Freelance PortalSign In
← Back to Home

Privacy Policy

Last Updated: February 17, 2026

Effective Date: February 17, 2026

This Privacy Policy describes how Yusuf Sahin, operating as Freelance Portal, collects, uses, and protects your information. We are committed to your privacy and designed this service with data minimization in mind.

1. Information We Collect

We collect only what is necessary to provide the Service:

Account Information

  • Email address (used for login and transactional emails)
  • Full name and business name (optional, entered in Settings)
  • Password (stored as a bcrypt hash — we never see your plain-text password)

Project & File Data

  • Projects, client details, and descriptions you create
  • Files you upload (stored encrypted on Supabase)
  • File metadata: name, size, type, upload time, approval status
  • Client feedback and rejection reasons on files

Payment Information

  • Payment processing is handled entirely by Stripe
  • We never see, store, or have access to your card number, CVV, or bank details
  • We receive a Stripe customer ID and subscription status

Usage Data

  • IP address (for security and abuse prevention)
  • Browser type and version
  • Device type and operating system
  • Pages visited and actions taken within the Service
  • Timestamps of account activity

Cookies

  • Authentication cookies required to maintain your login session
  • No advertising, tracking, or analytics cookies

2. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the Service
  • Authenticate your identity and secure your account
  • Process subscription payments through Stripe
  • Send transactional emails (file approval notifications, invoice delivery, payment confirmations, deletion request alerts)
  • Respond to your support requests and communications
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations
  • Improve and optimize the Service (using aggregated, anonymized data)

We will never use your information for purposes incompatible with those listed above without your explicit consent.

3. Third-Party Service Providers

We share your data with the following trusted service providers, solely to operate the Service:

Supabase

Database and file storage provider. Your project data and uploaded files are stored on Supabase servers in the United States. Supabase is SOC 2 Type 2 compliant.

Stripe

Payment processing. All payment data is handled directly by Stripe and subject to Stripe’s Privacy Policy. Stripe is PCI DSS Level 1 certified.

Resend

Transactional email delivery. Email addresses are shared with Resend only to deliver emails you expect to receive (notifications, invoices). Subject to Resend’s Privacy Policy.

We do not sell, rent, or share your personal information with any other third parties for their own purposes. All service providers are contractually bound to process your data only as instructed by us.

4. What We Do NOT Do

  • We do NOT sell your data — your information is never sold to third parties
  • We do NOT share your data with advertisers
  • We do NOT send marketing emails (only transactional service emails)
  • We do NOT use tracking pixels, ad networks, or behavioral analytics
  • We do NOT use your files or project content to train AI models
  • We do NOT access your files except as necessary to provide the Service

5. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access

View all your personal data stored in your account through Settings.

Correct

Edit or update your account information at any time in Settings.

Delete

Delete your account in Settings. Your data will be permanently removed within 30 days.

Export / Data Portability

Download your files anytime from the Service. To request a full data export, email us.

Opt-Out of Marketing

We don't send marketing emails. You can unsubscribe from any non-essential communications, but transactional emails (e.g. invoice notifications) cannot be disabled while your account is active.

To exercise any of these rights, email us at metmerg@gmail.com. We will respond within 7 business days.

6. Data Retention

  • Active accounts: Data is retained for as long as your account is active.
  • Deleted accounts: All personal data and files are permanently deleted within 30 days of account deletion.
  • Backup copies: Data in backups may persist for up to 90 days before being overwritten.
  • Legal holds: We may retain data longer if required by applicable law, court order, or to resolve disputes.

7. Data Security

We implement industry-standard security measures to protect your data:

  • SSL/TLS encryption for all data in transit (HTTPS only)
  • AES-256 encryption for data at rest via Supabase
  • Row-level security policies so users can only access their own data
  • Secure authentication managed by Supabase Auth
  • Passwords stored using bcrypt hashing (we never see plain-text passwords)
  • Regular security reviews and dependency updates

While we take reasonable precautions, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

8. Cookies

We use a minimal set of cookies:

CookiePurposeRequired
auth-tokenMaintains your login sessionYes

We do not use advertising cookies, tracking cookies, or analytics cookies. You cannot disable the authentication cookie while using the Service — the Service will not function without it.

9. Age Restrictions (COPPA Compliance)

Under 13: NOT PERMITTED

The Service is not directed to children under 13. We do not knowingly collect personal information from anyone under 13 years of age. If we discover that a user is under 13, the account will be immediately terminated and all associated data will be deleted.

Ages 13–17: Parental Consent Required

Users aged 13 to 17 may only use the Service with verifiable parental or guardian consent. A parent or guardian must review and agree to these Terms and our Privacy Policy on the minor’s behalf.

Ages 18+: Full Access

No restrictions apply. You may use all features of the Service.

If you believe a child under 13 has provided us with personal information, please contact us immediately at metmerg@gmail.com.

10. International Data Transfers

Your data is stored on Supabase servers located in the United States. If you are accessing the Service from outside the US, your information will be transferred to and processed in the United States.

For users in the European Union or UK, these transfers are conducted in compliance with GDPR requirements, including the use of Standard Contractual Clauses where applicable.

11. California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights:

  • Right to Know: You may request information about the personal data we collect about you.
  • Right to Delete: You may request deletion of your personal data, subject to certain exceptions.
  • Right to Opt-Out of Sale: We do not sell personal information. This right is automatically satisfied.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, email metmerg@gmail.com with the subject line “CCPA Request.”

12. Virginia Residents (CDPA)

If you are a Virginia resident, the Virginia Consumer Data Protection Act (CDPA) provides you with the following rights:

  • Right to access the personal data we process about you
  • Right to correct inaccuracies in your personal data
  • Right to delete your personal data
  • Right to data portability (obtain a copy of your data)
  • Right to opt-out of targeted advertising — we do not conduct targeted advertising, so this right is automatically satisfied

To exercise these rights, email metmerg@gmail.com with the subject line “CDPA Request.” We will respond within 45 days. You may appeal our decision by emailing the same address with “CDPA Appeal” in the subject line.

13. Data Breach Notification

In the event of a data breach that may compromise your personal information:

  • We will notify affected users within 72 hours of discovering the breach
  • Notification will be sent to your registered email address
  • We will report the breach to relevant authorities as required by law
  • We will take immediate steps to contain and remediate the breach

14. Third-Party Links

The Service may contain links to third-party websites or services (such as Stripe payment pages and Supabase documentation). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a prominent notice within the Service. Your continued use of the Service after the effective date of changes constitutes your acceptance of the updated policy.

The “Last Updated” date at the top of this page reflects when the policy was most recently revised.

16. Contact Us

For any privacy-related questions, requests, or concerns, please contact:

Yusuf Sahin

Operating as Freelance Portal

Email: metmerg@gmail.com

Virginia, United States

Response time: within 7 business days