Privacy

Privacy Policy

How VETT Work collects, uses, and protects your personal data. All data is hosted on EU-based infrastructure. We do not sell your data. Ever.

Effective: 1 June 2026 Version: 1.0 Contact: contact@getvett.org

1. Overview

VETT Work takes privacy seriously. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights in relation to that data. It applies to all users of the getvett.org platform, including Providers, Clients, and visitors.

VETT Work operates as the data controller for personal data processed through the Platform. All data is hosted on EU-based infrastructure. Where users are located in the European Union, this policy is designed to comply with the GDPR. For US users, it is designed to comply with applicable US privacy laws including CCPA where applicable.

2. Data We Collect

Account Data

When you create an account we collect: full name, email address, password (stored as a bcrypt hash, never plaintext), professional title, location (optional), website URL (optional), service type selections, and profile slug.

Project and Verification Data

When Providers submit projects, we collect: project title, type, description, deliverables, timeline, project value range, claimed outcomes, and before/after metrics. We also collect the client's name, company name, and work email address to send the verification request.

When Clients submit verification responses, we collect: their name, verified work email, verification responses, star ratings, testimonial quotes if provided, and any dispute flags and notes.

Usage Data

We automatically collect: IP address (anonymised after 30 days), browser type, device type, pages visited, timestamps, and referring URLs. Used solely for Platform operation and aggregate analytics.

Payment Data

Payment processing is handled entirely by Stripe, Inc. VETT Work does not collect, store, or process payment card information. We receive only a Stripe customer identifier, subscription status, and billing history.

Communications

We retain records of support communications for up to 2 years to enable dispute resolution and Platform improvement.

3. Legal Basis for Processing (GDPR)

  • Contract performance — Processing necessary to provide the Platform services you have requested
  • Legitimate interests — Fraud prevention, Platform security, product improvement, and aggregate analytics where our interests do not override your fundamental rights
  • Consent — Optional communications such as marketing emails, where you have explicitly opted in
  • Legal obligation — Processing required to comply with applicable laws

4. How We Use Your Data

  • Create and manage your VETT Work account
  • Process and deliver verification requests between Providers and Clients
  • Generate and display Verified Proof Badges and public verified records
  • Send transactional emails including verification requests, reminders, and account notifications
  • Provide customer support and resolve disputes
  • Detect and prevent fraud, abuse, and security incidents
  • Improve and develop the Platform through anonymised usage analysis
  • Comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising targeting. We do not use your data to train AI models without your explicit consent.

5. Data Sharing

We share personal data only with the following recipients and only to the extent necessary:

  • Stripe, Inc. — Payment processing (stripe.com/privacy)
  • Resend — Transactional email delivery
  • Cloudinary — File storage for avatars and logos uploaded to the Platform
  • Railway / Hetzner — Hosting of Platform servers and databases within the EU
  • Law enforcement — Where required by law, court order, or to protect safety

All third-party providers are bound by data processing agreements requiring them to protect your data in accordance with applicable privacy law.

6. Data Retention

  • Account data — Duration of account plus 2 years following deletion
  • Verified records — Retained indefinitely by default. Either party may request deletion
  • Usage and technical data — IP addresses anonymised after 30 days. Logs retained 12 months
  • Payment data — Billing history references retained 7 years for accounting
  • Support communications — Retained 2 years

7. Your Rights

Depending on your location, you have the following rights. Contact contact@getvett.org to exercise any of them. We will respond within 30 days.

Access

Request a copy of all personal data we hold about you

Rectification

Request correction of inaccurate personal data

Erasure

Request deletion, subject to legal retention requirements

Portability

Request your data in a machine-readable format

Object

Object to processing based on legitimate interests

Restrict

Request limits on how we use your data

Withdraw consent

Withdraw consent for consent-based processing at any time

Lodge complaint

File a complaint with your local data protection authority

8. Data Security

  • All data encrypted in transit using TLS 1.2 or higher
  • All data encrypted at rest on EU-based hosting infrastructure
  • Passwords stored as bcrypt hashes, never in plaintext
  • Access to production systems limited to authorised personnel only
  • Regular security reviews as the Platform scales

9. International Data Transfers

All VETT Work servers and databases are located within the European Union. Where sub-processors are located outside the EU, transfers are made under Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Children and Minors

The Platform is available to users aged 16 and over. We do not knowingly collect personal data from anyone under 16. If you believe a minor has provided personal data without parental consent, contact contact@getvett.org and we will delete the relevant data.

11. Contact

For all privacy-related enquiries, including requests to exercise your rights, contact contact@getvett.org.

Last updated: 1 June 2026 | Version 1.0

12. Advertising Platforms

When you consent to advertising cookies, VETT Work shares data with the following platforms for advertising and measurement purposes. Each platform processes this data under their own privacy policy. All transfers to US-based platforms are made under Standard Contractual Clauses.

  • Google LLC — Conversion tracking, page visits, hashed email for Customer Match. Privacy Policy
  • Meta Platforms, Inc. — Page visits, lead events, hashed email for custom audiences. Privacy Policy
  • TikTok Inc. — Page visits, signup conversion events. Privacy Policy
  • LinkedIn Corporation — Page visits, conversion reporting, member demographics for logged-in users. Privacy Policy

You can withdraw advertising consent at any time via the cookie preference centre in the Platform footer. Withdrawal stops future data transmission but does not affect data already sent to these platforms.

Last updated: 1 June 2026 | Version 1.1