Privacy policy

Tessolari is a peer-to-peer marketplace operated by Be Braver Ltd (company number 06612298), a UK company registered in England and Wales. Tessolari is a trading name of Be Braver Ltd. We connect neurodiverse adults with people offering practical executive-function support, skill-sharing, and friendly check-ins.

• Website: www.tessolari.com
• Email: hello@tessolari.com
• Parent company: Be Braver Ltd, registered in England and Wales (06612298)

To run a marketplace we collect more than a brochure site, but still try to keep it minimal:

• Account essentials — your email address, display name, and (optionally) profile photo, bio, phone, and address.
• Self-described profile data — neurotype, traits, what you're seeking, what you're offering. Some of this is UK GDPR Article 9 special-category data; see "Special category data" below.
• Marketplace activity — listings you post, reviews you write, ratings you receive.
• DBS verification metadata — for providers offering in-person services who choose to submit a DBS check, we keep status, last 4 digits of the certificate, issue and expiry dates, and the moderator who decided. The uploaded document itself is deleted on decision.
• Session data — a server-side session row when you sign in (IP, user-agent, last seen).
• Audit log — moderator views and decisions on DBS submissions, recorded in an append-only database log.
• Accessibility preferences — your chosen theme, font, and text size, stored in your browser's localStorage on your device.
• Anonymous, aggregated analytics — we use Umami, a privacy-first analytics tool. It is cookieless, doesn't track individuals, doesn't store IP addresses, and doesn't share data with anyone else. We use it only to see which pages people visit so we can improve them.

We do not use Google Analytics, advertising services, social-media pixels, or any tracking cookies.

Self-identification of neurotype (autistic, ADHD, dyslexic, etc.) and any traits you select in the wizard are UK GDPR Article 9 special-category data. Our lawful basis for processing them is your explicit consent, given by completing the relevant wizard step.

You can clear neurotype and traits at any time by revisiting the wizard at /onboarding. Doing so removes the values from your profile immediately.

DBS verification implies criminal-records data, but we never retain the underlying certificate. The uploaded file is deleted as soon as a moderator decides; only an attestation (status, last 4 of the certificate number, issue and expiry dates, moderator, decision time) persists.

• Sign you in — we send magic-link emails via SMTP2GO and verify the resulting link.
• Show your profile to others — name, photo, bio, location, neurotype, traits, intent, and what you offer or seek are visible on your public profile and in search results.
• Match seekers and offerers — through the search filters and clickable pills.
• Run reviews and the Ally score — to help other members judge who they're working with.
• Verify DBS submissions — moderators view the uploaded document only as long as it takes to decide.
• Keep an audit trail — append-only records of moderator activity, in case anything needs reviewing later.

We will never sell, rent, or share your personal data with third parties for marketing purposes.

• Application database — PostgreSQL on our own server, hosted in the UK.
• Uploaded files (profile photos, in-flight DBS documents) — encrypted at rest on the same server.
• Email delivery — magic-link emails are sent through SMTP2GO. They process the email and message body briefly to deliver it; they don't retain the content.
• Accessibility preferences — your browser's localStorage, on your device only.

• DBS documents — held only between submission and moderator decision; deleted on decision.
• Magic-link tokens — single-use, expire after 15 minutes, hash-only in the database.
• Profile data — kept while your account exists. You can clear individual fields at any time.
• Reviews and listings — kept while your account exists. On deletion, listings and reviews you received are removed; reviews you wrote of others are anonymised so the rating remains for other members but isn't tied to you.
• Audit log — retained as an append-only record. References to deleted users are nulled but the events remain for moderation accountability.

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Correct any inaccurate data — most fields you can edit yourself.
• Delete your account and personal data.
• Object to processing of your data.
• Data portability — receive a copy of your data in a structured, commonly used format.
• Withdraw consent for special-category data — clear neurotype and traits via the wizard at any time.

To exercise any of these, contact us at hello@tessolari.com.

If you're not satisfied, you can lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

We may update this policy from time to time. Substantive changes will be flagged on sign-in. Minor edits are posted to this page.

For questions, contact us at hello@tessolari.com.