1. INTRODUCTION

FREYALUV (“we,” “us,” “our,” or “Platform”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

This Privacy Policy applies to all users of our Platform, including Clients, Freelancers, and visitors. By using our Platform, you consent to the data practices described in this policy.

In compliance with:

  • Singapore’s Personal Data Protection Act 2012 (PDPA)
  • The European Union’s General Data Protection Regulation (“GDPR”) where applicable
  • Other applicable international data protection laws

If you do not agree with this Privacy Policy, please do not use our Platform.

2. INFORMATION WE COLLECT

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide when registering or using our Platform.

Client Account / Registration:

  • Name
  • Company and Address
  • Position/Title / Team / Department Division
  • Email Address
  • Phone number
  • Country/region

For Clients:

  • Company name and business information
  • Billing address
  • Payment card information (processed by third-party payment processors)
  • Tax information if required

Project and Communication Data:

  • Project descriptions, requirements, and specifications
  • Messages and communications through the Platform
  • Files, documents, and deliverables uploaded or shared
  • Reviews, ratings, and feedback
  • Dispute and support ticket information

Voluntary Information:

  • Survey responses
  • Contest or promotion entries
  • Newsletter preferences
  • Marketing communication preferences

2.2 Information Collected Automatically

When you access our Platform, we automatically collect:

Device and Usage Information:

  • IP address
  • Browser type and version
  • Operating system
  • Device identifiers
  • Screen resolution
  • Language
  • Time zone setting

Activity Data:

  • Pages viewed and features used
  • Time and date of visits
  • Duration of sessions
  • Clickstream data

Google Analytics Data:

We use Google Analytics to analyze Platform usage. Google Analytics collects:

  • User demographics and interests
  • Geographic location (city/country level)
  • Session behavior and engagement metrics
  • Traffic sources and acquisition channels
  • Conversion tracking and goal completions
  • Device category and browser information

Google Analytics uses cookies and similar technologies. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on available at https://tools.google.com/dlpage/gaoptout

2.3 Information from Third-Party Sources

We may receive information about you from:

Payment Processors:

  • Transaction verification data
  • Payment method details
  • Fraud detection information

Social Media Platforms:

  • If you connect your account to social media, we may receive profile information, email address, and friends list (subject to your privacy settings)

Identity Verification Services:

  • Verification status and fraud risk assessment
  • Background check results (with your consent)

Marketing and Analytics Providers:

  • Aggregated demographic and interest data
  • Website interaction data from advertising networks

2.4 Sensitive Personal Data

We generally do not collect sensitive personal data (such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data). If such data is inadvertently collected, we will delete it or obtain your explicit consent for processing.

3. HOW WE USE YOUR INFORMATION

3.1 Purposes of Processing

We use your personal information for the following purposes:

Platform Operation and Service Delivery:

  • Creating and managing your account
  • Facilitating connections between Clients and Freelancers
  • Processing transactions and payments
  • Sending service-related notifications and updates
  • Managing projects, contracts, and deliverables

Platform Improvement and Personalization:

  • Analyzing user behavior and Platform performance
  • Conducting research and development
  • Testing new features and functionality
  • Personalizing your experience and content
  • Providing relevant search results and recommendations

Communication and Marketing:

  • Sending newsletters and promotional content (with consent)
  • Notifying you about Platform updates, features, and offers
  • Conducting surveys and requesting feedback
  • Marketing our services to you based on your interests

Security and Fraud Prevention:

  • Detecting and preventing fraud, abuse, and security incidents
  • Verifying identity and preventing unauthorized access
  • Investigating violations of our Terms and Conditions
  • Complying with legal obligations and responding to legal requests

Analytics and Advertising:

  • Using Google Analytics to understand user demographics and behavior
  • Measuring effectiveness of marketing campaigns
  • Displaying targeted advertisements on third-party platforms
  • Creating aggregated, anonymized analytics

Legal Compliance:

  • Complying with applicable laws, regulations, and legal processes
  • Enforcing our agreements and policies
  • Protecting our rights, property, and safety
  • Fulfilling tax and regulatory reporting obligations

3.2 Legal Basis for Processing (GDPR)

For users in the European Economic Area, our legal bases for processing include:

  • Consent: When you have given explicit consent for specific purposes
  • Contract Performance: Processing necessary to fulfill our contract with you
  • Legal Obligation: Processing required by law
  • Legitimate Interests: Processing necessary for our legitimate business interests (balanced against your rights)
  • Vital Interests: Processing necessary to protect life or physical safety

4. EMAIL MARKETING AND SUBSCRIPTIONS

4.1 Email Communications

We use email subscription services to communicate with you.

Transactional Emails (Non-Marketing):

  • Account verification and password resets
  • Project notifications and updates
  • Payment confirmations and invoices
  • Security alerts and important Platform changes
  • Customer support responses

You cannot opt out of transactional emails as they are essential to Platform operation.

Marketing Emails (Promotional):

  • Newsletters with Platform updates and tips
  • New feature announcements
  • Special offers and promotions
  • Educational content and resources
  • Event invitations and webinars

4.2 Email Service Provider

We use an Email Service Provider (e.g., Mailchimp, SendGrid, etc.) to manage our email communications. When you subscribe to our emails, the following information is shared with our email service provider:

  • Email address
  • Name
  • User type (Client/Customer)
  • Subscription preferences
  • Email engagement data (opens, clicks, bounces)

Our email service provider processes this data in accordance with their privacy policy and applicable data protection laws.

4.3 Subscription Management

How to Subscribe:

  • During account registration (by checking the subscription box)
  • Through your account settings
  • Via subscription forms on our website
  • By requesting newsletter subscription via email

How to Unsubscribe:

  • Click the “Unsubscribe” link in any marketing email
  • Update your email preferences in account settings
  • Contact us to opt out
  • Reply to any marketing email with “UNSUBSCRIBE”

We will process unsubscribe requests within 10 business days. You may still receive transactional emails after opting out of marketing communications.

4.4 Email Tracking

Our emails may contain tracking pixels that collect:

  • Email open rates
  • Link click activity
  • Device and email client information
  • General geographic area

This information is used to personalize email content and measure campaign effectiveness. You can disable tracking by disabling images in your email client.

5. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information to third parties. We share your information only in the following circumstances:

5.1 With Other Platform Users

Public Profile Information:

  • Freelancers: Name, profile photo, skills, rates, reviews, and professional information are visible to potential Clients
  • Clients: Name, profile photo, company information, and reviews may be visible

Project-Related Sharing:

  • When you engage in a project, necessary information is shared with the other party
  • Messages and files exchanged during projects are visible to both parties

5.2 Service Providers and Business Partners

We share information with third-party service providers who perform services on our behalf:

Payment Processors:

  • Examples: PayPal, PayNow, etc.
  • Purpose: Processing payments and detecting fraud
  • Data Shared: Payment information, transaction details, billing address

Cloud Hosting and Storage:

  • Examples: Google Cloud, etc.
  • Purpose: Hosting Platform infrastructure and storing data
  • Data Shared: All Platform data necessary for operation

Email Service Providers:

  • Purpose: Sending transactional and marketing emails
  • Data Shared: Email address, name, subscription preferences, engagement data

Analytics Providers:

  • Google Analytics
  • Purpose: Website analytics and user behavior analysis
  • Data Shared: Anonymized user identifiers, device information, anonymized analytics data

Customer Support Tools:

  • Purpose: Providing customer service and support
  • Data Shared: Contact information, support chat history

Identity Verification Services:

  • Purpose: Verifying user identity and preventing fraud
  • Data Shared: Name, identification documents, verification status

Marketing and Advertising Platforms:

  • Examples: Facebook Ads, Google Ads, etc.
  • Purpose: Delivering targeted advertisements
  • Data Shared: Anonymized user identifiers, demographic data, interests

All service providers are contractually obligated to process data only for the specified purposes.

5.3 Legal Requirements and Protection

We may disclose your information when required by law or to:

  • Comply with legal process, court orders, or government requests
  • Enforce our Terms and Conditions and other agreements
  • Detect and prevent fraud, security incidents, or illegal activity
  • Protect the rights, property, or safety of the Platform, users, or the public
  • Respond to claims of intellectual property infringement

5.4 Business Transfers

If we are involved in a merger, acquisition, asset sale, bankruptcy, or similar business transaction, your information may be transferred as part of that transaction. You will be notified of any such change and your options regarding your information.

5.5 With Your Consent

We may share your information for other purposes with your explicit consent.

5.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you, for research, marketing, analytics, or other purposes.

6. DATA STORAGE AND INTERNATIONAL TRANSFERS

6.1 Data Storage Location

Your personal data is stored on secure servers located in specified regions (Europe, US, Singapore, United Kingdom) and in cloud hosting environments with appropriate security measures.

6.2 International Data Transfers

We operate internationally and may transfer your personal information to countries outside your country of residence, including countries that may not have the same data protection laws.

For Singapore Users: Under the PDPA, we ensure international transfers are protected through:

  • Contractual safeguards with data processors
  • Verification that recipient countries have adequate data protection laws
  • Your consent where required

For EU/EEA Users: Under GDPR, we ensure international transfers comply with:

  • European Commission adequacy decisions
  • Standard contractual clauses approved by the European Commission
  • Other approved transfer mechanisms

Transfer Safeguards: All international data transfers are protected by:

  • Written data processing agreements
  • Technical and organizational security measures
  • Contractual obligations to comply with applicable data protection laws, and regular security and compliance reviews

6.3 Data Retention Locations

Data may be processed and stored in the following regions as applicable to your use of the Platform.

7. DATA RETENTION

7.1 Retention Periods

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Active Accounts:

  • Account information: Retained while your account is active
  • Transaction history: Retained for 7 years for accounting and tax purposes
  • Communication records: Retained for 3 years for dispute resolution
  • Project files and deliverables: Retained for 2 years after completion

Closed Accounts:

  • Core account data: Deleted within 90 days of account closure
  • Financial records: Retained for 7 years to comply with tax and accounting laws
  • Legal and compliance records: Retained as required by law
  • Anonymized analytics data: May be retained indefinitely

Marketing Data:

  • Email subscription data: Retained until you unsubscribe
  • Marketing analytics: Retained for 3 years
  • Inactive subscribers: May be deleted after 36 months of inactivity

7.2 Data Deletion

After retention periods expire, we will:

  • Securely delete or anonymize your personal information
  • Remove data from active systems and backups
  • Retain only anonymized data that cannot identify you

7.3 Legal Holds

Data may be retained beyond normal retention periods when:

  • Required by law or legal proceedings
  • Subject to regulatory inquiries or audits
  • Relevant to ongoing disputes or investigations

8. DATA SECURITY

8.1 Security Measures

We implement comprehensive technical and organizational measures to protect your personal information.

Technical Safeguards:

  • Encryption in transit (TLS/SSL) and at rest (AES-256)
  • Secure password hashing (bcrypt or similar)
  • Regular security vulnerability assessments
  • Intrusion detection and prevention systems
  • Firewalls and network segmentation
  • Automated backup systems
  • Multi-factor authentication for high-privilege accounts

Organizational Safeguards:

  • Employee security training and awareness programs
  • Strict access controls based on need-to-know principle
  • Background checks for employees with data access
  • Confidentiality agreements with staff and contractors
  • Incident response and data breach procedures
  • Regular security audits and compliance reviews

Third-Party Security:

  • Vendor security assessments before engagement
  • Data processing agreements with security obligations
  • Regular monitoring of third-party security compliance
  • Use only reputable service providers

8.2 Your Security Responsibilities

You are responsible for:

  • Maintaining the confidentiality of your password
  • Using a strong, unique password
  • Not sharing your account credentials
  • Logging out after using shared devices
  • Reporting suspected security incidents promptly

8.3 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms:

  • We will notify affected users within 72 hours of discovery (as required by GDPR)
  • We will notify the relevant supervisory authority as required by law
  • We will take immediate steps to contain and remediate the breach
  • Notification will include the nature of the breach, potential consequences, and measures taken

8.4 Limitations

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. Use the Platform at your own risk.

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 What Are Cookies

Cookies are small text files stored on your device when you visit websites. We use cookies and similar technologies (web beacons, pixels, local storage) to enhance your experience and analyze Platform usage.

9.2 Types of Cookies We Use

Strictly Necessary Cookies:

  • Purpose: Enable basic Platform functionality
  • Examples: Session management, security features, authentication
  • Duration: Session or 24 hours
  • Can be disabled: No (Platform will not function properly)

Performance and Analytics Cookies:

  • Purpose: Analyze Platform performance and user behavior
  • Examples: Google Analytics, heatmaps, error tracking
  • Duration: Up to 2 years
  • Can be disabled: Yes (via cookie settings or browser)

Functionality Cookies:

  • Purpose: Remember your preferences and settings
  • Examples: Language preference, display settings, region selection
  • Duration: Up to 1 year
  • Can be disabled: Yes (preferences will not be saved)

Marketing and Advertising Cookies:

  • Purpose: Deliver tailored advertisements and measure campaign effectiveness
  • Examples: Facebook Pixel, Google Ads, etc.
  • Duration: Up to 2 years
  • Can be disabled: Yes (ads will be less relevant)

9.3 Third-Party Cookies

We use the following third-party cookies:

Google Analytics:

Other Third Parties (as applicable):

  • Facebook Pixel
  • Google Ads
  • LinkedIn Insight
  • Hotjar or similar analytics tools

9.4 Managing Cookies

Cookie Preference Center: Visit our cookie settings page to manage your cookie preferences. You can:

  • Accept or reject specific cookie categories
  • Withdraw consent at any time
  • View detailed information about each cookie

Browser Settings: Most browsers allow you to:

  • Block all cookies
  • Delete existing cookies
  • Receive warnings before cookies are stored
  • Manage cookie preferences

Consult your browser’s help section for instructions:

  • Chrome: Settings > Privacy and Security > Cookies
  • Firefox: Settings > Privacy & Security > Cookies
  • Safari: Preferences > Privacy > Cookies
  • Edge: Settings > Privacy > Cookies

Do Not Track: Some browsers support “Do Not Track” signals. Our Platform currently does not respond to DNT signals, but you can control tracking through cookie settings.

Impact of Disabling Cookies: Blocking cookies may affect Platform functionality:

  • You may need to log in each visit
  • Preferences and settings will not be saved
  • Some features may not work properly
  • Your experience may be less personalized

9.5 Mobile Device Identifiers

On mobile apps (if applicable), we may use device identifiers (IDFA on iOS, Advertising ID on Android) for similar purposes. You can reset or limit ad tracking in your device settings.

10. YOUR RIGHTS AND CHOICES

10.1 Rights Under Singapore PDPA

If you are in Singapore, you have the right to:

  • Access: Request access to your personal data we hold
  • Correction: Request correction of inaccurate or incomplete data
  • Withdrawal of Consent: Withdraw consent for data processing where consent is the legal basis
  • Data Portability: Request your data in a structured, machine-readable format (where technically feasible)

Limitations: These rights are subject to exceptions under the PDPA, such as where disclosure is required by law.

10.2 Rights Under GDPR (EU/EEA Users)

If you are in the European Economic Area, you have additional rights:

  • Right to Access: Obtain confirmation of whether we process your data and access to that data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data in certain circumstances
  • Right to Restriction: Restrict processing of your data in certain situations
  • Right to Data Portability: Receive your data in a portable format and transfer it to another controller
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

10.3 How to Exercise Your Rights

To exercise your privacy rights:

  • Online: Log in to your account and visit Settings > Privacy to manage your data
  • Email: Send a request to our contact address

Request Requirements:

  • Provide sufficient information to verify your identity
  • Specify which right(s) you wish to exercise
  • Describe the data or processing in question

Response Timeline:

  • We will respond to requests within 30 days (PDPA) or 1 month (GDPR)
  • We will verify your identity before processing requests
  • Complex requests may require up to 90 days with notification

Fees:

  • Requests are generally processed free of charge
  • We may charge a reasonable fee for excessive, repetitive, or manifestly unfounded requests

10.4 Account Deletion

To delete your account:

  • Contact us to initiate the process
  • Confirm your decision and complete required steps

Effect of Deletion:

  • Your account and profile will be permanently deleted
  • Personal data will be removed within 90 days
  • Some data may be retained as described in Section 7 (Data Retention)
  • Anonymized data may be retained for analytics

10.5 Marketing Opt-Out

Email Marketing:

  • Click “Unsubscribe” in any marketing email
  • Update preferences in account settings
  • Contact us to opt out

SMS/Text Messages (if applicable):

  • Reply “STOP” to any text message
  • Update preferences in account settings

Push Notifications:

  • Manage in your device settings or app settings

Interest-Based Advertising:

10.6 Accessing and Correcting Your Information

Self-Service Access:

  • Log in to view and edit your profile, account, and communication preferences
  • Download your transaction history and project data

Correction Requests:

  • Update information directly in your account settings
  • Contact support for corrections you cannot make yourself

11. CHILDREN’S PRIVACY

11.1 Age Restrictions

Our Platform is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16.

11.2 Parental Notice

If you are a parent or guardian and believe your child has provided us with personal information, please contact us. We will promptly investigate and delete such information.

11.3 Age Verification

We may implement age verification measures. If we discover that a user is under 16, we will:

  • Terminate the account immediately
  • Delete all personal information
  • Prevent future access to the Platform

12. THIRD-PARTY LINKS AND SERVICES

12.1 External Websites

Our Platform may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices of these external sites.

Third-Party Privacy Policies:

  • Review third-party data practices before providing information
  • Links do not imply endorsement or responsibility

12.2 Social Media Features

Our Platform may include social media features (e.g., Facebook Like button, Twitter share). These features may:

  • Collect your IP address and page activity
  • Set cookies to enable functionality
  • Be hosted by the social media platform

Your interactions with these features are governed by the privacy policy of the respective social media company.

12.3 Third-Party Integrations

If you connect third-party services to your account (e.g., cloud storage, project management tools):

  • Review the third party’s privacy policy
  • Understand what data will be shared
  • You can revoke access at any time through account settings

13. CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

13.1 Right to Know

Request disclosure of:

  • Categories of personal information collected
  • Sources of personal information
  • Business or commercial purposes for collection
  • Categories of third parties with whom we share information
  • Specific pieces of personal information we have collected

13.2 Right to Delete

Request deletion of your personal information, subject to certain exceptions.

13.3 Right to Opt-Out

We do not sell personal information. If our practices change, we will update this policy and provide an opt-out mechanism.

13.4 Right to Non-Discrimination

You have the right to not receive discriminatory treatment for exercising your CCPA rights.

13.5 Authorized Agents

You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization.

14. CHANGES TO THIS PRIVACY POLICY

14.1 Updates and Modifications

We may update this Privacy Policy from time to time to reflect:

  • Changes in our data practices
  • New features or services
  • Legal or regulatory requirements
  • Industry best practices

14.2 Notification of Changes

Material Changes: We will notify you of material changes through:

  • Email to your registered address (at least 30 days before changes take effect)
  • Prominent notice on the Platform
  • Pop-up notification upon next login

Non-Material Changes:

  • We will update the “Last Updated” date of this policy
  • Changes take effect immediately upon posting

14.3 Your Continued Use

Continued use of the Platform after changes become effective constitutes acceptance of the updated Privacy Policy. If you do not agree to changes, please discontinue use and delete your account.

15. CONTACT INFORMATION

15.1 Privacy Questions and Requests

For questions, concerns, or to exercise your privacy rights, please contact us via email.

Subject Line: “Privacy Request” or “Data Protection Inquiry”

15.2 Supervisory Authorities

Singapore: Personal Data Protection Commission (PDPC)

16. CONSENT AND ACKNOWLEDGMENT

By using our Platform, you acknowledge that:

  • You have read and understood this Privacy Policy
  • You consent to the collection, use, and disclosure of your personal information as described
  • You understand your rights regarding your personal information
  • You agree to receive communications as outlined in this policy

For processing activities requiring explicit consent, we will obtain consent separately through clear affirmative action.

Document Information

Version: 1.0