Privacy Policy

Rendered ("we", "us", "our") is a nonprofit talent marketplace that connects skilled professionals ("Talent") with nonprofit organisations ("Nonprofits") for project-based work. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our platform at rendered.one (the "Platform").

We are committed to protecting your privacy and processing your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Account data: Name, email address, password (hashed), and user type (Talent or Nonprofit administrator).

Profile data (Talent): Professional headline, bio, LinkedIn profile URL, location, timezone, skills, causes of interest, work situation, availability, hourly rate preferences, profile photo, portfolio items, and experience highlights.

Profile data (Nonprofits): Organisation name, registration number, mission statement, website, sector, size, and contact details.

Payment data: We use Stripe Connect to process payments. We store your Stripe account ID and account status. We do not store full card numbers, bank account numbers, or other sensitive financial data on our servers. Payment data is processed and stored by Stripe in accordance with their privacy policy.

Usage data: Pages visited, features used, search queries, IP address, browser type, device information, and timestamps of activity.

Communication data: Messages exchanged between Talent and Nonprofits through the Platform's messaging system.

Cookies and similar technologies: See Section 9 below for details.

We use your information for the following purposes:

• Platform operations: Creating and managing your account, authenticating access, and providing customer support.
• Matching: Connecting Talent profiles with relevant nonprofit projects based on skills, availability, causes, and location.
• Vetting: Reviewing and verifying Talent profiles, including light-touch verification of LinkedIn profiles and screening calls.
• Payments: Processing payments between Nonprofits and Talent through Stripe Connect, including escrow management.
• Communications: Sending service-related emails (account verification, engagement updates, payment notifications) and facilitating in-platform messaging.
• Improvement: Analysing usage patterns to improve the Platform, fix issues, and develop new features.
• Legal obligations: Complying with applicable laws, regulations, and legal processes.

When you join as Talent, your profile information may be shared with approved nonprofit organisations to facilitate project matching. You control how much information is shared through your data sharing preference, which you can set during onboarding and change at any time in your account settings.

We offer three levels of data sharing:

• Full profile: Your full name, employment history, LinkedIn profile, and all profile details are visible to nonprofits. This provides the best chance of being matched with projects.
• Hide sensitive details: Your surname and current employer (if still employed) are hidden from nonprofits. Other profile details remain visible.
• Fully anonymised: Your name is anonymised and no identifying details are shared with nonprofits until you explicitly agree to engage with a project.

Regardless of your data sharing preference, your profile is only visible to approved nonprofit organisations on the Platform. It is not publicly accessible or indexed by search engines.

We process your personal data on the following legal bases:

• Contract performance (Art. 6(1)(b)): Processing necessary to provide the Platform services, including account management, matching, engagement tracking, and payment processing.
• Legitimate interests (Art. 6(1)(f)): Processing necessary for our legitimate interests, including platform security, fraud prevention, service improvement, and analytics. We balance these interests against your rights and freedoms.
• Consent (Art. 6(1)(a)): Where you have given specific consent, such as for marketing communications or optional data sharing preferences. You can withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): Processing necessary to comply with legal obligations, such as tax reporting and financial regulations.

Active accounts: We retain your data for as long as your account is active and you continue to use the Platform.

Inactive accounts: If your account is inactive for 24 months, we may contact you to confirm whether you wish to keep your account. If you do not respond, we may close your account and delete your data.

Account closure: When you close your account, we delete your personal data within 30 days, except where we are required to retain it for legal, tax, or regulatory purposes (typically up to 7 years for financial records).

Engagement records: Records of completed engagements, reviews, and payment transactions may be retained in anonymised form for platform analytics.

Under the UK GDPR, you have the following rights:

• Right of access (Art. 15): You can request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): You can request correction of inaccurate or incomplete data. You can also update most information directly through your account settings.
• Right to erasure (Art. 17): You can request deletion of your personal data, subject to our legal obligations to retain certain records.
• Right to restriction of processing (Art. 18): You can request that we restrict processing of your data in certain circumstances.
• Right to data portability (Art. 20): You can request your data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21): You can object to processing based on legitimate interests or for direct marketing purposes.
• Rights related to automated decision-making (Art. 22): Our matching algorithms assist in connecting Talent with projects but do not make fully automated decisions with legal or similarly significant effects. You always have the choice to accept or decline any engagement.

To exercise any of these rights, contact us at hello@rendered.one. We will respond within one month.

Your data is primarily stored and processed in the United Kingdom. However, some of our service providers (including Stripe for payment processing) may process data in the United States or other countries.

Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the ICO, or transfers to countries with an adequacy decision.

We use the following types of cookies:

• Essential cookies: Required for the Platform to function, including session management and CSRF protection. These cannot be disabled.
• Functional cookies: Remember your preferences, such as timezone and display settings.
• Analytics cookies: Help us understand how the Platform is used so we can improve it. These are only set with your consent.

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent the Platform from functioning correctly.

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL) and at rest.
• Secure password hashing using industry-standard algorithms.
• Two-factor authentication available for all accounts.
• Regular security reviews and updates.
• Access controls limiting data access to authorised personnel only.

No system is completely secure. If you discover a security vulnerability, please report it to hello@rendered.one.

The Platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a notice on the Platform. The "Last updated" date at the top of this page indicates when the policy was last revised.

If you have questions about this Privacy Policy or wish to exercise your data protection rights, contact us at:

Email: hello@rendered.one

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Phone: 0303 123 1113