Privacy Policy for Cointract
Effective Date: July 28, 2025
Last Updated: July 28, 2025
1. Data Controller & Scope
This Privacy Policy describes how Cointract UAB (“Cointract”, “we”, “our”, “us”) collects, uses, and protects your personal data when you use our platform.
- Company Name: Cointract UAB
- Registration Code: 307323977
- Address: Draugystės g. 17-1, LT-51229 Kaunas, Republic of Lithuania
- Email: [email protected]
- Website: https://cointract.io
We act as the Data Controller for personal data processed through our platform, in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Law on Legal Protection of Personal Data of the Republic of Lithuania.
This policy applies to all users of our Service, including Clients, Freelancers, and site visitors. Please note that specific compliance obligations related to anti-money laundering (AML) and fraud prevention are governed by our internal policies.
2. Personal Data We Collect
We collect personal data that is necessary to provide a secure and efficient marketplace. The table below outlines what we collect and why.
| Category of Personal Data | Examples of Data Collected | Lawful Basis for Processing (under GDPR) |
| Identifiers & Contact Data | Full name, email address, phone number, physical address, username, IP address, device IDs, public crypto wallet addresses. | Performance of a Contract, Legitimate Interest |
| Identity Verification Data (KYC) | Government-issued identification (National ID card, passport), date of birth, nationality, tax identification number. | Legal Obligation (AML & tax laws), Performance of a Contract |
| Financial & Payment Data | Invoices, payment records, bank account details (IBAN) for payouts, transaction logs on the platform. | Performance of a Contract, Legal Obligation |
| Professional & Transactional Data | User profile details (bio, portfolio, skills), project proposals, service contracts, client ratings and feedback, communication records on the platform, hourly rates, and earnings. | Performance of a Contract, Legitimate Interest |
| Automatically Collected Technical Data | Browser and device information, log data (pages visited, time spent, clicks), and data from cookies (see our Cookie Policy for details). | Legitimate Interest, Consent (for non-essential cookies) |
3. How We Use Your Personal Data
We process your data for specific, explicit, and legitimate purposes:
- To Provide and Manage Our Service (Contractual Necessity):
- To create and manage your account.
- To facilitate contracts, communication, and project delivery between Clients and Freelancers.
- To operate our secure escrow service, including processing payments and executing payouts.
- To Comply with Legal Obligations (Legal Obligation):
- To conduct identity verification (KYC) to prevent fraud and comply with anti-money laundering regulations.
- To fulfill our tax reporting duties where applicable.
- To Ensure a Secure & Trusted Platform (Legitimate Interests):
- To protect our platform and users from abuse, spam, and unauthorized access.
- To monitor the security of our infrastructure and prevent fraud.
- To mediate and resolve disputes that may arise between users.
- To Improve Our Service & Communicate with You (Legitimate Interests):
- To understand how our platform is used so we can improve features and user experience.
- To send you essential administrative messages regarding your account or transactions.
- To respond to your support inquiries.
- For Marketing (Consent):
- To send you newsletters or promotional materials. We will only do this with your explicit consent, which you can withdraw at any time.
4. Sharing of Personal Data
We do not sell or rent your personal data. We only share it in the following circumstances:
- With Other Platform Users: Your profile information is shared with other users as necessary to facilitate contracts and work on the platform.
- With Trusted Service Providers: We use third-party companies (Data Processors) to help us operate. This includes payment processors, cloud hosting providers, and identity verification services. We have strict Data Processing Agreements with them to ensure your data is protected.
- With Regulatory Authorities: We may disclose your data if legally required to do so by a Lithuanian court, police, or other public authority.
- In a Business Transfer: If Cointract UAB is involved in a merger or sale, your data may be transferred to the new entity under the same privacy protections.
5. International Data Transfers
If we transfer your personal data outside the European Economic Area (EEA), we ensure it is protected by implementing GDPR-compliant safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission or by transferring to countries with an EU adequacy decision.
6. Data Retention
We retain your personal data only for as long as necessary:
- For the duration that your account is active.
- For 5 years after your account is closed, as may be required to comply with our legal obligations related to tax, fraud investigations, and dispute resolution.
7. Your Data Protection Rights (GDPR)
You have the following rights over your personal data:
- To Access, Correct, or Delete your personal data.
- To Withdraw Consent for processing where consent is the basis (e.g., marketing).
- To Object to Processing based on our legitimate interests.
- To Request Data Portability of your data in a machine-readable format.
- To Restrict Processing of your data under certain conditions.
- To Not Be Subject to Automated Decision-Making: We do not use your personal data for profiling or automated decision-making that produces legal or similarly significant effects.
- To File a Complaint with the Lithuanian State Data Protection Inspectorate (VDAI).
To exercise any of these rights, please contact us at [email protected].
8. Data Security
We implement robust technical and organizational measures to protect your data, including encryption, secure servers, and access controls. However, no system is 100% secure. We strongly advise you to use a strong, unique password and enable two-factor authentication (2FA) for your account.
9. Children’s Privacy
Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors.
10. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of any significant changes via email or a notice on our platform.
11. Contact Us
For any questions or concerns regarding your data protection, please contact us:
- Email: [email protected]
- Address: Cointract UAB, Draugystės g. 17-1, LT-51229 Kaunas, Lithuania
You also have the right to contact our supervisory authority directly:
- Lithuanian State Data Protection Inspectorate (VDAI)
- Address: L. Sapiegos g. 17, LT-10312 Vilnius, Lithuania
- Website: https://vdai.lrv.lt/en
- Email: [email protected]
