Privacy & Data Protection

Privacy Policy

If you are looking for the prior version, you may request it by contacting us (see “Contact Us” below).

Effective Date

January 6, 2026

Accessibility: This Privacy Policy is provided in an accessible format and is designed to align with generally accepted web accessibility standards, including WCAG 2.1, where reasonably practicable. For convenience, this Privacy Policy is available both as a web page and as a downloadable PDF document. If you require an alternative format or experience difficulty accessing this content, please contact us and we will make reasonable efforts to provide the information in an accessible manner.
Request prior version

1. INTRODUCTION

This Privacy Policy explains how and why Collty collects, uses, discloses, and otherwise processes personal information when you visit our website(s), access or use our platform, or otherwise interact with us (collectively, the “Service”). It also explains the choices and rights you may have regarding your personal information, depending on your location.

Collty is a project delivery platform that helps Clients discover and hire remote Teams or individual Specialists and manage projects through sprint-based workflows (e.g., weekly sprints), including task management, chat, meetings, analytics, and invoicing.

This Privacy Policy applies to personal information we collect:

  • through the Service (including web and any applications we operate);
  • through communications with us (e.g., email, chat, customer support);
  • offline, where collected in connection with the Service (which we may combine with online data).

This Privacy Policy does not apply to third-party websites, services, or applications (including integrations) that you access through the Service. Those third parties’ privacy practices are governed by their own policies.

2. KEY DEFINITIONS

“Collty,” “we,” “us,” or “our” refers to the Collty entity responsible for providing the Service.

“Site” refers to Collty’s website(s) and related pages and subdomains we operate.

“Service” refers to the Site and the Collty platform and all related features, including discovery/search, hiring requests (“Hire” and “Discuss project first”), project workspaces, sprint planning, task management, messaging/chat, meetings, analytics, invoicing, and support.

“Client” means an individual or organization seeking to hire Teams or Specialists and manage projects through the Service.

“Team” / “Partner” / “Specialist” means an individual or organization offering services through the Service.

“Visitor” means anyone who visits the Site without creating an account.

“Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) to an individual.

“Non-Identifying Information” means information that does not directly identify you (for example, aggregated statistics or generalized project data that does not reasonably identify an individual).

“De-Identified Information” means information that has been processed to remove identifiers so it can no longer reasonably be used to identify an individual, taking into account reasonable measures.

“Controller” and “Processor” have the meanings given under applicable data protection laws. In many cases, Collty acts as a controller of Personal Information. In some cases, Collty processes content and data on behalf of Clients or Teams/Partners as a processor to provide the Service.

3. INFORMATION WE COLLECT

We collect information in three main ways:

(A) information you provide to us;

(B) information we collect automatically;

(C) information we receive from third parties.

A. Information you provide to us

Depending on how you use Collty, you may provide:

Account and profile information

  • name, email address, phone number, and account credentials;
  • company name, role/title, country/city, industry, and profile details;
  • for Teams/Partners/Specialists: services offered, skills, portfolio content, experience, availability, and similar profile information.

Hiring and project information

  • details you submit when you click “Hire” or “Discuss project first,” including scope notes, requested roles, selected Specialists, estimated hours, and timing preferences;
  • project setup information, sprint plans, milestones, deliverables, and project calendar preferences;
  • task descriptions, files, links, and attachments you upload.

Communications

  • messages and content you send through Collty chat or other collaboration features;
  • meeting requests, scheduling details, and communications with other users and with support.

Payments and billing (where applicable)

  • billing contact information, invoice details, payment status, and transaction metadata;
  • we generally do not store full payment card numbers. Payment card information is typically processed by payment processors.

Support and feedback

  • customer support requests, troubleshooting details, feedback, survey responses, and related communications.

Identity verification and compliance (if applicable)

  • verification information and results (e.g., business verification, identity verification) when needed for security, fraud prevention, or compliance;
  • where required, we may request government-issued identification details or similar information. We request this only when necessary and as permitted by law.

B. Non-Identifying Information and De-Identified Information

Non-Identifying Information: We may collect information that does not directly identify you, such as generalized location information (e.g., country-level), demographic or firmographic information, information about how you use the Service, and general project-related data (for example, counts of tasks, sprint velocity, or feature usage) (“Non-Identifying Information”). We use this information to operate, improve, and secure the Service, and to understand how the Service is used.

Hashed Information: In some cases, we may transform certain Personal Information (typically an identifier such as an email address) into a form that does not directly identify you (“Hashed Information”) using a mathematical process (commonly known as hashing). Hashed Information may be used for security, fraud prevention, deduplication, measurement, or matching purposes (for example, to prevent duplicate accounts or to measure campaign performance) where permitted by law and subject to your choices.

Combination of Personal and Non-Identifying Information: We may combine Personal Information with Non-Identifying Information. If we do, we treat the combined information as Personal Information under this Privacy Policy.

De-Identified Information: We may de-identify or aggregate information so that it can no longer reasonably be used to identify you (“De-Identified Information”). We may use De-Identified Information for analytics, product improvement, research, and other legitimate business purposes. We maintain De-Identified Information in de-identified form and do not attempt to reidentify it, except to validate our de-identification processes or where required by law.

C. Information collected automatically

Like most online services, we automatically receive technical information when you use our Service. We use these technologies to operate and secure the Service, analyze usage, improve functionality, remember preferences, and (where permitted) to market our Service.

Technical and device information

  • IP address, device identifiers, browser type, operating system, language settings, time zone;
  • log files, diagnostic data, error reports, performance data.

Usage and activity data

  • pages and screens viewed, features used, clicks, timestamps, session duration;
  • search queries and filters you use on the platform;
  • referring URLs and navigation paths;
  • approximate location derived from IP address.

Cookies and similar technologies

We and our service providers may use cookies, pixels, local storage, SDKs, tags, web beacons, and similar technologies to:

  • authenticate users and keep sessions secure;
  • remember preferences and settings;
  • enable core functionality (including hiring flows and project workspaces);
  • measure performance and usage, debug issues, and improve the Service;
  • detect fraud and prevent abuse;
  • deliver or measure marketing (where permitted and subject to your choices).

D. Information we receive from third parties

We may receive information from:

  • authentication providers (e.g., Google/Apple SSO) if you choose to use them;
  • payment processors (limited confirmation and transaction metadata);
  • analytics and security providers (fraud signals, risk indicators);
  • marketing and advertising partners (campaign attribution data, where permitted);
  • other users (e.g., if a Client invites you to a project workspace, or a Team adds members).

4. HOW WE USE INFORMATION

We use Personal Information to provide and operate Collty, including to:

Provide, operate, and maintain the Service

  • create and manage accounts and profiles;
  • enable discovery, search, matching, and recommendations;
  • process “Hire” and “Discuss project first” requests;
  • provide sprint-based project workflows (task planning, chat, meetings, analytics, invoicing);
  • facilitate collaboration between Clients and Teams/Partners/Specialists;
  • provide customer support and respond to requests.

Improve and develop the Service

  • understand how the Service is used, monitor performance, and improve user experience;
  • debug, test, and fix errors;
  • develop new features and improve search relevance and recommendations.

Communications

  • send administrative messages, security alerts, and service updates;
  • communicate about hiring requests, meetings, project updates, and support tickets;
  • send marketing communications where permitted (and you can opt out).

Security, fraud prevention, and trust & safety

  • protect accounts and platform integrity;
  • detect, prevent, and respond to abuse, fraud, suspicious activity, and policy violations;
  • verify identity where required for safety or compliance.

Legal, compliance, and enforcement

  • comply with legal obligations and lawful requests;
  • maintain records for accounting, audits, and dispute resolution;
  • enforce our Terms, policies, and agreements;
  • protect rights, property, and safety of Collty and users.

Artificial intelligence and automated tools

We may use automated tools and AI (including generative AI) to support and improve the Service, such as:

  • improving search and matching relevance;
  • summarizing or organizing project information (where enabled);
  • detecting spam, fraud, or abusive activity;
  • improving support workflows and product performance.

Where required by law, we will provide appropriate notice and obtain consent for specific AI-related processing. We do not use private project messages or content to train public models unless you explicitly opt in, where applicable and offered.

If we process Personal Information for purposes that are materially different from those disclosed here, we will provide notice or obtain consent as required by law.

6. HOW WE SHARE INFORMATION

We do not sell Personal Information for monetary consideration.

We may share Personal Information in the following ways:

A. With other users as part of the Service

Collty facilitates collaboration between Clients and Teams/Partners/Specialists. Depending on your role and what you do on the Service, we may share information such as:

  • when a Client submits a hiring request, the request details and Client information needed to respond are shared with the selected Team/Specialists;
  • when a project starts, project workspace information (tasks, comments, messages, files) is shared with authorized project participants based on permissions;
  • profile information may be visible to other users as part of discovery and collaboration (for example, a Team profile visible to Clients).

B. With service providers

We share information with vendors that help us operate the Service, such as:

  • hosting and infrastructure providers,
  • analytics providers,
  • security and fraud prevention providers,
  • customer support tools,
  • communications providers (email, messaging, notifications),
  • payment processors,
  • scheduling/meeting or calendar tools where integrated.

These providers are authorized to process Personal Information only as necessary to provide services to Collty and must protect it.

C. With affiliates

We may share information with Collty affiliates for internal operations, security, and service support.

D. Advertising, analytics providers, and similar third parties

We may work with analytics providers and, where permitted, advertising partners who use technologies (such as cookies, pixels, and SDKs) to help us understand how people use the Service, measure campaign performance, and improve our marketing. Some of these parties may collect information about your device and activity over time and across different websites or services, depending on their role and your choices. You may be able to opt out of certain forms of targeted advertising as described in “Your Choices and Rights.”

E. Legal and investigative purposes

We may disclose information to government agencies, law enforcement, courts, or private parties where we believe in good faith that disclosure is necessary to:

  • comply with law or legal process,
  • protect rights, property, and safety of Collty, our users, or others,
  • investigate fraud, security incidents, or policy violations,
  • respond to claims and enforce our agreements.

F. Business transfers

If Collty is involved in a merger, acquisition, reorganization, bankruptcy, or sale of assets, Personal Information may be transferred as part of that transaction, subject to appropriate protections.

G. With your consent

We may share information for other purposes with your consent or at your direction.

7. COOKIES AND SIMILAR TECHNOLOGIES

We use cookies and similar technologies, including cookies, pixels, local storage, SDKs, tags, web beacons, and related technologies, for authentication, security, preferences, analytics, and (where permitted) marketing.

You can control cookies through:

  • browser settings;
  • device settings (if applicable);
  • our cookie banner or preferences tool (if available);
  • opt-out tools provided by some analytics/advertising partners.

If you block certain cookies, parts of the Service may not function properly (for example, staying signed in or using certain platform features).

8. DO NOT TRACK SIGNALS

Some browsers allow you to send a “Do Not Track” signal to websites you visit. Because there is not yet a universally accepted standard for how to respond to these signals, Collty does not respond to “Do Not Track” signals in a uniform way. We continue to monitor developments and may update our practices if standards become available.

9. DATA RETENTION

We retain Personal Information only as long as necessary for the purposes described in this Privacy Policy, including to:

  • provide the Service and maintain accounts;
  • process transactions and maintain financial records;
  • comply with legal, tax, and accounting requirements;
  • prevent fraud, enforce agreements, resolve disputes, and maintain security.

Retention periods vary depending on the type of information, legal requirements, and operational needs. We may retain certain information after account closure where required or permitted by law.

10. SECURITY

We maintain administrative, technical, and organizational safeguards designed to protect Personal Information. However, no security measure is perfect and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your login credentials and for promptly notifying us of suspected unauthorized access.

11. INTERNATIONAL DATA TRANSFERS

Collty may process and store information in countries other than your country of residence. Where required, we use appropriate safeguards for international transfers, such as Standard Contractual Clauses or other lawful mechanisms.

12. CHILDREN’S PRIVACY

The Service is intended for users who are at least 18 years old (or the age of majority in your jurisdiction). We do not knowingly collect Personal Information from children. If you believe a child has provided us Personal Information, please contact us and we will take steps to delete it as required by law.

13. YOUR CHOICES AND RIGHTS

A. Account information

You can access, update, or correct certain account information through your profile or account settings.

B. Marketing communications

You can opt out of marketing emails by using the unsubscribe link in those emails. You may still receive service-related communications (e.g., security notices, billing, or important updates).

C. Privacy rights requests

Depending on your location, you may have rights to:

  • access your Personal Information;
  • request correction;
  • request deletion;
  • request portability;
  • object to processing or request restriction;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with a supervisory authority.

To exercise your rights, contact us using the information in “Contact Us.” We may need to verify your identity before fulfilling a request.

D. California notice (if applicable)

If you are a California resident, you may have rights under the CPRA, including the right to know, delete, correct, opt out of “sharing” for cross-context behavioral advertising (if applicable), and not be discriminated against for exercising your rights. Collty does not sell Personal Information for monetary consideration. Where we engage in advertising activities that may be considered “sharing” under California law, you may have the right to opt out.

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice as required by law. The Effective Date at the top indicates when this version becomes effective.

16. CONTACT US

If you have questions or requests related to privacy, contact:

Privacy Email: privacy@collty.com