Tunza — Your Care. Your Choice.

Privacy Policy

Last updated: 30 June 2026

1. Who we are

Tunza Ltd (“Tunza”, “we”, “us”, “our”) is a private introduction service registered in England and Wales. We operate the Tunza platform at tunza.co.uk. As the data controller, we are responsible for the personal data we collect and process. For data protection enquiries, contact: privacy@tunza.co.uk.

2. What data we collect

Account data: Email address, phone number, name, and login credentials.

Profile data (care users): Name, postcode, care needs, budget preferences, and proxy information.

Profile data (carers): Name, postcode, bio, qualifications, DBS certificate details, insurance documents, right-to-work evidence, availability, rates, and video introductions.

Payment data: Stripe customer ID, payment intent IDs, transaction amounts and dates. We do not store full card details — these are held securely by Stripe.

Communications: Messages sent via the Tunza platform, notifications, and support correspondence.

Usage data: IP address, browser type, pages visited, swipe activity, and interaction logs.

3. How we use your data

Contract performance: To provide the Tunza introduction service, process payments, and facilitate communications between users.

Legal obligation: To verify carers' right to work, retain records required by law, and respond to safeguarding concerns.

Legitimate interests: To improve the platform, detect fraud, prevent misuse, and maintain safety.

Consent: To send marketing emails (where you have opted in). You may withdraw consent at any time.

4. Data sharing

We share data with: Firebase (Google Cloud authentication and realtime database), Stripe (payment processing), Resend (transactional email), Mux (video hosting), and Upstash (rate limiting). All processors are GDPR-compliant and bound by data processing agreements. We do not sell personal data to third parties. Carer compliance documents are visible only to Tunza administrators.

5. International data transfers

Some of our processors are located outside the UK, including in the United States (Firebase/Google Cloud, Stripe, Mux, Resend, and Upstash). Where personal data is transferred outside the UK, we ensure an adequate level of protection through the UK government's adequacy regulations or, where these do not apply, the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, together with appropriate technical and organisational safeguards.

6. Data retention

Account and profile data is retained for as long as your account is active, plus 7 years after account closure for legal compliance purposes. Compliance documents (DBS, insurance) are retained for 6 years after the end of the carer's last active period. Messages between users are retained for 3 years.

7. Your rights

Under UK GDPR, you have the right to: access your data, rectify inaccuracies, erase data (where no legal retention applies), restrict processing, data portability, and object to processing based on legitimate interests.

To exercise any right, email privacy@tunza.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ico.org.uk).

8. Cookies

We use strictly necessary cookies for authentication (Firebase session cookies). We do not use advertising or tracking cookies. We use analytics cookies (anonymised) to improve the platform — you may opt out via the cookie banner.

9. Security

All data is encrypted in transit (TLS 1.3) and at rest. Compliance documents are stored in restricted-access Firebase Storage. Passwords are hashed by Firebase Auth. We conduct regular security reviews. In the event of a data breach, we will notify affected users and the ICO within 72 hours as required by UK GDPR.

10. Contact

Tunza Ltd, privacy@tunza.co.uk