Privacy Policy
Last Updated: March 2026
1. Introduction & Scope
Welcome to ProLanceur.com, the flagship freelance collaboration and talent marketplace operated by ProLanceur LLP ("ProLanceur", "we", "us", or "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information about you when you use our platform, website, mobile applications, APIs, and related services (collectively, the "Platform").
This Policy applies globally to all users of the Platform regardless of your location, including:
- Freelancers — independent professionals offering services and skills on the Platform
- Team Leaders — individuals managing groups of freelancers or coordinating project teams
- Clients — businesses or individuals seeking to hire freelancers or commission projects
- Admins — platform administrators, moderators, and staff with elevated access
By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not use our services.
We process your personal data in compliance with applicable privacy laws including, but not limited to, the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), Brazil's Lei Geral de Proteção de Dados (LGPD), Singapore's Personal Data Protection Act (PDPA), Canada's PIPEDA, India's DPDP Act, Australia's Privacy Act 1988, and other applicable national and regional privacy frameworks.
2. Data Controller & Contact Information
ProLanceur LLP is the data controller for all personal data collected through the Platform. Our registered details are as follows:
| Company | ProLanceur LLP |
| Platform | ProLanceur.com |
| Privacy Email | privacy@prolanceur.com |
| DPO Contact | dpo@prolanceur.com |
| Legal Email | legal@prolanceur.com |
| Support | support@prolanceur.com |
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Policy or your data rights, please contact our DPO at dpo@prolanceur.com. We will respond to all verified requests within the legally required timeframes (typically within 30 days, or as required by your jurisdiction).
3. Information We Collect
The information we collect varies based on your role on the Platform. Below is a comprehensive breakdown of the categories of personal data we process.
3.1 Information Provided Directly by You
3.1.1 Account Registration Data
- Full legal name and preferred display name
- Email address (primary and recovery)
- Password (stored as an irreversible hash — never in plain text)
- Phone number (optional, for 2FA and notifications)
- Profile photograph or avatar
- Date of birth (for age verification where required)
- Country of residence and mailing address
- Nationality and citizenship (for payment compliance and KYC)
3.1.2 Professional & Identity Information
- Skills, specialisations, portfolios, and work samples
- Educational qualifications and certifications
- Work history and professional biography
- Social media and professional profile links (LinkedIn, GitHub, Behance, etc.)
- Government-issued ID documents (passport, national ID) — collected only for KYC/AML verification and processed by our certified payment partner
- Tax identification number (TIN, EIN, VAT number, or equivalent) — for payment and invoicing purposes
3.1.3 Financial Information
- Bank account details (IBAN, SWIFT/BIC, account number) — stored in encrypted form
- Payment card information — processed exclusively by PCI-DSS compliant third-party payment processors; we do not store raw card numbers
- Billing address
- PayPal, Payoneer, Wise, or other e-wallet credentials (tokenised identifiers only)
- Tax withholding information and W-8/W-9 forms (where applicable)
3.1.4 Communications & Content
- Messages, proposals, and project briefs exchanged on the Platform
- Reviews, ratings, and feedback submitted about other users
- Dispute submissions and resolution records
- Support tickets and correspondence with our team
- Survey responses and user research participation
3.2 Information Collected Automatically
- IP address and approximate geolocation
- Device type, model, operating system, and browser version
- Unique device identifiers (Device ID, IDFA, GAID)
- Session data including login timestamps, session duration, and page interactions
- Clickstream data and navigation patterns
- Search queries made within the Platform
- Feature usage analytics (which tools, filters, and views are used)
- Error logs, crash reports, and performance diagnostics
- Referral URLs and traffic sources
3.3 Cookies & Tracking Technologies
We use cookies, pixel tags, local storage, and similar tracking technologies. These fall into four categories:
| Cookie Type | Purpose | Can Opt Out? |
|---|---|---|
| Strictly Necessary | Authentication, security, session management, fraud prevention | No (essential) |
| Functional | Remembering preferences, language settings, UI customisation | Yes |
| Performance / Analytics | Aggregated usage analytics, A/B testing, error monitoring | Yes |
| Marketing / Targeting | Personalised ads, retargeting, conversion tracking | Yes |
You may manage your cookie preferences at any time via the Cookie Preference Centre accessible from the footer of our website. Refusing non-essential cookies will not prevent you from using core platform features.
3.4 Information from Third Parties
- Identity verification data from KYC providers (e.g., Onfido, Jumio)
- Payment and fraud signals from payment processors (e.g., Stripe, PayPal)
- Social login profile data when you use Google, LinkedIn, or Apple Sign-In
- Public profile information from linked professional networks
- Background check results (with your explicit prior consent, where applicable)
- Credit or risk scores from financial data providers (for enterprise clients only, with consent)
4. Legal Bases for Processing
We rely on the following legal bases to process your personal data, as required under Article 6 of the GDPR and equivalent provisions under applicable laws worldwide:
| Legal Basis | When We Use It |
|---|---|
| Contractual Necessity | To create and manage your account, process payments, facilitate contracts between freelancers and clients, and deliver core platform features. |
| Legitimate Interests | For fraud prevention, platform security, improving our services, sending direct marketing to existing users, and conducting analytics — where these interests are not overridden by your rights. |
| Consent | For marketing communications to new contacts, optional profiling, placing non-essential cookies, and any processing where we have asked for your explicit consent. |
| Legal Obligation | For tax reporting, anti-money laundering checks, responding to law enforcement requests, and retaining records as mandated by applicable law. |
| Vital Interests | In rare emergency situations to protect the safety of users or third parties. |
| Public Task | Applicable to admin functions carried out in the public interest, such as regulatory compliance reporting. |
For special categories of personal data (such as biometric data used for KYC), we rely on explicit consent or, where applicable, for reasons of substantial public interest.
5. How We Use Your Information
5.1 All Users
- Creating and managing your user account and profile
- Verifying your identity and preventing fraudulent activity
- Processing transactions, payments, refunds, and invoices
- Providing customer support and resolving disputes
- Sending essential service notifications (account activity, security alerts, system updates)
- Complying with legal, regulatory, and tax obligations
- Enforcing our Terms of Service and Community Guidelines
- Improving and developing new platform features through aggregated analytics
- Ensuring platform security, integrity, and preventing abuse
5.2 Marketing & Communications
With your consent, or where permitted by applicable law based on our legitimate interests, we may send you:
- Platform updates, new feature announcements, and product newsletters
- Personalised recommendations for jobs, clients, or freelancers
- Promotional offers and discount notifications
- Industry insights, blog content, and educational resources
You can opt out of marketing communications at any time by clicking 'Unsubscribe' in any marketing email or by adjusting your communication preferences in your account settings. Opting out of marketing will not affect transactional service emails.
6. How We Share Your Information
We do not sell your personal data to third parties. We only share your information in the circumstances described below.
6.1 With Other Platform Users
- Your public profile information (name, bio, skills, portfolio, ratings, and reviews) is visible to other users of the Platform as part of the core marketplace function
- Messages and project-related communications are shared with the counterpart(s) in that conversation
- When a contract is formed, basic contact and payment information is shared with the contracting party as necessary to complete the engagement
6.2 With Service Providers
We engage carefully selected third-party vendors who process data on our behalf under strict Data Processing Agreements:
- Payment processors: Stripe, PayPal, Payoneer, Wise — for payment facilitation
- Identity verification: Onfido, Jumio — for KYC and fraud prevention
- Cloud infrastructure: AWS, Google Cloud, Azure — for hosting and storage
- Communications: SendGrid, Twilio — for transactional email and SMS
- Analytics: Mixpanel, Amplitude — for usage analytics (data is pseudonymised)
- Customer support: Zendesk, Intercom — for support ticketing
- Error monitoring: Sentry — for application diagnostics
- Fraud prevention: Sift, MaxMind — for risk scoring
6.3 For Legal & Regulatory Purposes
- In response to lawful requests from courts, regulators, or law enforcement agencies
- To enforce our Terms of Service or protect the rights, property, or safety of ProLanceur, our users, or the public
- To investigate potential violations, fraud, or illegal activity
- To comply with tax reporting obligations to revenue authorities
6.4 Business Transfers
If ProLanceur is involved in a merger, acquisition, asset sale, or restructuring, your personal data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
6.5 With Your Consent
We will share your data with any other third party where you have given us specific consent to do so. You may withdraw this consent at any time.
7. International Data Transfers
ProLanceur operates globally. Your data may be transferred to and processed in countries outside of your own, including countries that may not offer the same level of data protection as your home country. We take all necessary steps to ensure that such transfers comply with applicable law.
For transfers from the European Economic Area (EEA), United Kingdom (UK), or Switzerland to third countries, we rely on one or more of the following safeguards:
- European Commission adequacy decisions
- Standard Contractual Clauses (SCCs) as approved by the European Commission
- UK International Data Transfer Agreements (IDTAs) for transfers from the UK post-Brexit
- Binding Corporate Rules (BCRs) where applicable to intra-group transfers
- Derogations for specific situations under Article 49 GDPR
You may request a copy of the specific safeguards we use for international transfers by contacting privacy@prolanceur.com.
8. Data Retention
We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying legal, accounting, or reporting requirements.
| Data Category | Retention Period |
|---|---|
| Active account data | For the duration of your active account |
| Account data after deletion | 30 days (recovery window), then anonymised within 90 days |
| Financial & payment records | 7 years from the transaction date (tax and accounting laws) |
| KYC / identity documents | 5 years from last transaction (AML regulations) |
| Messages and project records | 5 years after project completion (for dispute resolution) |
| Legal dispute records | 10 years or until resolution plus applicable limitation period |
| Fraud & abuse records | Indefinitely (to prevent re-registration by bad actors) |
| Marketing consent records | 3 years from last interaction or consent withdrawal |
| Server & access logs | 12 months (security and debugging purposes) |
| Backup data | Destroyed within 90 days of the backup cycle completion |
When personal data is no longer needed, it is securely deleted, anonymised, or pseudonymised. If you request deletion of your account, we will process your request within 30 days and confirm completion, subject to any legal retention obligations that require us to retain certain data longer.
9. Security of Your Data
We take the security of your personal data extremely seriously. We implement technical and organisational security measures designed to protect your data against accidental loss, alteration, unauthorised disclosure, or access.
9.1 Technical Measures
- TLS 1.2/1.3 encryption for all data in transit
- AES-256 encryption for sensitive data at rest (including financial information and identity documents)
- Bcrypt hashing for all stored passwords with appropriate work factors
- Tokenisation of payment card data via our PCI-DSS Level 1 certified processors
- End-to-end encrypted messaging for sensitive communications
- Multi-factor authentication (MFA) available and encouraged for all users; mandatory for Admin accounts
- Automated vulnerability scanning and penetration testing (conducted quarterly by independent security firms)
- Web Application Firewall (WAF) and DDoS mitigation
- Intrusion Detection and Prevention Systems (IDS/IPS)
9.2 Organisational Measures
- Role-based access control (RBAC) — staff access to personal data is limited to what is necessary for their role
- Comprehensive employee privacy and security training upon onboarding and annually thereafter
- Non-disclosure agreements with all staff and contractors who handle personal data
- Formal incident response and data breach notification procedures
- Regular security audits and privacy impact assessments
Despite these measures, no system is completely secure. In the event of a data breach that poses a high risk to your rights and freedoms, we will notify you without undue delay (and within 72 hours for GDPR purposes).
10. Your Privacy Rights
Depending on your location, you have various rights regarding your personal data. ProLanceur honours these rights across all jurisdictions to the greatest extent practicable.
10.1 Rights Under GDPR (EU / EEA Users)
- Right of Access: Request a copy of all personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure / Right to be Forgotten: Request deletion of your data where there is no compelling reason for continued processing
- Right to Restriction of Processing: Ask us to restrict processing in certain circumstances
- Right to Data Portability: Receive your data in a machine-readable format or have it transmitted to another controller
- Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
- Right Not to be Subject to Automated Decision-Making: Request human review of any solely automated decisions that significantly affect you
- Right to Withdraw Consent: Withdraw any consent you have given at any time, without affecting the lawfulness of processing before withdrawal
- Right to Lodge a Complaint: With your national Data Protection Authority (DPA)
10.2 Rights Under CCPA / CPRA (California, USA Users)
- Right to Know: Request disclosure of the personal information we collect, use, disclose, and sell
- Right to Delete: Request deletion of personal information we hold about you
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale or Sharing: We do not sell personal data, but you may opt out of data sharing for cross-context behavioural advertising
- Right to Limit Use of Sensitive Personal Information: Restrict how we use your sensitive data
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
10.3 How to Exercise Your Rights
To exercise any of the rights described above, please submit a request through one of the following channels:
- Email: privacy@prolanceur.com
- In-app: Settings > Privacy > Data Requests
We will verify your identity before processing any request. We will respond to your request within 30 days (or the shorter period required by your jurisdiction). We may extend this period by up to 60 days where necessary, with prior notice.
11. Artificial Intelligence & Automated Processing
ProLanceur LLP leverages artificial intelligence and machine learning technologies to enhance the platform experience. We are transparent about how these technologies interact with your data.
11.1 AI Features We Use
- Talent matching algorithms: To recommend relevant freelancers to clients and relevant projects to freelancers
- Dynamic pricing suggestions: To provide market-rate guidance based on project type and skill demand
- Fraud detection: Automated analysis of account behaviour and transaction patterns
- Content moderation: Automated screening of messages, profiles, and project descriptions
- Search and ranking: Algorithmic ordering of search results and platform recommendations
- Skill verification suggestions: AI-assisted evaluation of portfolio quality and skill endorsements
11.2 Decisions with Significant Effects
Where automated processing produces decisions that have a significant legal or similarly significant effect on you (such as account suspension or service limitation), you have the right to request human review. Contact support@prolanceur.com with the reference number of the automated decision.
11.3 AI Training
We may use aggregated and de-identified (anonymised) platform data to train and improve our AI models. We do not use identifiable personal data for AI training without your explicit consent. You may opt out of contributing to AI training via your account Privacy Settings.
12. Children's Privacy
The Platform is not directed to, and we do not knowingly collect personal data from, children under the age of 16 (or such higher age as may be required by applicable law in your jurisdiction).
If we become aware that we have inadvertently collected personal data from a child below the applicable minimum age without verified parental or guardian consent, we will take immediate steps to delete that information from our systems. If you believe that we may have collected data from a child, please contact us immediately at privacy@prolanceur.com.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:
- Update the 'Last Revised' date at the top of this Policy
- Post the updated Policy on our website and within the Platform
- For material changes, provide you with prominent notice such as a banner on our Platform, an in-app notification, and/or an email notification
- Where required by applicable law, obtain your renewed consent before the change takes effect
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the revised Policy.
14. How to Contact Us
For any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please reach out to us via any of the following channels:
| General Privacy Enquiries | privacy@prolanceur.com |
| Data Protection Officer | dpo@prolanceur.com |
| Security Issues | security@prolanceur.com |
| Legal & Compliance | legal@prolanceur.com |
If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with your local data protection supervisory authority.