Back to Legal Centre

Legal Centre

Privacy Policy

How deployed.works collects, uses, shares, secures and retains personal data under UK data protection principles.

Last updated: 25 June 2026

1. Who we are

The operator of deployed.works is responsible for the Platform.

For privacy questions, contact: privacy@deployed.works

If a formal company entity is appointed or changed, this policy should be updated with its full legal details before launch.

2. What this policy covers

This policy covers personal data processed when you use deployed.works, create an account, browse the Platform, contact us, or interact with Capability Providers or Capability Consumers through the Platform.

Platform means deployed.works.

Capability Provider means an individual or organisation offering professional capability through the Platform.

Capability Consumer means an individual or organisation seeking capability through the Platform.

3. Data we may collect

We may collect:

  • account details, such as name, email address, password hash, role and account status;
  • profile details, such as skills, experience, location, availability, rates, sectors, company details and links;
  • marketplace activity, such as briefs, applications, saved items, messages, status changes and admin actions;
  • communications with us, including support requests and abuse reports;
  • security data, such as IP address, device information, login events, MFA status and audit logs;
  • payment and billing data, where paid services are used;
  • cookie and analytics data, where allowed and enabled.

We do not intentionally collect special category data unless a User chooses to include it. Users should avoid adding sensitive personal data unless it is necessary and lawful.

4. How we use data

We use personal data to:

  • create and manage accounts;
  • operate profiles, briefs, applications and marketplace features;
  • help Capability Consumers and Capability Providers find relevant opportunities or capability;
  • provide support and respond to messages;
  • prevent fraud, spam, abuse and security incidents;
  • administer subscriptions, payments and invoices where applicable;
  • improve the Platform and understand usage;
  • comply with legal obligations and enforce our terms.

5. Lawful basis

Depending on the context, we may rely on:

  • Contract: to provide the Platform and account features requested by Users.
  • Legitimate interests: to operate, improve, secure and protect the Platform, and to prevent misuse.
  • Consent: for optional cookies, marketing communications or optional features where consent is required.
  • Legal obligation: where we must keep records, respond to lawful requests or comply with applicable law.

Where we rely on legitimate interests, we will consider the impact on Users and avoid using data in ways they would not reasonably expect.

6. Sharing data

We may share data with:

  • other Users where needed for marketplace features, such as profiles, briefs, applications and communications;
  • service providers who help host, secure, monitor, email, analyse or operate the Platform;
  • payment providers such as Stripe where payment features are used;
  • professional advisers, insurers or authorities where necessary;
  • a buyer or successor if the Platform or business is reorganised, sold or transferred.

We do not sell personal data.

7. Stripe and payments

If we use Stripe or another payment provider, payment information may be processed directly by that provider.

We should avoid storing full card details on the Platform. Payment providers may provide us with limited billing information, such as customer ID, subscription status, invoice status, billing email and transaction reference.

Users should also read the relevant payment provider's privacy notice.

8. Cookies and analytics

We use essential cookies for authentication, security and Platform operation.

We may use analytics or preference cookies where enabled. Non-essential cookies should only be used where consent is collected where required.

More detail is in the Cookie Policy.

9. Retention

We keep personal data only for as long as needed for the purposes described in this policy.

Typical retention periods should be reviewed before production launch. As a starting point:

  • account data is kept while the account is active;
  • audit and security logs may be kept for a limited period to protect the Platform;
  • billing records may be kept where needed for tax, accounting or legal purposes;
  • deleted or inactive account data may be retained for a reasonable period for backup, legal, fraud prevention or dispute purposes.

10. Security

We use technical and organisational measures intended to protect personal data, including authentication, access controls, encrypted connections where deployed, audit logs and backups.

No online service can be made completely secure. Users should use strong passwords and enable MFA where available.

11. International transfers

Some service providers may process data outside the UK.

Where that happens, we should use appropriate safeguards where required, such as adequacy regulations or approved contractual protections.

This section should be reviewed when production suppliers are finalised.

12. Your rights

Depending on the situation, you may have rights to:

  • access your personal data;
  • correct inaccurate data;
  • delete data;
  • restrict processing;
  • object to processing;
  • receive data in a portable format;
  • withdraw consent where processing is based on consent;
  • complain to the UK Information Commissioner's Office.

Marketplace account Users can use Settings > Privacy & Data to:

  • download a JSON copy of their account data;
  • request a formal export;
  • request account deletion;
  • view privacy request history.

Public website visitors can use /privacy to request export or deletion of newsletter, newsroom or contact-form data. Newsletter deletion requests may remove the subscription record immediately.

You can also contact: privacy@deployed.works

We may need to verify your identity before responding.

When an account deletion request is completed, marketplace account records and linked profile, brief, application, contact request, conversation and billing rows are removed through the platform deletion process. This does not necessarily mean every operational record disappears. For example, security, fraud-prevention or audit records may be retained where there is a lawful reason. Where appropriate, personal identifiers should be removed or minimised.

13. Children

The Platform is not intended for children. Users must be at least 18 years old.

14. Changes

We may update this policy as the Platform, suppliers or legal requirements change.

Material updates should be clearly signposted.