Tunza — Your Care. Your Choice.

Privacy Policy

Last updated: 22 May 2026

1. Who we are

Tunza Ltd (“Tunza”, “we”, “us”, “our”) is a private introduction service registered in England and Wales. We operate the Tunza platform at tunza.co.uk. As the data controller, we are responsible for the personal data we collect and process. For data protection enquiries, contact: privacy@tunza.co.uk.

2. What data we collect

Account data: Email address, phone number, name, and login credentials.

Profile data (care users): Name, postcode, care needs, budget preferences, and proxy information.

Profile data (carers): Name, postcode, bio, qualifications, DBS certificate details, insurance documents, right-to-work evidence, availability, rates, and video introductions.

Payment data: Stripe customer ID, payment intent IDs, transaction amounts and dates. We do not store full card details — these are held securely by Stripe.

Communications: Messages sent via the Tunza platform, notifications, and support correspondence.

Usage data: IP address, browser type, pages visited, swipe activity, and interaction logs.

3. How we use your data

Contract performance: To provide the Tunza introduction service, process payments, and facilitate communications between users.

Legal obligation: To verify carers' right to work, retain records required by law, and respond to safeguarding concerns.

Legitimate interests: To improve the platform, detect fraud, prevent misuse, and maintain safety.

Consent: To send marketing emails (where you have opted in). You may withdraw consent at any time.

4. Data sharing

We share data with: Supabase (database hosting, authentication), Stripe (payment processing), Resend (transactional email), Mux (video hosting), and Upstash (rate limiting). All processors are GDPR-compliant and bound by data processing agreements. We do not sell personal data to third parties. Carer compliance documents are visible only to Tunza administrators.

5. Data retention

Account and profile data is retained for as long as your account is active, plus 7 years after account closure for legal compliance purposes. Compliance documents (DBS, insurance) are retained for 6 years after the end of the carer's last active period. Messages between users are retained for 3 years.

6. Your rights

Under UK GDPR, you have the right to: access your data, rectify inaccuracies, erase data (where no legal retention applies), restrict processing, data portability, and object to processing based on legitimate interests.

To exercise any right, email privacy@tunza.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ico.org.uk).

7. Cookies

We use strictly necessary cookies for authentication (Supabase session cookies). We do not use advertising or tracking cookies. We use analytics cookies (anonymised) to improve the platform — you may opt out via the cookie banner.

8. Security

All data is encrypted in transit (TLS 1.3) and at rest. Compliance documents are stored in restricted-access Supabase Storage. Passwords are hashed by Supabase Auth. We conduct regular security reviews. In the event of a data breach, we will notify affected users and the ICO within 72 hours as required by UK GDPR.

9. Contact

Tunza Ltd, privacy@tunza.co.uk