1. Introduction
Prilet ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your personal information when you use our platform, websites, and services (collectively, the "Service"). By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.
This policy applies to all users of the Service, including Hiring Companies, Consulting Companies, individual consultants, and visitors to our website. If you are using the Service on behalf of an organization, this policy applies to the personal information of individuals within that organization.
2. Information We Collect
2.1 Information You Provide Directly
We collect information that you voluntarily provide when using the Service, including:
- Account Information — Name, email address, password, phone number, and company affiliation
- Company Information — Company name, address, industry, company type (hiring or consulting), and business registration details
- Profile and Resume Data — Professional experience, skills and proficiency levels, certifications, education, availability, hourly rates, and payment term preferences
- Financial Information — Billing addresses and payment method preferences. Consulting Companies create their own Stripe Standard accounts and provide bank account details and identity verification information directly to Stripe, not to Prilet. Prilet does not store full bank account numbers or sensitive financial credentials.
- Assignment Details — Terms of service assignments between parties, including rates, payment terms, start/end dates, and hours worked
- Communications — Messages, feedback (Diamonds and comments), contact form submissions, and support inquiries
- Profile Sharing Data — Information shared when you send consultant profiles to third parties via the Platform's sharing features
2.2 Information Collected Automatically
When you access or use the Service, we automatically collect certain information, including:
- Device and Browser Information — IP address, browser type and version, operating system, device type, and unique device identifiers
- Usage Data — Pages viewed, features used, search queries, click patterns, time spent on pages, and navigation paths
- Log Data — Server logs that record requests made to our servers, including timestamps, referring URLs, and error information
- Session Information — Authentication tokens, session identifiers, and login history
2.3 Information from Third Parties
We may receive information about you from third-party sources, including:
- Payment Processor — Transaction status, payment confirmations, payout statuses, and identity verification results
- Other Users — Information provided by other users about you, such as when a company administrator adds you to their organization or when another user gives you Diamonds
3. How We Use Your Information
3.1 Providing and Operating the Service
- Creating and managing your account
- Facilitating the discovery of consultants by Hiring Companies
- Enabling the creation and management of assignments between parties
- Processing invoices, payments, and payouts
- Managing subcontracting arrangements
- Displaying consultant profiles and availability to relevant users
3.2 Communications
- Sending transactional emails (assignment notifications, invoice alerts, payment confirmations)
- Delivering payment reminders and billing summaries
- Responding to your support requests and inquiries
- Notifying you of changes to the Service, Terms, or this Privacy Policy
3.3 Improving the Service
- Analyzing usage patterns to improve features and user experience
- Identifying and fixing bugs, errors, and performance issues
- Developing new features and functionality
- Conducting internal research and analytics
3.4 Security and Compliance
- Detecting, preventing, and addressing fraud, abuse, and security threats
- Enforcing our Terms of Service and other policies
- Complying with legal obligations, including tax reporting and regulatory requirements
- Responding to lawful requests from government authorities
4. Legal Basis for Processing
If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions that require a legal basis for processing personal data, we rely on the following bases:
- Performance of a Contract — Processing necessary to fulfill our obligations under our Terms of Service, including account management, payment processing, and assignment facilitation
- Legitimate Interests — Processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring platform security, provided these interests are not overridden by your rights
- Legal Obligation — Processing necessary to comply with applicable laws, regulations, and legal processes
- Consent — Where required by law, we process your data based on your consent, which you may withdraw at any time
5. Information Sharing and Disclosure
We do not sell your personal information. We share your information only in the following circumstances:
5.1 With Other Platform Users
Certain information is shared between users to facilitate the core functionality of the Platform:
- Consultant profiles (skills, availability, rates, and professional experience) are visible to Hiring Companies when searching for talent
- Company information is shared between parties when entering into assignments
- Contact information may be shared between parties to an active assignment as necessary
- Diamonds and associated comments are visible to relevant parties
5.2 With Service Providers
We share information with third-party service providers who assist us in operating the Service, including:
- Payment Processing (Stripe) — Prilet uses Stripe Connect with Standard accounts. Consulting Companies have their own Stripe accounts and provide financial information (bank details, identity verification) directly to Stripe. Stripe processes payments, manages payouts, and handles compliance independently. Prilet shares invoice and transaction data with Stripe to facilitate payments but does not control Consulting Company Stripe accounts or payout settings.
- Email Delivery — Email service providers receive email addresses and message content to deliver transactional and service-related emails
- Hosting and Infrastructure — Cloud hosting providers that store and process data on our behalf
- Analytics — Analytics providers that help us understand how the Service is used (data is aggregated and anonymized where possible)
Service providers other than Stripe are contractually obligated to use your information only for the purposes of providing services to Prilet and to maintain appropriate security measures. Stripe operates under its own terms and privacy policy, which govern its handling of your data. Consulting Companies with Stripe Standard accounts have a direct relationship with Stripe and should review Stripe’s Privacy Policy.
5.3 For Legal Reasons
We may disclose your information if required to do so by law or if we believe in good faith that such disclosure is necessary to:
- Comply with a legal obligation, subpoena, court order, or governmental request
- Protect and defend the rights, property, or safety of Prilet, our users, or the public
- Detect, prevent, or address fraud, security issues, or technical problems
- Enforce our Terms of Service
5.4 Business Transfers
If Prilet is involved in a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.
6. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with the Service. We may also retain and use your information as necessary to:
- Comply with legal and regulatory obligations (e.g., tax records, financial reporting)
- Resolve disputes and enforce our assignments
- Maintain business records for a reasonable period
- Prevent fraud and abuse
Financial records related to invoices, payments, and assignments are retained for a minimum of seven (7) years in accordance with applicable tax and accounting regulations. After your account is closed, non-essential personal information is deleted or anonymized within a reasonable timeframe, typically within ninety (90) days, unless a longer retention period is required by law.
7. Data Security
We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit using TLS/SSL
- Encryption of sensitive data at rest
- Secure password hashing and storage
- Regular security assessments and monitoring
- Access controls that limit employee access to personal information on a need-to-know basis
- Secure handling of payment information through PCI-compliant third-party processors (Prilet does not store full credit card numbers or bank account details)
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security, and you use the Service at your own risk.
8. Your Rights and Choices
Depending on your jurisdiction, you may have certain rights regarding your personal information:
8.1 General Rights (All Users)
- Access — Request a copy of the personal information we hold about you
- Correction — Request correction of inaccurate or incomplete personal information. You can update most information directly through your account settings
- Deletion — Request deletion of your personal information, subject to our legal obligations and legitimate business needs for data retention
- Data Portability — Request an export of your data in a commonly used, machine-readable format
- Withdraw Consent — Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing
8.2 EEA and UK Residents (GDPR)
If you are located in the European Economic Area or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR), including:
- Restriction of Processing — Request that we limit the processing of your personal information under certain circumstances
- Object to Processing — Object to processing based on legitimate interests or for direct marketing purposes
- Lodge a Complaint — File a complaint with your local data protection authority if you believe your rights have been violated
8.3 California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:
- Right to Know — Request information about the categories and specific pieces of personal information we have collected, the sources of collection, the business purposes for collection, and the categories of third parties with whom we share it
- Right to Delete — Request deletion of your personal information, subject to certain exceptions
- Right to Non-Discrimination — We will not discriminate against you for exercising your privacy rights
- Do Not Sell — We do not sell your personal information. We do not use your personal information for cross-context behavioral advertising
8.4 Exercising Your Rights
To exercise any of these rights, please contact us or email us at support@prilet.com. We will respond to your request within the timeframe required by applicable law (typically within 30 days). We may need to verify your identity before processing certain requests.
9. Cookies and Tracking Technologies
9.1 What We Use
We use the following types of cookies and similar technologies:
- Essential Cookies — Required for the Service to function properly, including session management, authentication, and security. These cannot be disabled
- Functional Cookies — Remember your preferences and settings (such as language or display preferences) to enhance your experience
- Analytics Cookies — Help us understand how users interact with the Service, which pages are visited most, and how the Service performs. This data is used to improve the Service
9.2 Managing Cookies
Most web browsers allow you to control cookies through their settings. You can typically set your browser to refuse all cookies, accept only certain cookies, or notify you when a cookie is set. Please note that disabling essential cookies may prevent you from using certain features of the Service. For more information about managing cookies, visit your browser's help documentation.
10. International Data Transfers
Prilet is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.
If you are located in the EEA, UK, or Switzerland, we ensure that transfers of personal data are made in accordance with applicable law, using appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, or other legally recognized transfer mechanisms.
11. Children's Privacy
The Service is not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a child, please contact us immediately.
12. Third-Party Links and Services
The Service may contain links to third-party websites or services that are not owned or controlled by Prilet. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through our Platform. We are not responsible for the privacy practices or content of third-party services.
13. Data Breach Notification
In the event of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities as required by law. Notification will be provided without undue delay and will include a description of the breach, the types of information involved, the measures taken to address the breach, and steps you can take to protect yourself.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Notify you via email or through a prominent notice on the Platform
- Where required by law, obtain your consent before implementing material changes that affect how we process your personal information
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us:
We aim to respond to all privacy-related inquiries within thirty (30) days.