Project Data: Project descriptions, budgets, timelines, deliverables, and project files.
Payment Information: Billing address, payment method details (processed securely via Stripe — we do not store full card numbers), USDC wallet addresses.
Identity Verification: Government-issued ID documents for verified freelancer status.
Communications: Messages sent through the Platform, support requests, reviews, and feedback.
1.2 Information Collected Automatically
Usage Data: Pages visited, features used, search queries, time spent, click patterns.
Network Data: IP address, approximate geolocation (city/country level), ISP.
Performance Data: Page load times, error logs, API response times.
1.3 Information from Third Parties
OAuth Providers: If you sign in via Google or GitHub, we receive your name, email, and profile picture.
Payment Processors: Stripe provides transaction confirmations and fraud screening results.
2. How We Use Your Information
We use the information we collect for the following purposes:
Service Delivery: To create and manage your account, facilitate project matching, process payments, and enable communication between users.
AI-Powered Features: To power our matching algorithm, proposal writer, price estimator, fraud detection, and other AI tools.
Personalisation: To customise your feed, recommend projects or freelancers, and tailor notifications.
Security & Fraud Prevention: To detect suspicious activity, prevent fraud, enforce our Terms of Service, and protect users.
Analytics & Improvement: To understand usage patterns, improve platform performance, and develop new features.
Communications: To send transactional emails (payment confirmations, project updates), and with your consent, marketing communications.
Legal Compliance: To comply with applicable laws, regulations, and legal processes.
3. AI & Automated Processing
MegiLance uses artificial intelligence and machine learning to enhance the platform experience. This includes:
Matching Algorithm: Our 7-factor AI analyses skill alignment (30%), experience (15%), budget compatibility (15%), response rate (10%), success rate (10%), location preference (10%), and availability (10%) to recommend optimal matches.
Fraud Detection: Automated content analysis scans project descriptions, messages, and profiles for potential fraud indicators, spam, and policy violations.
Proposal & Content Generation: AI tools may process your skills and project data to generate proposals, estimates, and contracts.
Search Ranking: Freelancer profiles are ranked in search results using automated scoring that considers completeness, ratings, response time, and verification status.
You have the right to request human review of any significant automated decision that affects your account. Contact our support team to exercise this right.
4. Information Sharing
We do not sell your personal data. We may share information in the following circumstances:
Between Users: Profile information, reviews, and project details are shared between clients and freelancers as necessary to facilitate engagements.
Service Providers: We share data with trusted third-party processors who assist with hosting (cloud infrastructure), payment processing (Stripe), email delivery, analytics, and customer support — all under strict data processing agreements.
Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction with equivalent privacy protections maintained.
With Your Consent: We may share information for purposes not described here only with your explicit consent.
5. Data Retention
We retain your data for as long as necessary to provide our services and fulfil the purposes described in this policy:
Active Accounts: Data is retained for the duration of your account.
Closed Accounts: Core account data is retained for 90 days after account closure to allow reactivation, then anonymised or deleted.
Financial Records: Transaction data is retained for 7 years to comply with tax and financial regulations.
Communications: Messages are retained for 2 years after the associated project is closed.
Usage Logs: Anonymised usage analytics are retained indefinitely for platform improvement.
6. Data Security
We implement industry-standard security measures to protect your information:
Encryption: All data in transit is encrypted using TLS 1.3. Sensitive data at rest is encrypted using AES-256.
Password Security: Passwords are hashed using bcrypt with appropriate work factors. We never store plaintext passwords.
Access Controls: Role-based access control (RBAC) ensures users only access data relevant to their role.
Infrastructure: Hosted on secure cloud infrastructure with regular security audits, DDoS mitigation, and automated vulnerability scanning.
Incident Response: We maintain an incident response plan and will notify affected users within 72 hours of discovering a data breach.
7. Your Rights (GDPR / CCPA)
Depending on your location, you may have the following rights regarding your personal data:
7.1 GDPR Rights (EU/UK Residents)
Right of Access: Request a copy of all personal data we hold about you.
Right to Rectification: Correct inaccurate or incomplete data.
Right to Erasure: Request deletion of your data ("right to be forgotten").
Right to Restrict Processing: Limit how we use your data in certain circumstances.
Right to Data Portability: Receive your data in a structured, machine-readable format.
Right to Object: Object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
7.2 CCPA Rights (California Residents)
Right to Know: Request disclosure of categories and specific pieces of personal information collected.
Right to Delete: Request deletion of personal information.
Right to Opt-Out: Opt out of the sale of personal information (we do not sell your data).
Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise any of these rights, contact us at [email protected] or use the privacy controls in your account settings. We will respond within 30 days.
8. Cookies & Tracking Technologies
We use cookies and similar technologies to:
Essential Cookies: Maintain your session, remember your preferences, and ensure platform security.
Analytics Cookies: Understand how users interact with the Platform to improve performance and features.
Preference Cookies: Remember your theme (light/dark mode), language, and display preferences.
We do not use third-party advertising cookies or trackers. You can manage cookie preferences through your browser settings or our Cookie Policy page.
9. International Data Transfers
MegiLance operates globally, and your data may be transferred to and processed in countries outside your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place, including:
Standard Contractual Clauses (SCCs) approved by the European Commission.
Data processing agreements with all third-party processors.
Adequacy decisions where applicable.
10. Children's Privacy
MegiLance is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly. If you believe a child has provided us with personal information, please contact us immediately.
11. Third-Party Services
Our Platform may contain links to or integrate with third-party services. Key third-party processors include:
Stripe: Payment processing and fraud screening.
Turso (libSQL): Database hosting and storage.
Cloud Providers: Infrastructure and hosting services.
OAuth Providers: Google and GitHub for authentication.
These services have their own privacy policies, and we encourage you to review them. We are not responsible for the privacy practices of third-party services.
12. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of material changes by posting the updated policy on the Platform with a revised date. For significant changes, we will provide at least 30 days' notice via email or in-app notification.
13. Contact & Data Protection Officer
For privacy-related inquiries or to exercise your data rights:
If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority (e.g., the ICO in the UK, CNIL in France).