Privacy Policy
At AiLancerX, we value your trust. This Privacy Policy outlines exactly how we collect, use, and protect your data in accordance with the UK GDPR.
Contents
Data is encrypted at rest and in transit using industry-standard protocols.
We only process data you explicitly submit or sync via our extension.
You retain full control to resync or delete your data at any time.
1. Information We Collect
We collect information (“Notice to Individuals”) to provide better services. The data collection depends on how you use our services.
Information You Provide
- Account Data: Name, email address, physical address, phone number, and password (hashed).
- Profile Data: Bio, Skills, and Portfolio details for personalization.
- Payment Info: Processed via Stripe (PCI-DSS compliant) or bKash (Sender number, Transaction ID, and optional screenshots). We do not store full card numbers.
Automatically Collected
- Usage Data: Feature interactions and credit monitoring.
- Technical Data: IP address, browser type, and device information for security.
- Cookies: Essential and non-essential cookies (refer to Cookie Policy).
2. Browser Extension Data Collection
This section describes precisely what the AiLancerX Chrome extension reads, when it reads it, and what it does not access — in alignment with Chrome Web Store Data Safety requirements.
Supported Domains Only
The extension only activates on supported freelance platforms (e.g., upwork.com, fiverr.com) and ailancerx.com. It does not inject scripts or read content on any other website.
What It Reads (On User Action)
When you activate an analysis feature (e.g., “Analyze Job”, “Draft Reply”, “Sync Profile”), the extension may read user-visible page content including job titles, descriptions, client ratings, and message threads.
3. Why We Collect Data & AI Processing
We collect your data to provide our service, process your subscription, and personalize your AI experience. We do not sell your data.
AI Processing
Powered by OpenAI models via secure backend connections.
- Your data is never used to train global AI models — it is used ephemerally to generate the proposal or analysis you requested.
- Encryption is applied at every stage of the data lifecycle to ensure confidentiality.
4. Message Content & AI Context
When you use the AI reply feature, our extension reads the recent message thread to provide contextually relevant suggestions.
Processing: Message threads are processed in real-time to generate responses. We may store rolling summaries of conversations to provide continuity in AI interactions.
You can clear your local or server-side conversation memory at any time from the dashboard settings.
5. Data Storage & Retention
We retain data according to our Data Retention Schedule:
Account & Profile Data
Retained for the duration of your active subscription. Deleted within 30 days of account closure request.
Financial Records
Retained for up to 7 years to comply with tax and legal requirements.
6. Children's Privacy
Our services are designed for professional freelancers and are not directed to children under the age of 18.
We do not knowingly collect personal data from individuals under 18. If we become aware that we have inadvertently collected such data, we will take immediate steps to delete it from our servers.
7. Security Measures
We implement multi-layered, enterprise-grade security protocols to safeguard your data at every level of our infrastructure.
Encryption & Hashing
Data is protected with TLS 1.3 in transit and AES-256 at rest. User passwords are never stored in plain text; we use industry-standard hashing (Argon2/BCrypt) with unique salts.
Infrastructure Security
Hosted on Vercel and AWS within isolated Virtual Private Clouds (VPC). We employ edge-level DDoS protection and intelligent rate limiting to prevent unauthorized access.
Access Control
Strict internal access controls and Multi-Factor Authentication (MFA) are required for all administrative access to our production systems and data stores.
Continuous Monitoring
Our SOC team monitors systems 24/7 for suspicious activity. We conduct regular internal audits and vulnerability assessments to maintain high security standards.
8. International Data Transfers
As a global platform, we may transfer and process your data outside of your home country.
When we transfer data across borders, we ensure it is protected by the same high standards regardless of location. This includes using Standard Contractual Clauses (SCCs) and ensuring our cloud providers (AWS, Vercel) maintain rigorous certifications (SOC 2, ISO 27001).
9. Global Privacy Rights
We honor privacy rights globally, specifically aligning with the UK GDPR and California Privacy Rights Act (CPRA).
Right to Access & Delete
Request a copy of your data or ask us to completely erase your personal information.
Right to Rectification
Correct any inaccurate or incomplete personal information at any time.
Right to Opt-Out
Under CPRA, you have the right to opt-out of the “sale” or “sharing” of personal information (Note: We do not sell data).
Data Portability
Request your data in a structured, machine-readable format.
10. Third-Party Affiliation
Marketplace Independence
AiLancerX is an independent service. We are not affiliated, associated, authorized, endorsed by, or in any way officially connected with Upwork, Fiverr, Freelancer.com, or any other third-party marketplace.
9. Responsible Disclosure
Reporting Vulnerabilities
We believe in a secure and collaborative internet. If you have discovered a security vulnerability in AiLancerX, we encourage you to report it to us immediately.
We operate a rewards program for responsible bug disclosure.
10. Contact & Complaints
If you have questions about your privacy or wish to exercise your rights, please contact our Data Protection Officer (DPO):
© 2026 AiLancerX. Registered Office: 128 City Road, London, EC1V 2NX.
Ensuring your data stays yours, always.