Privacy Policy
Last updated: April 2026 · Version 2.4
1. Who We Are
Miya is operated by Sentri Technologies Limited, a company registered in England and Wales.
If you have any questions about this policy, contact us at: miyaapp@outlook.com
2. Information We Collect
When you use Miya, we may collect the following information:
- Account information — your full name, email address, and phone number (used for SMS OTP authentication)
- Contact details — phone number and address when provided for job bookings
- Location data — your approximate or precise location when you request a trade service, to match you with nearby providers
- Payment information — processed securely through Stripe; we do not store card numbers or CVVs
- Usage data — how you interact with the app, job history, messages, and reviews
- Device information — device type, operating system, and push notification token for sending alerts
- Provider and engineer documents — trade qualifications, certifications (e.g. Gas Safe card, Part P certificate, IPAF PAL card, PASMA certificate, CSCS card), identity documents, and insurance certificates uploaded during onboarding or profile maintenance; retained for regulatory compliance and to support the Provider's legal obligation under Platform Terms Section 13I to ensure only qualified engineers carry out work
- Engineer qualification status — verification status (pending, approved, or rejected) and review date, used to confirm that engineers meet the qualification requirements for the trades they carry out
3. How We Use Your Information
- To create and manage your account
- To connect customers with trade service providers
- To process payments and issue receipts
- To send job updates, booking confirmations, and service notifications
- To send push notifications relevant to your jobs and account
- To resolve disputes and provide customer support
- To store and review engineer trade qualification documents, supporting Providers' and organisations' legal obligation to ensure only qualified engineers carry out work (Platform Terms, Section 13I)
- To improve the Miya platform and user experience
- To comply with our legal obligations, including reporting to HMRC under DAC7 digital platform rules
4. Location Data
We request access to your device's location to show available trade providers near you and to track job progress. Location access is only used while the app is in use and is not tracked in the background. You may deny location permissions; however, some features (such as finding nearby providers) will not function without it.
5. Payment Processing
All payments are processed by Stripe, Inc., a third-party payment processor. Miya does not store your full card details. Stripe's privacy policy can be found at stripe.com/gb/privacy.
6. Sharing Your Information
We do not sell your personal data. We may share your information with:
- Trade providers — your name, contact details, and job address when a booking is accepted
- Stripe — for payment processing and provider payouts via Stripe Connect
- Twilio — for SMS OTP authentication and transactional SMS notifications
- Resend — for transactional emails (customer receipts and provider remittance notifications)
- HMRC and regulatory authorities — where required by law, including DAC7 digital platform income reporting
- Law enforcement or regulators — if required by law, or where Miya reasonably suspects that a Provider or organisation has assigned an unqualified engineer to regulated work
7. Provider & Organisation Responsibility for Engineer Qualifications
Important notice for Providers and organisations: It is the absolute legal responsibility of every Provider — and every person in a management or administrative role within an organisation operating a Provider account — to ensure that only suitably qualified, competent, and legally authorised engineers are assigned to and carry out any job booked through the Miya Platform. Miya's document verification is an administrative check only and does not constitute a guarantee of engineer competence or qualification. Full details are set out in Platform Terms Section 13I.
We collect, store, and review engineer trade qualification documents solely to support Providers' compliance with this obligation and for regulatory purposes. Qualification data is retained for the duration of the engineer's account plus 7 years.
8. Data Retention
We retain your account data for as long as your account is active. Key retention periods:
- Job and transaction records — 7 years (legal and accounting obligations)
- Provider identity and insurance documents — 7 years after account closure
- Engineer trade qualification documents — duration of account + 7 years (regulatory compliance)
- Engineer qualification verification status — duration of account + 7 years
- DBS certificate documents (voluntarily submitted) — duration of account + 3 years
- Waste Carrier Licence documents — duration of account + 7 years
- Support conversations — 3 years
You may request deletion of your account at any time by contacting us. Personal identifiers are removed upon closure; transaction records are retained for the legal periods above.
9. Your Rights (UK GDPR)
Under UK data protection law, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data ("right to be forgotten"), subject to legal retention obligations
- Object to or restrict how we process your data
- Data portability — receive your data in a machine-readable format
- Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk
To exercise any of these rights, email us at miyaapp@outlook.com. We will respond within one calendar month.
10. Cookies and Tracking
The Miya mobile app does not use cookies. Our web interface uses session cookies strictly necessary for authentication only. We do not use tracking or advertising cookies, and we do not build advertising profiles from your usage data.
11. Security
We take the security of your data seriously. All data is transmitted over HTTPS (TLS 1.2 or higher). Passwords are hashed using bcrypt and never stored in plain text. Authentication uses signed JWT tokens. Payment data is handled exclusively by Stripe's PCI-DSS compliant systems. Database access is restricted to authorised personnel only.
12. Children's Privacy
Miya is not intended for use by anyone under the age of 18. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us immediately.
13. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes via the Miya app. Continued use of Miya after changes constitutes acceptance of the updated policy.
14. Contact Us
Sentri Technologies Limited
Registered in England and Wales
Email: miyaapp@outlook.com