change

Changing your password re-authenticates you with Firebase. After a password change, re-login is required on all other devices.

Payments & Transactions

Secure Payments via Razorpay Escrow

Your money is protected from the moment you pay until the task is confirmed complete.

Escrow model: When you pay for a task, funds are held by Razorpay — not released to the helper until you confirm the task is done.

No card data stored: NearUs never sees your card number, CVV, or UPI PIN. All card data is handled exclusively by Razorpay's PCI-DSS compliant systems.

What we store: Only the Razorpay order ID, payment ID, and transaction amount — the minimum needed for dispute resolution.

10% platform fee: The fee covers payment processing, escrow management, and platform operations. Helpers receive 90% of the task amount.

Refunds: Post-payment cancellations are supported with valid reasons. Refunds process within 3–7 business days via Razorpay.

Payout security: Helper earnings are transferred to verified bank accounts or UPI IDs. Withdrawal requests are reviewed before processing.

Chat & Communication

Private & Moderated

Messages are encrypted in transit and only visible to the two participants.

All messages travel over WSS (WebSocket Secure) — the same encryption standard as HTTPS.

Chat is between the task poster and accepted helper only. No one else can read your conversation.

NearUs moderation can access messages only when a formal abuse report is filed — for investigation purposes only.

You can block any user from their profile. Blocked users cannot message you or see your tasks.

Spam and abusive behaviour can be reported directly from within the chat. Reports are reviewed by our moderation team.

Push Notifications

Notifications You Control

You choose exactly what we can send you and when.

Notifications use Firebase Cloud Messaging (FCM). Your device token is stored securely and used only to deliver alerts to you.

Control notification types granularly in Settings — tasks, messages, and payment alerts can each be toggled on or off.

Disabling notifications in Settings immediately stops push delivery without affecting any other app feature.

Your FCM token is removed from our servers on logout. No notifications can be sent to that device after sign-out.

When you reinstall or rotate the app, the old token is automatically cleaned up and replaced with a fresh one.

Manage Notification Preferences →

Your Controls

Data Retention

How Long We Keep Your Data

We retain data only as long as necessary or required by law.

While account is active

Profile, tasks, messages, wallet, and preferences stay as long as your account exists.

Within 30 days of deletion

Profile, bio, location, chat messages, and task data are permanently erased from our servers.

7 years (legal requirement)

Transaction records, payment references, and financial logs are retained as required by Indian financial law and GST regulations.

90 days

Anonymised usage logs, deleted notification records, and expired session data are purged after 90 days.

Our Trusted Partners

Razorpay

PCI-DSS Compliant

Payment processing & escrow

Razorpay order ID, payment ID, transaction amount. Never card numbers, CVV, or bank credentials.

Firebase (Google)

ISO 27001

Authentication & push notifications

User identity (email, Firebase UID), FCM device tokens for push delivery.

Cloudinary

SOC 2 Type II

Image storage & delivery

Uploaded images, stored in user-scoped folders. Access requires backend-signed tokens.

NearUs does not share your data with advertisers, data brokers, or any party outside the essential providers listed above. All partners are contractually bound to protect your information.

Frequently Asked Questions

Contact & Support

Questions About Privacy?

Our team responds within 48 hours on business days.

Privacy inquiriessupport@nearusapp.com
Abuse reportssupport@nearusapp.com
General supportsupport@nearusapp.com
Registered officeJaipur, Rajasthan, India
Email Privacy Team

This page reflects how NearUs actually works — not just legal boilerplate.
© 2026 NearUs · Jaipur, Rajasthan, India