Privacy Policy

Your privacy matters to us. Stringerfy is committed to protecting the personal data of every user on our platform.

Effective date: 16 February 2026

Last updated: 16 February 2026

On this page

  1. Who we are
  2. What data we collect
  3. How we collect your data
  4. How we use your data
  5. Who we share data with
  6. International data transfers
  7. Data retention
  8. Cookies
  9. Your rights under UK GDPR
  10. Security
  11. Children’s privacy
  12. Changes to this policy
  13. Contact us and how to complain

1. Who we are

Stringerfy and stringerfy.com are trading names of Imagine Productions Ltd, a company registered in England and Wales under company number 14684338.

Registered office: 82a James Carter Road, Mildenhall, IP28 7DE.

Imagine Productions Ltd is the data controller responsible for your personal data. If you have any questions about this policy or how we handle your data, you can contact us at info@stringerfy.com.

Stringerfy is a multi-tenant platform, which means each organisation on the platform has its own isolated data environment. Your organisation's data is kept completely separate from other organisations at the database level.

This policy applies to all users of the Stringerfy platform, including company administrators, staff members, and freelancers. It explains how we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What data we collect

We collect and process the following categories of personal data:

Account data

Collected via our authentication provider, Clerk:

  • Name and email address
  • Profile image
  • Organisation name and your membership role
  • System identifiers (user ID, organisation ID) used internally to manage your account

Freelancer profile data

Entered directly by freelancers when completing their profile:

  • Bio, areas of expertise, location, country
  • Phone number
  • Portfolio URL, CV URL, ID document URL
  • Banking details: bank name, account number, IBAN, SWIFT/BIC code, preferred currency

Workflow and assignment data

Generated through your use of the platform:

  • Assignment details: titles, descriptions, content types, deadlines
  • Task unique identifiers (TUI)
  • Submission notes and file URL references
  • Approval decisions and feedback
  • Assignment event history and audit trail

Financial data

  • Contract amounts and currencies
  • Payment records (amounts, status, dates)
  • Cost centre allocations and budgets

Communication data

  • In-app notification content
  • Contact form submissions (name, email, company, message, enquiry type)

Technical data

Collected automatically when you use the platform:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and time spent
  • Referral source

Cookies and similar technologies

  • Clerk session cookies (essential for authentication)
  • Theme preference (functional \u2014 stores your light or dark mode choice)

We do not currently use analytics or advertising cookies. See Section 8 for more details.

We do not collect or process special categories of personal data (such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data).

3. How we collect your data

We collect personal data in the following ways:

Directly from you

When you create an account, complete your freelancer profile, submit work, create assignments, manage payments, or contact us via the contact form.

From your organisation

When your company administrator invites you to the platform. Invitations are sent via Clerk's invitation system and include your email address and intended role.

Automatically

Technical data is collected automatically when you use the platform, including standard web server logs and session management via Clerk.

From third-party services

Authentication data is provided by Clerk, our identity provider, when you sign in or create an account.

4. How we use your data

We only process your personal data when we have a lawful basis to do so. The table below sets out our purposes for processing and the corresponding legal basis under UK GDPR.

Providing and maintaining the platform

Performance of a contract with you (Article 6(1)(b))

Managing your account and authentication

Performance of a contract with you (Article 6(1)(b))

Processing assignments and submissions

Performance of a contract with you (Article 6(1)(b))

Processing payments to freelancers

Performance of a contract with you (Article 6(1)(b))

Sending in-app notifications about your assignments and payments

Performance of a contract with you (Article 6(1)(b))

Ensuring data isolation between organisations on the platform

Performance of a contract and our legitimate interest in maintaining platform security (Articles 6(1)(b) and 6(1)(f))

Responding to your enquiries submitted via the contact form

Our legitimate interest in communicating with prospective and existing users (Article 6(1)(f))

Improving the platform and fixing bugs

Our legitimate interest in improving our services (Article 6(1)(f))

Complying with legal and regulatory obligations (e.g. tax record-keeping)

Legal obligation (Article 6(1)(c))

Protecting against fraud, abuse, and security threats

Our legitimate interest in maintaining a secure platform (Article 6(1)(f))

5. Who we share data with

We do not sell your personal data to anyone. We share data only with the following parties, and only to the extent necessary:

Clerk (authentication provider)

Processes your account data, session management, and invitation emails. Clerk is a US-based provider; data transfers are protected by appropriate safeguards (see Section 6).

Members of your organisation

Within the multi-tenant platform, administrators and staff members in your organisation can see data relevant to their role. For example, assignment managers can view freelancer names and submissions. Each organisation's data is isolated from every other organisation at the database level.

Hosting and infrastructure providers

Our database and application are hosted on cloud infrastructure. These providers process data on our behalf under data processing agreements.

Payment processors (planned)

We plan to integrate Stripe for payment processing. When active, Stripe will process payment data directly and will be subject to its own privacy policy. We will update this section when the integration is live.

File storage providers (planned)

We plan to integrate AWS S3 for file storage. When active, uploaded files will be stored securely on AWS infrastructure. We will update this section when the integration is live.

Legal and regulatory authorities

We may disclose your data if required to do so by law, court order, or regulatory obligation, or to protect the rights, property, or safety of Stringerfy, our users, or others.

6. International data transfers

Our authentication provider, Clerk, is based in the United States. When your account data is processed by Clerk, it may be transferred outside the UK. These transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) and/or the UK International Data Transfer Agreement (IDTA), as required by UK GDPR.

Our hosting infrastructure may involve data centres located outside the UK. Where this is the case, appropriate safeguards are in place to ensure your data is protected to the standard required by UK data protection law.

When additional third-party services are integrated (such as Stripe and AWS), their data transfer mechanisms and safeguards will be documented in this section.

7. Data retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our retention periods are as follows:

Account data

Retained while your account is active. Deleted within 30 days of an account deletion request.

Freelancer profile data

Retained while your account is active. You can update or remove your banking details at any time via your profile.

Assignment and workflow data

Retained for the duration of the organisation’s subscription, plus 6 years after contract termination (for legal and accounting obligations).

Payment records

Retained for 6 years after the relevant tax year, as required by HMRC.

Contact form submissions

Retained for 12 months, then deleted.

Technical logs

Retained for 90 days.

Assignment audit trail

Retained alongside assignment data for accountability and compliance.

8. Cookies

We use a minimal number of cookies and similar technologies, all of which are necessary for the platform to function:

Essential cookies

Clerk session cookies are required for authentication. These cookies keep you signed in and cannot be disabled, as the platform cannot function without them.

Functional storage

Your theme preference (light or dark mode) is stored in your browser's local storage. This is not technically a cookie, but we disclose it here for transparency.

Analytics and advertising

We do not currently use any analytics, tracking, or advertising cookies. If we introduce analytics tools in the future, we will update this section and implement an appropriate cookie consent mechanism before they are deployed.

9. Your rights under UK GDPR

Under the UK General Data Protection Regulation, you have the following rights in relation to your personal data:

Right of access (Article 15)

You can request a copy of the personal data we hold about you.

Right to rectification (Article 16)

You can request that we correct any inaccurate or incomplete data. Freelancers can also update their profile directly via the platform.

Right to erasure (Article 17)

You can request that we delete your personal data, subject to any legal retention requirements that may apply.

Right to restrict processing (Article 18)

You can request that we limit how we process your data in certain circumstances.

Right to data portability (Article 20)

You can request to receive your personal data in a structured, commonly used, and machine-readable format.

Right to object (Article 21)

You can object to our processing of your data where we rely on legitimate interest as the legal basis.

Rights related to automated decision-making (Article 22)

Stringerfy does not currently use automated decision-making or profiling that produces legal effects or similarly significant effects on you.

To exercise any of these rights, please email us at info@stringerfy.com. We will respond to your request within one calendar month, as required by UK GDPR. In exceptional cases, we may extend this by a further two months, and we will inform you if this is necessary.

There is no fee for exercising your rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive, or we may refuse to act on it.

10. Security

We take the security of your personal data seriously. The measures we have in place include:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.
  • Authentication security: Account authentication is handled by Clerk, which implements industry-standard security practices including secure session management and token handling.
  • Multi-tenant data isolation: Each organisation's data is isolated at the database query layer, preventing any cross-tenant access.
  • Role-based access control: Access to data within each organisation is restricted based on user roles, so users can only see and act on data relevant to their responsibilities.
  • Sensitive data handling: Banking details are stored securely in the database. When our Stripe integration is complete, sensitive payment card data will be handled directly by Stripe and will not be stored on Stringerfy servers.

While no system can guarantee absolute security, we continuously review and improve our security practices to protect your data.

11. Children's privacy

Stringerfy is a business-to-business platform and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children.

If you believe that a child has provided personal data to us, please contact us at info@stringerfy.com and we will take steps to delete the data promptly.

12. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

If we make material changes, we will notify you through the platform (via an in-app notification or email). The “Last updated” date at the top of this page will be revised with each update.

We encourage you to review this policy periodically. Your continued use of Stringerfy after any changes constitutes your acceptance of the updated policy.

13. Contact us and how to complain

If you have any questions about this privacy policy, or if you wish to exercise any of your rights, please contact us:

Email: info@stringerfy.com

Post: Imagine Productions Ltd, 82a James Carter Road, Mildenhall, IP28 7DE

Company number: 14684338

We would always prefer to resolve any concerns you have directly. However, if you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

Website: ico.org.uk

Helpline: 0303 123 1113

Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Questions about your privacy?

We're here to help. Get in touch with our team and we'll respond within 24 hours.

Contact Us