Draft — not yet reviewed by counsel.

Privacy Policy

Last updated: see git history.

1. Who runs MeritWork

MeritWork is operated by the MeritWork team. We are the data controller for personal data you provide while using the service.

2. What we collect

• Account: email address, password hash, account status.
• Profile: name, optional bio, photo, occupation, city, interests — only what you choose to enter.
• Activity: services and requests you post, connections, group memberships, ratings and recommendations you give, chat messages you send.
• Technical: per-session record (IP, user agent, timestamps) so you can audit and revoke active sign-ins.

3. Why we hold it

To run your account and the community features you use (legitimate interest / contract), to defend the service against abuse (legitimate interest), and to comply with applicable law.

4. Who can see what

Your profile and content are visible to other members of the communities you join. Direct messages are visible only to the participants. We do not sell personal data and do not run third-party advertising on the service.

5. Retention

Account data is retained while your account exists. When you delete your account, your data is removed (see Article 17 below). Backups roll off on the standard backup retention schedule.

6. Your rights (UK GDPR / GDPR)

• Access (Article 15): download a JSON copy of your data at Settings → Account.
• Erasure (Article 17): delete your account at the same page. This is irreversible.
• Rectification: edit your profile from Settings → Profile.
• Objection / restriction: write to us at the contact email below.
• Complain: you can lodge a complaint with your data protection authority.

7. Cookies

We use a small number of strictly necessary cookies — session and CSRF. See the cookie notice for the list.

8. Contact

For privacy questions, email privacy@meritwork.example. (Replace before launch.)