Privacy Policy

This Privacy Policy describes how Chartered.Work (“the Platform,” “we,” “us,” or “our”) collects, uses, and safeguards personal data when individuals or organizations (“you,” “your”) access our website, services, or any other online portals we operate. By continuing to use our Platform, you agree to the practices detailed below.

This Policy should be read alongside our Terms of Service and (if applicable) our SMS Use Policy.

1. Purpose and Scope

Chartered.Work serves as a marketplace for professionals offering services (Contractors) and users seeking to contract such services (Clients). This Policy explains our data-handling practices and your rights regarding personal information collected through our Platform. We comply with relevant privacy laws, including (but not limited to) the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

2. Categories of Data We Collect

• Account Data: Information you provide when creating an account, such as email addresses, passwords, and profile data (e.g., display name or skill set).
• Phone Number (Optional): If you choose to provide a phone number, we may use it for account security purposes, including SMS-based security notifications if enabled.
• Project Details & Communications: Text, files, milestones, deliverables, and messages exchanged between Clients and Contractors. While we store this data to facilitate project workflows and dispute resolution, we do not use it to train models or otherwise repurpose it outside these contexts.
• Technical Data: IP addresses, browser type, device details, timestamps, and cookie identifiers to help detect fraud, validate sessions, and secure your account.

3. Why We Collect Personal Data

• Account Management: To enable registration, password resets, and role assignments.
• Facilitating Projects: Enabling service requests, messaging, attachments, milestones, and deliveries.
• Legal Obligations: Maintaining appropriate records and responding to legitimate law enforcement or regulatory requests.
• Security & Fraud Detection: Monitoring suspicious login attempts or unusual IP usage patterns, employing multi-factor authentication, and verifying device fingerprints.
• Customer Support: Assisting with service tickets, technical issues, or inquiries about projects, disputes, or policy matters.

4. Dispute Handling and Project Data

We do not use project text or attachments to train any system. Project content is accessible solely to facilitate project delivery and to help investigate issues that arise during a project. Any review is performed for support and safety purposes only and is not used for marketing or model training.

5. Cookies and Similar Technologies

We use cookies and comparable methods to:

• Remember your session and login status
• Help personalize your user experience
• Analyze site performance and security

You can configure your browser to reject cookies or to notify you when cookies are set. However, certain essential Platform features (e.g., project dashboards, secure logins) may be limited if cookies are disabled.

6. How We Share Information

• Service Providers: We partner with service providers (such as infrastructure, storage, email delivery, and security vendors) that act on our behalf for limited tasks. They receive only the information needed to fulfill their contractual obligations.
• Business Transfers: In the event of a merger, acquisition, or sale of platform assets, personal data may be transferred as part of the transaction.
• Legal and Regulatory: If legally compelled (e.g., court order, subpoena), we may disclose user data. We will notify you when permissible by law.
• Consent: Data may be shared with third parties if you explicitly authorize it (e.g., letting external attorneys or accountants view specific project details).

7. Data Retention

• General Retention Period: We generally keep certain records (e.g., security logs and support records) for at least seven years to fulfill legal and compliance obligations.
• Account Deletion: Users may request account deletion. After a defined cooldown to address open projects or disputes, the account is “soft-deleted” and eventually anonymized beyond what is needed for legal recordkeeping.
• Project Deliverables & Attachments: Retained to support project delivery and to help resolve issues. Data is purged or anonymized when no longer necessary for these purposes.

8. International Data Transfers & Standard Contractual Clauses (SCCs)

Depending on where you reside, your data may be transmitted and stored outside your jurisdiction, including in countries that may not offer the same level of data protection. When transferring personal data from the European Economic Area (EEA) or the United Kingdom to third countries, we rely on legal mechanisms such as the European Commission’s Standard Contractual Clauses (SCCs) to ensure an adequate level of protection for your personal data.

We periodically review our international data transfer policies to confirm compliance with changes in global privacy regulations, court rulings, and guidance from supervisory authorities.

9. Your Rights Under GDPR and CCPA/CPRA

If you are located in the European Union (under GDPR) or in California (under the CCPA/CPRA), you may have specific rights regarding your personal data.

• Right to Access: You may request a copy of personal data we hold about you and explanation of how we process it.
• Right to Rectify: You can ask us to correct inaccurate or incomplete data related to your account.
• Right to Erasure: Commonly known as “the right to be forgotten.” Under certain circumstances, you can request we delete your personal data, subject to legal or contractual obligations.
• Right to Restrict or Object: You may request that we limit how your personal data is processed or object to specific processing activities (e.g., marketing emails).
• Right to Data Portability: In some cases, you can request a copy of your information in a structured, machine-readable format to be transferred to another service.
• Right to Non-Discrimination (California): We will not deny services, charge different prices, or provide a lower level of service solely because you exercise your rights under the CCPA/CPRA.

To exercise these rights or learn more about how they may apply to you, please contact us through the details at the end of this Policy. We may ask for proof of identity or additional verification to process your request.

10. Security Measures

We take appropriate technical and organizational steps to protect personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure, or access. These measures include data encryption at rest for sensitive columns, regular audits of our security processes, role-based access control, and secure backups. While no system can guarantee absolute security, we continually enhance our safeguards to meet evolving threats.

11. Children’s Privacy

Our services are not targeted toward individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe that a minor has provided personal data to us, please notify us so we can take appropriate steps to remove that information.

12. Changes to This Policy

We may revise this Privacy Policy from time to time. If we make material changes, we will notify users via the Platform or by email before those changes take effect. Any revised Policy will be accessible on our website with an updated revision date. We encourage you to review it periodically.

13. Contact Information

If you have any questions or requests regarding this Privacy Policy, our data handling practices, or wish to exercise any of your rights:

We will respond as promptly as possible to address any concerns or requests related to your personal data.