Privacy Policy
Your privacy matters to us. Stringerfy is committed to protecting the personal data of every user on our platform.
Effective date: 16 February 2026
Last updated: 5 March 2026
1. Who we are
Stringerfy is operated by The Stringerfy Team. We are the data controller responsible for your personal data.
If you have any questions about this policy or how we handle your data, you can contact us at privacy@stringerfy.com.
Stringerfy is a multi-tenant platform, which means each organisation on the platform has its own isolated data environment. Your organisation's data is kept completely separate from other organisations at the database level.
This policy applies to all users of the Stringerfy platform, including company administrators, staff members, and freelancers. It explains how we collect, use, store, and protect your personal data in accordance with the DIFC Data Protection Law (DIFC Law No. 5 of 2020) and applicable international data protection standards.
2. What data we collect
We collect and process the following categories of personal data:
Account data
Collected via our authentication provider, Clerk:
- Name and email address
- Profile image
- Organisation name and your membership role
- System identifiers (user ID, organisation ID) used internally to manage your account
Freelancer profile data
Entered directly by freelancers when completing their profile:
- Bio, areas of expertise, location, country
- Phone number
- Portfolio URL, CV URL, ID document URL
- Banking details: bank name, account number, IBAN, SWIFT/BIC code, preferred currency
Workflow and assignment data
Generated through your use of the platform:
- Assignment details: titles, descriptions, content types, deadlines
- Task unique identifiers (TUI)
- Submission notes and file URL references
- Approval decisions and feedback
- Assignment event history and audit trail
Financial data
- Contract amounts and currencies
- Payment records (amounts, status, dates)
- Cost centre allocations and budgets
Communication data
- In-app notification content
- Contact form submissions (name, email, company, message, enquiry type)
Technical data
Collected automatically when you use the platform:
- IP address
- Browser type and version
- Device information
- Pages visited and time spent
- Referral source
Cookies and similar technologies
- Clerk session cookies (essential for authentication)
- Theme preference (functional — stores your light or dark mode choice)
See Section 8 for full details on cookies and analytics.
We do not collect or process special categories of personal data (such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data).
3. How we collect your data
We collect personal data in the following ways:
Directly from you
When you create an account, complete your freelancer profile, submit work, create assignments, manage payments, or contact us via the contact form.
From your organisation
When your company administrator invites you to the platform. Invitations are sent via Clerk's invitation system and include your email address and intended role.
Automatically
Technical data is collected automatically when you use the platform, including standard web server logs and session management via Clerk.
From third-party services
Authentication data is provided by Clerk, our identity provider, when you sign in or create an account.
4. How we use your data
We only process your personal data when we have a lawful basis to do so. The table below sets out our purposes for processing and the corresponding legal basis under the DIFC Data Protection Law.
Providing and maintaining the platform
Necessary for the performance of a contract with you (Schedule 1, Condition 2)
Managing your account and authentication
Necessary for the performance of a contract with you (Schedule 1, Condition 2)
Processing assignments and submissions
Necessary for the performance of a contract with you (Schedule 1, Condition 2)
Processing payments to freelancers
Necessary for the performance of a contract with you (Schedule 1, Condition 2)
Sending in-app notifications about your assignments and payments
Necessary for the performance of a contract with you (Schedule 1, Condition 2)
Ensuring data isolation between organisations on the platform
Necessary for contract performance and our legitimate interest in maintaining platform security (Schedule 1, Conditions 2 and 4)
Responding to your enquiries submitted via the contact form
Our legitimate interest in communicating with prospective and existing users (Schedule 1, Condition 4)
Improving the platform and fixing bugs
Our legitimate interest in improving our services (Schedule 1, Condition 4)
Complying with legal and regulatory obligations
Necessary for compliance with a legal obligation (Schedule 1, Condition 3)
Protecting against fraud, abuse, and security threats
Our legitimate interest in maintaining a secure platform (Schedule 1, Condition 4)
5. Who we share data with
We do not sell your personal data to anyone. We share data only with the following parties, and only to the extent necessary:
Clerk (authentication provider)
Processes your account data, session management, and invitation emails. Clerk is a US-based provider; data transfers are protected by appropriate safeguards (see Section 6).
Members of your organisation
Within the multi-tenant platform, administrators and staff members in your organisation can see data relevant to their role. For example, assignment managers can view freelancer names and submissions. Each organisation's data is isolated from every other organisation at the database level.
Hosting and infrastructure providers
Our application is hosted on Vercel and our database is hosted on Neon (PostgreSQL). These providers process data on our behalf under data processing agreements.
Analytics providers
We use Vercel Analytics and Vercel Speed Insights, which are privacy-friendly, cookieless analytics tools. They collect aggregate page view data and Core Web Vitals performance metrics. No personally identifiable information is collected by these tools.
Payment processors (planned)
We plan to integrate Stripe for payment processing. When active, Stripe will process payment data directly and will be subject to its own privacy policy. We will update this section when the integration is live.
File storage providers (planned)
We plan to integrate AWS S3 for file storage. When active, uploaded files will be stored securely on AWS infrastructure. We will update this section when the integration is live.
Legal and regulatory authorities
We may disclose your data if required to do so by law, court order, or regulatory obligation, or to protect the rights, property, or safety of Stringerfy, our users, or others.
6. International data transfers
Some of our service providers are based outside the DIFC. When your personal data is transferred to a jurisdiction that has not been recognised as providing an adequate level of data protection, we ensure appropriate safeguards are in place in accordance with Part 7 of the DIFC Data Protection Law (DIFC Law No. 5 of 2020).
Our authentication provider, Clerk, is based in the United States. Our hosting provider, Vercel, operates globally. Our database provider, Neon, hosts data in the EU region. These transfers are protected by appropriate contractual safeguards, including Standard Contractual Clauses (SCCs) or equivalent mechanisms.
When additional third-party services are integrated (such as Stripe and AWS), their data transfer mechanisms and safeguards will be documented in this section.
7. Data retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our retention periods are as follows:
Account data
Retained while your account is active. Deleted within 30 days of an account deletion request.
Freelancer profile data
Retained while your account is active. You can update or remove your banking details at any time via your profile.
Assignment and workflow data
Retained for the duration of the organisation’s subscription, plus 6 years after contract termination (for legal and accounting obligations).
Payment records
Retained for 6 years after the relevant financial year, as required for legal and accounting purposes.
Contact form submissions
Retained for 12 months, then deleted.
Technical logs
Retained for 90 days.
Assignment audit trail
Retained alongside assignment data for accountability and compliance.
8. Cookies and analytics
We use a minimal number of cookies and similar technologies, all of which are necessary for the platform to function:
Essential cookies
Clerk session cookies are required for authentication. These cookies keep you signed in and cannot be disabled, as the platform cannot function without them.
Functional storage
Your theme preference (light or dark mode) is stored in your browser's local storage. This is not technically a cookie, but we disclose it here for transparency.
Analytics
We use Vercel Analytics and Vercel Speed Insights to understand how our platform is used and to monitor performance. These tools are privacy-friendly and do not use cookies. They collect aggregate, anonymous data only — such as page views and Core Web Vitals metrics. No personally identifiable information is collected or stored by these analytics tools.
Advertising cookies
We do not use any advertising or tracking cookies. If we introduce additional analytics tools in the future, we will update this section and implement an appropriate consent mechanism before they are deployed.
9. Your rights
Under the DIFC Data Protection Law (Part 4), you have the following rights in relation to your personal data:
Right of access (Article 32)
You can request a copy of the personal data we hold about you.
Right to rectification (Article 33)
You can request that we correct any inaccurate or incomplete data. Freelancers can also update their profile directly via the platform.
Right to erasure (Article 34)
You can request that we delete your personal data, subject to any legal retention requirements that may apply.
Right to restrict processing (Article 35)
You can request that we limit how we process your data in certain circumstances.
Right to data portability (Article 36)
You can request to receive your personal data in a structured, commonly used, and machine-readable format.
Right to object (Article 37)
You can object to our processing of your data where we rely on legitimate interest as the legal basis.
Rights related to automated decision-making (Article 40)
Stringerfy does not currently use automated decision-making or profiling that produces legal effects or similarly significant effects on you.
Built-in data export
Stringerfy includes a built-in data export feature that allows you to download all your personal data directly from the platform in a structured JSON format. Learn more on our Data Protection & Your Rights page.
To exercise any of these rights, please email us at privacy@stringerfy.com. We will respond to your request within 30 calendar days. In exceptional cases, we may extend this by a further 60 days, and we will inform you if this is necessary.
There is no fee for exercising your rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive, or we may refuse to act on it.
10. Security
We take the security of your personal data seriously. The measures we have in place include:
- Encryption in transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.
- Authentication security: Account authentication is handled by Clerk, which implements industry-standard security practices including secure session management and token handling.
- Multi-tenant data isolation: Each organisation's data is isolated at the database query layer, preventing any cross-tenant access.
- Role-based access control: Access to data within each organisation is restricted based on user roles, so users can only see and act on data relevant to their responsibilities.
- Sensitive data handling: Banking details are stored securely in the database. When our Stripe integration is complete, sensitive payment card data will be handled directly by Stripe and will not be stored on Stringerfy servers.
- Audit logging: Sensitive actions are recorded in a tamper-evident audit trail with automatic PII redaction in logs.
While no system can guarantee absolute security, we continuously review and improve our security practices to protect your data.
11. Children's privacy
Stringerfy is a business-to-business platform and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children.
If you believe that a child has provided personal data to us, please contact us at privacy@stringerfy.com and we will take steps to delete the data promptly.
12. Changes to this policy
We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
If we make material changes, we will notify you through the platform (via an in-app notification or email). The “Last updated” date at the top of this page will be revised with each update.
We encourage you to review this policy periodically. Your continued use of Stringerfy after any changes constitutes your acceptance of the updated policy.
13. Contact us and how to complain
If you have any questions about this privacy policy, or if you wish to exercise any of your rights, please contact us:
Data protection enquiries: privacy@stringerfy.com
General enquiries: info@stringerfy.com
We would always prefer to resolve any concerns you have directly. However, if you are not satisfied with our response, you have the right to lodge a complaint with the DIFC Commissioner of Data Protection:
Questions about your privacy?
We're here to help. Get in touch with our team and we'll respond within 24 hours.