Skip to main content
LanceRank
Log inClaim your profile — free

Legal

Privacy Policy

Effective date: April 23, 2026 · Last updated: May 27, 2026

1. Introduction

LanceRank is operated by MARANOTE LTD, a private limited company registered in Cyprus under company number ΗΕ 432111, with its registered office at Karpasias 3, 4185 Limassol, Cyprus.In this Privacy Policy “LanceRank”, “we”, “us”, and “our” refer to MARANOTE LTD.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at lancerank.com and use our services. Please read this policy carefully. If you do not agree with the terms of this policy, please do not access the site.

2. Information We Collect

We collect information in the following ways:

  • Account information: When you register, we collect your name, email address, and password. If you subscribe to a paid plan, we collect billing information through our payment processor (Stripe).
  • Profile data: Information you provide to build your LanceRank profile, including your bio, location, skills, hourly rate, and avatar.
  • Platform data: When you connect a freelancing platform (e.g., Fiverr, Toptal), we collect publicly available data from your profile on that platform, including ratings, review counts, job history, and badges.
  • Usage data: We automatically collect information about your interactions with our service, including pages visited, features used, IP address, browser type, and device information.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Calculate and display your LanceRank Score based on aggregated data from connected platforms and verified reviews
  • Send transactional emails, including review requests, vouching confirmations, and account notifications
  • Process payments and manage subscriptions
  • Analyze usage patterns to improve the platform experience
  • Detect, prevent, and address fraud, abuse, and technical issues

3a. Reviewer Email Classification

When a freelancer requests a review on LanceRank, we automatically inspect the domain portion of the recipient’s email address (the part after the “@”). We use this to (a) reject requests sent to known disposable-email services (e.g. Mailinator, tempmail.com), and (b) tag whether the address belongs to a common free webmail provider (Gmail, Outlook, etc.) versus any other domain. This tag is stored alongside the review for internal fraud-prevention monitoring only — it is never displayed on the public profile, never used to weight or downgrade a review’s contribution to the LanceRank Score, and never shared with third parties.

Additionally, we may compute an internal “suspicion score” per freelancer based on review-pattern statistics (e.g. all reviews submitted within a short window, no repeat clients, etc.). This score helps our admins identify potential review padding for manual review. It is internal-only and does not affect the public LanceRank Score. Reviews removed by an admin can be contested by the freelancer through their dashboard.

Legal basis: GDPR Article 6(1)(f) — our legitimate interest in maintaining a trustworthy reputation platform, recognised by Recital 47.

3b. Automated Decision-Making (GDPR Art. 22)

The LanceRank Scoreis calculated automatically by a deterministic, rule-based algorithm (currently v6.1, effective 22 May 2026). The score aggregates six weighted factors — Track Record (35), Recency & Tenure (20), Claimant Credibility (20), Platform Credibility (10), LinkedIn Endorsements (10), and Skills (5) — to produce a 0–100 number and a career-stage label. The full methodology, factor weights, and version history are public at lancerank.com/how-scoring-works.

Because the score can influence client hiring decisions and therefore has a similarly significant effect on you (CJEU SCHUFA Holding, Case C-634/21, December 2023), you have the rights set out in GDPR Article 22(3):

  • Right to human review — request that a LanceRank moderator review the inputs and weights underlying your score, in your specific case.
  • Right to express your point of view — submit corrective context, evidence, or additional data the algorithm did not see.
  • Right to contest the result — challenge a specific score outcome and receive a reasoned written decision within 14 days.

To exercise any of these rights, use the contest form at your dashboard or email [email protected] from the address associated with your account. We will respond within 14 working days.

We do not use machine-learning models, profiling against learned parameters, or any adaptive inference in the scoring pipeline. The algorithm is a fixed weighted sum of author-defined constants; the source is auditable via the published methodology. We have completed an internal AI Act self-assessment (27 May 2026) which concludes that the score is not an AI system within the meaning of Regulation (EU) 2024/1689 Art. 3(1); the assessment is available on request.

4. Data from Third Parties

When you connect a freelancing platform to your LanceRank profile, we access publicly available data from that platform. This includes information visible to anyone browsing the platform without an account, such as your public profile page on Fiverr, Toptal, Freelancer.com, PeoplePerHour, Guru, Contra, or 99designs.

We do not access private messages, financial details, or any data that requires authentication on the third-party platform. We only collect data that you have explicitly asked us to import by providing your profile URL.

4a. Publicly Available Profiles & Unclaimed Listings

LanceRank operates as an independent, public-interest reputation directory for freelancers — comparable to how consumer-review platforms index businesses. To provide that directory, we may create preliminary “unclaimed” LanceRank profiles for individual freelancers based exclusively on publicly available information they have already published themselves on freelance marketplaces or professional networks (name, public bio, skills, publicly displayed ratings, public review counts, platform badges, avatar, general location). Every field we display can be independently verified by anyone visiting the original public profile page; we do not access private messages, contact details, transaction history, financial information, or any content that would require authentication or consent to reach.

Legal basis (EU/UK GDPR Art. 6(1)(f)): processing is carried out in the legitimate interest of (i) operating a transparent marketplace-independent reputation index that helps clients verify freelancer track records, (ii) allowing the freelancer themselves to consolidate their reputation across platforms, and (iii) reducing fraud in freelance hiring. Our Legitimate Interest Assessment and Data Protection Impact Assessment (both dated 27 May 2026, available on request via [email protected]) conclude that this processing is consistent with the freelancer's reasonable expectations, because the source data is already public and self-published for the purpose of being discovered by prospective clients. We do not process sensitive categories of personal data.

Article 14 notice (GDPR Art. 14(5)(b)):when we build an unclaimed profile from public sources we do not — and never have — possessed the freelancer's email address or any direct contact channel. Notifying every individual subject under Art. 14(1)–(2) is therefore impossible, and we rely on the disproportionate-effort exemption of Art. 14(5)(b). In place of individual notice we (i) publish this Privacy Policy as a clearly accessible public notice, (ii) label every unclaimed profile “Unclaimed” with a one-click removal link, and (iii) honour any erasure / objection request from the data subject within 30 days (most within 72 hours), no questions asked beyond confirming control of an email address visible on the source profile.

Your rights over an unclaimed profile:

  • Claim it free at any time by verifying the email associated with your platform account — you then control bio, location, avatar, categories, availability, and which platforms are linked.
  • Request removal by emailing [email protected] from the address on your platform profile; we will delete the unclaimed profile and all associated scraped data within 30 days (in most cases within 72 hours).
  • Correct inaccuracies without claiming by emailing the same address — we will review and, where your correction matches the current public source, update the profile.
  • Object to processing under GDPR Art. 21 by emailing us; we will honour the objection unless we demonstrate a compelling lawful basis to continue.

Unclaimed profiles are clearly labelled as “Unclaimed” in the interface so visitors understand the freelancer has not yet confirmed ownership. We re-sync publicly available data on a defined schedule and remove any field the freelancer has since taken down from the public source.

5. Data Sharing & Sub-Processors

We do not sell, trade, or rent your personal information to third parties. We share data only with the following named sub-processors and only as needed to run the service:

Sub-processorPurposeLocationTransfer safeguard
Stripe Payments Europe LtdSubscription billing, invoicingIreland (parent: Stripe Inc., US)EU-US Data Privacy Framework
Stripe Identity (Stripe Inc.)Optional identity verification (photo-ID OCR + selfie match) for the Verified Pro badgeUnited StatesEU-US Data Privacy Framework. Document images stored by Stripe per their retention; the OCR'd name we receive is redacted from our audit log after 90 days.
Brevo SAS (Sendinblue)Transactional + marketing email deliveryFranceN/A (EU)
Cloudflare Inc.DNS, CDN, WAF, DDoS protectionUSEU-US DPF + Standard Contractual Clauses
Hetzner Online GmbHApplication + database hostingGermanyN/A (EU)
Google Ireland Ltd (GA4)Analytics (only after explicit consent)Ireland (data routing via Google LLC, US)EU-US DPF
Meta Platforms Ireland LtdPixel / Conversions API (marketing-consent only)Ireland (data routing via Meta US)EU-US DPF
Reddit Inc., TikTok Pte LtdMarketing pixels (marketing-consent only)US / SingaporeStandard Contractual Clauses
Anthropic PBC, Google Vertex AILanceRank Assistant chatbot + agent platform (admin-side AI tooling)USSCCs / EU-US DPF; chat content not used to train models
Backblaze Inc. (B2)Encrypted off-site database backupsEU region (Amsterdam)N/A (EU); SCCs at company level
ScraperAPI Inc.Public-profile fetcher (residential proxy network); never sees authenticated contentUSStandard Contractual Clauses

We also disclose data to law enforcement only if required by a valid legal process. A current sub-processor list is maintained at this Privacy Policy; when we add or change a sub-processor that processes personal data, we update this list at least 30 days before the change takes effect for new processing.

Your public LanceRank profile (name, score, verified reviews, and connected platforms) is visible to anyone who visits your profile URL. This is by design — the purpose of LanceRank is to make your verified reputation publicly accessible.

6. Data Retention

We retain personal data only for as long as we need it. The specific periods are:

Data categoryRetention
Account data (name, email, password hash)Life of account + 30 days after deletion request
Billing records (Stripe customer ID, invoice metadata)7 years (Cyprus VAT & tax law)
Support tickets (incl. Freshdesk thread content)24 months from last response
Server access logs (IP, user-agent, request path)90 days
Scraped data on unclaimed profiles12 months from last source-confirmation, then auto-purged
Staff-access audit log12 months minimum (see §8b)
Reviewer IP & submission metadata (fraud detection)24 months from review creation
Google Analytics 4 (only with consent)14 months (GA default)
Consent receipts (`lr_consent` cookie + server log)5 years (CNIL Délibération n° 2019-093 guidance)
DSA Statement of Reasons records5 years from issuance (DSA Art. 17(5))

Publicly submitted reviews may remain visible after the freelancer's account deletion, as they form part of the public reputation record described in §3. Reviewers may request removal of their own reviews at any time. Where we are required to retain data for a legal, regulatory, or audit purpose, that legal requirement governs the retention period for that specific record.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of any inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data from our systems.
  • Export: Request your data in a portable, machine-readable format.
  • Object to processing: Object to certain types of data processing, including direct marketing.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

Right to lodge a complaint with a supervisory authority (GDPR Art. 77). If you believe we have processed your personal data unlawfully, you may complain to the Cyprus Commissioner for Personal Data Protection (our lead supervisory authority under GDPR Art. 56):

Office of the Commissioner for Personal Data Protection
1 Iasonos Street, 1082 Nicosia, Cyprus
Telephone: +357 22 818 456
Email: [email protected]
Website: dataprotection.gov.cy

You may also lodge a complaint with the supervisory authority in your own EU Member State, or with another regulator that has jurisdiction over your particular situation.

8. Cookies and analytics

Strictly necessary cookies — used to maintain your authentication state, prevent CSRF attacks, and complete billing flows. These are essential for the service to function and cannot be disabled. We also store one small lr_consent cookie that records your cookie-preference choice.

Analytics cookies (optional) — with your explicit consent, we load Google Analytics 4 with anonymized IP to understand which pages help freelancers and where users drop off. We do not set advertising cookies, do not participate in cross-site tracking networks, and do not sell or rent any data. You can withdraw consent at any time via the “Cookie preferences” link in our footer — withdrawal is as easy as the original consent (GDPR Art. 7(3)).

Legal basis:strictly-necessary cookies rely on ePrivacy Art. 5(3) (essential to provide the requested service); analytics cookies rely on the visitor’s freely-given, specific, informed, and unambiguous consent under GDPR Art. 6(1)(a) and ePrivacy Art. 5(3).

8a. EU Digital Services Act (DSA)

LanceRank is an “intermediary service” under Regulation (EU) 2022/2065 (the Digital Services Act). We comply with the obligations applicable to a service of our scale, including:

  • Notice-and-Action (Art. 16): any visitor — not only registered users — can flag content they believe is illegal or violates our terms via lancerank.com/report. Reports are acknowledged by email with a tracking number, and decisions are normally made within 5 working days.
  • Statement of Reasons (Art. 17):when we hide, remove, demote, or otherwise restrict content tied to a user’s account, we email the affected user a structured statement describing what we did, why, the legal or terms-of-service basis, and their redress options.
  • Internal complaint-handling (Art. 20): if you disagree with one of our moderation decisions, reply to the Statement of Reasons and a different moderator will review your case within 7 working days.
  • Out-of-court dispute resolution (Art. 21): because LanceRank is operated from Cyprus, the certified out-of-court body for our jurisdiction is the Cyprus Out-of-Court Adjudication Body for Consumer Disputes (ADR Cyprus). If you reside in another EU Member State, you may also use a certified body in your jurisdiction — email [email protected] and we will help you find the right one.
  • Transparency Database (Art. 24(5)):every Statement of Reasons we issue is also submitted, in anonymised form (no personal data), to the European Commission’s public DSA Transparency Database at transparency.dsa.ec.europa.eu. The published record contains the action taken, the legal ground, and the content type — never your name, email, or review text.
  • Annual transparency report (Art. 15): we publish a yearly summary of moderation actions and reports received. The first report covering 2026 will be published in Q1 2027.
  • No automated decision-making in moderation: every hide, take-down, demotion, or rejection is decided by a human moderator. We do not use automated tools to apply consequential moderation actions.
  • Single point of contact (Art. 11–12): [email protected] serves as our single electronic point of contact for users and Member State authorities on DSA matters.

8b. Staff access to your account

In limited, defined circumstances, members of the LanceRank staff may sign in to your account ("impersonate" you) using an internal tool. We do this only for the following purposes:

  • Support requests — reproducing a bug you reported, or fixing your profile data after you ask us to
  • Debugging — investigating a system issue that appears to affect your account specifically
  • Security and fraud — investigating suspected unauthorised access, impersonation reports, or policy violations
  • Legal compliance — when required to respond to a lawful order

Every staff-access event is:

  • Recorded in our internal audit log (timestamp, reason, staff IP and user-agent) — retained for at least 12 months
  • Limited to a one-hour session that expires automatically
  • Read-only by technical enforcement — while we are signed in as you, our tooling blocks all state-changing actions (we cannot change your password, modify your billing, post reviews, send messages, or alter profile data on your behalf)

This is our legitimate interest (GDPR Art. 6(1)(f)) in operating, supporting, and securing the service. You have the right under Art. 15 GDPR to request a copy of every staff-access record on your account, and the right under Art. 21 GDPR to object to this processing at any time on grounds relating to your particular situation. Either request goes to [email protected] and we'll respond within 30 days.

8c. LinkedIn enrichment via the Chrome extension

The LanceRank Sync Chrome extension (v0.5.0+) can read and import data from your own LinkedIn profile when you click the "Sync this LinkedIn profile" button in the extension popup while viewing linkedin.com/in/<your-name>. The following sections may be extracted, with your explicit click each time:

  • Your profile header (name, headline, About, photo, location)
  • Recommendations received from other LinkedIn users
  • LinkedIn Services listings + reviews from clients
  • Experience timeline (titles, companies, dates, employment type)
  • Certifications, languages, education
  • Skill endorsements (counts only)

Important properties of this extraction:

  • It runs onlyin your own browser, in your own logged-in LinkedIn session, on your own profile page — we never touch LinkedIn from our servers, and we never touch any other user's profile.
  • Account-risk disclosure:LinkedIn's Terms of Service prohibit third-party data extraction. Using this feature is at your own risk and may, in rare cases, result in LinkedIn restricting your account. We show this warning every time you click the sync button so you can choose to proceed or cancel.
  • Recommendation writers and Service review writers consented when they posted on LinkedIn that their content would be publicly visible to anyone viewing your profile. On your public LanceRank profile we display the recommender's name, headline, and a truncated 280-character previewof their recommendation with a "via LinkedIn →" link to the original. Full text is visible only to you on your private dashboard.
  • Each click captures a fresh snapshot. Re-clicking replaces the previous snapshot — we do not accumulate history. Imports are rate-limited to one per 5 minutes per device.
  • You can remove the entire LinkedIn enrichment at any time from your dashboard; deletion is immediate and cascades to all child records (recommendations, services, reviews, etc.).

Lawful basis (GDPR Art. 6):

  • For your data: your active consent (Art. 6(1)(a)) each time you click the sync button.
  • For data about third parties (recommenders, Service review writers, endorsers) whose content appears publicly on your LinkedIn profile and that we mirror on LanceRank with attribution: our legitimate interest in operating a verified-reputation service (Art. 6(1)(f)). We have completed a Legitimate Interest Assessment that balances our interest against the rights of these third parties; the LIA is available on request.

Third-party rights (DSA Art. 16, GDPR Arts. 17 + 21): If you are a recommender, Service review writer, or endorser and you would like your content removed from a LanceRank profile, please contact [email protected] or use the public content report form. We process all such requests within 30 days. You do not need a LanceRank account to make this request.

9. Security

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it:

  • All data is encrypted in transit using TLS 1.3
  • Data at rest is encrypted using AES-256 encryption
  • We conduct regular security reviews and vulnerability assessments
  • Access to personal data is restricted to authorized personnel on a need-to-know basis
  • Payment data is handled entirely by Stripe and never touches our servers

10. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email at least 30 days before the changes take effect. Minor clarifications or formatting changes may be made without notice. We encourage you to review this page periodically.

10a. Children's Privacy

LanceRank is a B2B service for working freelance professionals and is not directed at children. We do not knowingly collect personal information from anyone under 16 (or the relevant national digital-consent age — Cyprus: 14; UK: 13). Reviewers, vouching clients, and signups all confirm they are 18 or older at submission. If you believe a child has provided us with personal information, contact [email protected] and we will delete it within 7 days (16 C.F.R. §312.5 compliance for any US under-13 data).

10b. Brazil — LGPD (Lei 13.709/2018)

If you are a data subject located in Brazil, the Lei Geral de Proteção de Dados Pessoais(LGPD) applies to our processing of your personal data. In addition to the rights set out in §7 above, under LGPD Article 18 you may: (i) confirm whether processing exists; (ii) access your data; (iii) correct incomplete, inaccurate, or outdated data; (iv) anonymise, block, or delete unnecessary or excessive data or data processed in non-compliance; (v) port your data to another service; (vi) delete data processed on the basis of consent; (vii) be informed of public and private entities with whom we share data; (viii) be informed about the consequences of refusing consent; (ix) revoke consent.

Our lawful basis under LGPD Art. 7 is generally legítimo interesse (Art. 7 IX), parallel to our GDPR Art. 6(1)(f) basis. Our Encarregado (Data Protection Officer) contact for LGPD requests is [email protected]. You may also lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD) at gov.br/anpd. Response SLA: 15 days under Art. 19.

10c. India — DPDP Act 2023

If you are a data principal located in India, the Digital Personal Data Protection Act 2023 applies to our processing. Under DPDP §13(2) you may: access your data, request correction, request erasure, nominate someone to exercise rights on your behalf in case of death or incapacity, and file a grievance.

Grievance Officer: contact [email protected]; response SLA 30 days. If unresolved, you may complain to the Data Protection Board of India.

Minors (DPDP §9):we do not knowingly process personal data of individuals under 18 located in India; see §10a above for our age-attestation safeguards.

10d. Canada — PIPEDA + CASL

If you are a Canadian data subject, the Personal Information Protection and Electronic Documents Act(PIPEDA) governs our handling of your personal information. You have the right to access, correct, and request deletion of your data; to be informed of the use of automated decision-making (see §3b); and to escalate unresolved complaints to the Office of the Privacy Commissioner of Canada at priv.gc.ca.

Breach notification. If a breach of our security safeguards involves your personal information and creates a real risk of significant harm, we will notify you and the OPC, and maintain a written record of the breach for a minimum of 24 months as required by PIPEDA Regulation SOR/2018-64.

CASL. Commercial electronic messages we send you (vouch invitations, review-request emails on behalf of freelancers) include our identity, contact details, and a one-click unsubscribe per CASL §6.

10e. United States — California & other state privacy laws

If you are a California resident, the California Consumer Privacy Act / California Privacy Rights Act (CCPA / CPRA) applies. You have the rights to: know what personal information we collect, delete personal information, correct inaccurate personal information, opt out of the “sale” and “sharing” of personal information (we do not sell; “sharing” for behavioural ads is only possible if you affirmatively opt in via the cookie banner — see §8), limit the use of sensitive personal information, and be free from discrimination for exercising any of these rights. To exercise these rights, visit lancerank.com/do-not-sell-or-share or email [email protected]. We honour the Global Privacy Control (GPC) browser signal as a valid opt-out for analytics + sharing.

Equivalent rights apply if you reside in Colorado (CPA), Connecticut (CTDPA), Virginia (CDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Delaware (DPDPA), or another US state with a comprehensive privacy law in force. We honour the universal opt-out signal where the relevant statute requires it (CA, CO, CT). To exercise any of these rights, the email above is the single intake.

11. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

MARANOTE LTD
Karpasias 3
4185 Limassol
Cyprus
Company number: ΗΕ 432111
[email protected]

Terms of ServiceFAQContact Us