Privacy policy.

To run Greety we collect three buckets of data:

• Account data — email, hashed password, phone (if you add one), country, language, and the public profile fields you choose to publish (name, photo, bio, languages).
• Verification data— government-ID image, selfie/video liveness check, reference contacts. Stored encrypted, accessed only by our trust & safety team and a regulated KYC provider (Yoti / Persona / AU10TIX). Deleted from our active store within 90 days of host approval; the KYC provider retains a hash for fraud prevention per their policy.
• Activity data — bookings, payments, messages, reports, IP address, device fingerprint, approximate location (city level). Used to run the platform and detect fraud.

• Precise GPS — we use city-level location only.
• Microphone, camera, or screen access outside of explicit selfie / video calls you initiate.
• Browsing history outside of greety.online.
• Health, biometric (other than the verification selfie), political, or religious data.

• To run bookings, payments, and messaging.
• To verify identity (hosts) and detect fraud (everyone).
• To send transactional emails (booking confirmations, payouts).
• To improve the product (anonymised analytics).
• To comply with the law where required.

We do not sell personal data, and we do not run third-party ad targeting on Greety.

Production data lives in Supabase (PostgreSQL) hosted in ap-northeast-1 (Tokyo) for low-latency reads across SEA. Verified backups are replicated to a secondary region. Payment data is tokenised by our provider — Greety servers never see raw card or account numbers.

We use a small set of first-party cookies to keep you signed in, remember your language, and run anonymous analytics. We don’t run third-party advertising trackers. The cookie banner you saw on first visit captures your consent — you can revisit and revoke it via Settings → Privacy.

We share data only with the providers we need to run the service:

• Supabase — database hosting
• Hostinger — web hosting
• Cloudflare — DNS + DDoS protection
• Revolut Business / PayPal / Coinbase Commerce — payments
• Yoti, Persona, or AU10TIX — KYC verification
• Anthropic Claude — automated moderation of public posts
• Resend — transactional email delivery

Each provider has a Data Processing Agreement with Greety. We do not share personal data with anyone else without a court order.

Under GDPR, CCPA, and the Thai PDPA you have the right to:

• Access — request a copy of your data.
• Rectify — correct anything that’s wrong.
• Delete — close your account and erase the record (some legal/financial records are retained for 7 years per local law).
• Port — receive your data in machine-readable JSON.
• Object — opt out of any non-essential processing.

Email privacy@greety.online to exercise any of these. We respond within 30 days.

Greety is 18+. We do not knowingly collect data from anyone under 18 and we instantly delete accounts found to belong to minors. Suspect underage activity? Use the Report button or email safety@greety.online.

Privacy lead: privacy@greety.online. Postal address available on request to verified data-subject requests.