Privacy Policy

Vurrk ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our platform, website, applications, and services (collectively, the "Service").

By accessing or using the Service, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with our practices, please do not use the Service.

This Privacy Policy should be read together with our Terms of Service.

2.1 Information You Provide Directly

• Account Information: Name, email address, password, country, and professional role when you create an account.
• Profile Information: Biography, skills, experience, profile photo, and other details you add to your profile.
• Invoice and Billing Data: Client names, email addresses, invoice amounts, work descriptions, payment terms, and related financial information.
• Shadow Ledger Entries: Project descriptions, client information, proof documents, and confirmation records.
• Payment Information: When using Stripe payments, we receive transaction metadata. We do not store credit card numbers.
• Communications: Messages you send to us, support requests, and feedback.
• Platform Imports: Work history data you choose to import from platforms like Upwork.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent, clicks, and interactions with the Service.
• Device Information: Device type, operating system, browser type, screen resolution, and unique device identifiers.
• Log Data: IP address, access times, referring URLs, and error logs.
• Location Data: Approximate location based on IP address (we do not collect precise GPS location).

2.3 Information from Third Parties

• Platform Integrations: Data from connected platforms (e.g., Upwork) that you authorize.
• Payment Processors: Transaction status and metadata from Stripe.
• Client Confirmations: Information provided by clients when confirming work or making payments.

We use the information we collect for the following purposes:

3.1 Providing the Service

• Create and manage your account
• Enable invoice creation, sending, and tracking
• Process Shadow Ledger entries and confirmations
• Calculate and display your Trust Score
• Facilitate payment processing and escrow
• Maintain your public profile

3.2 Communication

• Send transactional emails (invoices, confirmations, receipts)
• Respond to your inquiries and support requests
• Send service updates and security alerts
• Send marketing communications (with your consent)

3.3 Improvement and Analytics

• Analyze usage patterns to improve the Service
• Develop new features and functionality
• Conduct research and analytics
• Monitor and prevent fraud and abuse

3.4 Legal and Safety

• Comply with legal obligations
• Enforce our Terms of Service
• Protect our rights, privacy, safety, or property
• Respond to lawful requests from authorities

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

• Contract Performance: Processing necessary to perform our contract with you (providing the Service).
• Legitimate Interests: Processing for our legitimate business interests, such as fraud prevention, security, and service improvement, where not overridden by your rights.
• Consent: Processing based on your consent (e.g., marketing communications), which you may withdraw at any time.
• Legal Obligation: Processing necessary to comply with legal requirements.

We do not sell your personal information to third parties.

We may share your information in the following circumstances:

5.1 With Your Consent

When you direct us to share information or authorize integrations.

5.2 Public Profile

Your Trust Score, public profile information, and verified record counts are visible to anyone who views your profile. You can control some visibility settings.

5.3 With Clients

When you send invoices or request confirmations, we share relevant information with those clients.

5.4 Service Providers

We engage third-party service providers who process data on our behalf:

• Supabase (database and authentication)
• Stripe (payment processing)
• Email service providers (transactional emails)
• Analytics providers (usage analytics)
• Cloud hosting providers

These providers are contractually obligated to protect your data and use it only as directed.

5.5 Legal Requirements

We may disclose information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect our rights, prevent fraud, or ensure user safety.

5.6 Business Transfers

If Vurrk is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

6.1 Active Accounts

We retain your personal information for as long as your account is active or as needed to provide the Service.

6.2 Verified Records

Verified records (confirmed invoices, Shadow Ledger entries, dispute outcomes) are retained indefinitely as part of the immutable trust record. This is essential to the integrity of the Trust Score system and cannot be changed upon request.

6.3 Account Deletion

You may request account deletion. Upon deletion, we will remove or anonymize your personal information, except for verified records which must be retained, and data we are required to keep for legal purposes.

6.4 Legal Retention

We may retain certain information as required by law, for dispute resolution, or to enforce our agreements.

Depending on your location, you may have the following rights:

7.1 Access

Request a copy of the personal information we hold about you.

7.2 Correction

Request correction of inaccurate personal information (note: verified records cannot be modified).

7.3 Deletion

Request deletion of your personal information, subject to exceptions (verified records, legal obligations).

7.4 Data Portability

Request a machine-readable copy of your data.

7.5 Objection

Object to processing based on legitimate interests.

7.6 Restriction

Request restriction of processing in certain circumstances.

7.7 Withdraw Consent

Withdraw consent where processing is based on consent.

7.8 Marketing Opt-Out

Unsubscribe from marketing communications at any time using the link in our emails.

To exercise these rights, please contact us at privacy@vurrk.com. We will respond within the timeframes required by applicable law (typically 30 days).

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, and disclose.
• Right to Delete: Request deletion of your personal information (subject to exceptions).
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale: We do not sell personal information, so this right does not apply.
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

To submit a request, contact us at privacy@vurrk.com. We may verify your identity before processing requests.

Vurrk operates globally, and your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer data internationally, we implement appropriate safeguards, including:

• Standard Contractual Clauses approved by the European Commission
• Data processing agreements with service providers
• Compliance with applicable data protection frameworks

We implement technical and organizational measures to protect your personal information:

• Encryption: AES-256 encryption for data at rest; TLS 1.3 for data in transit.
• Access Controls: Role-based access controls and least-privilege principles.
• Authentication: Secure session management and multi-factor authentication options.
• Monitoring: Security monitoring and incident detection.
• Audit Logging: Immutable logs for security-sensitive actions.

While we implement strong security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

11.1 Essential Cookies

We use essential cookies required for the Service to function, including authentication and security cookies. These cannot be disabled.

11.2 Analytics Cookies

We may use analytics cookies to understand how users interact with the Service. You can control these through your browser settings or our cookie preferences.

11.3 Your Choices

Most browsers allow you to refuse or delete cookies. Note that disabling cookies may affect functionality.

11.4 Do Not Track

We do not currently respond to "Do Not Track" browser signals as there is no industry standard for this.

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@vurrk.com.

The Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 30 days before the changes take effect.

Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated Privacy Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

If you are in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.