workia.dev

GDPR Compliance

Effective date: January 1, 2026

Workia.dev is committed to full compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This page provides a clear overview of how we fulfil our obligations as a data controller, the legal bases we rely on to process your data, your rights as a data subject, and how to exercise those rights.

1. Data Controller

The data controller responsible for your personal data processed through the Workia.dev platform is:

Workia.dev

Registered in France

Data Protection Contact: privacy@workia.dev

As data controller, we determine the purposes and means of processing your personal data. For certain processing activities where third-party service providers act on our behalf (such as Stripe for payment processing or Supabase for database hosting), those parties act as data processors under a formal Data Processing Agreement (DPA).

2. Legal Basis for Processing

We process your personal data only where we have a valid legal basis under Article 6 of the GDPR. The legal bases we rely on are:

Performance of a Contract (Art. 6(1)(b))

We process your name, email, payment information, and project data to provide the Workia.dev platform services you have requested — including account management, project matching, escrow payments, and messaging.

Legitimate Interests (Art. 6(1)(f))

We process usage data, log files, and security information to operate, maintain, and improve the Platform, detect fraud and abuse, and ensure the safety of our users. We have conducted Legitimate Interests Assessments (LIAs) for these activities.

Legal Obligation (Art. 6(1)(c))

We retain transaction records and related financial data to comply with applicable tax laws, accounting requirements, and anti-money laundering regulations.

Consent (Art. 6(1)(a))

Where we send marketing communications, place non-essential cookies, or process data for analytics purposes, we rely on your freely given, specific, and informed consent. You may withdraw consent at any time without affecting the lawfulness of prior processing.

3. Your Rights as a Data Subject

The GDPR grants you the following rights with respect to your personal data. We are committed to honouring these rights promptly and without undue burden.

Right of Access (Art. 15)

You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of that data along with information about how it is processed.

Right to Rectification (Art. 16)

You have the right to have inaccurate personal data corrected and incomplete personal data completed without undue delay.

Right to Erasure (Art. 17)

You have the right to request the deletion of your personal data where it is no longer necessary, where consent is withdrawn, or where processing is unlawful. This right may be limited where we are required to retain data by law.

Right to Data Portability (Art. 20)

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object (Art. 21)

You have the right to object at any time to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease processing immediately.

Right to Restrict Processing (Art. 18)

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or have objected to processing pending verification of our legitimate grounds.

4. International Data Transfers

Workia.dev primarily stores and processes personal data within the European Union. Our primary database infrastructure is hosted on EU-region servers via Supabase.

Some of our third-party service providers may process data outside the EU/EEA. In such cases, we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Transfers to countries with an EU adequacy decision.
  • Binding Corporate Rules (BCRs) where applicable.

You may request a copy of the relevant safeguards we have in place for international transfers by contacting privacy@workia.dev.

5. How to Exercise Your Rights

To exercise any of your GDPR rights, please send a written request to our Data Privacy team. We will respond within 30 calendar days of receipt. In complex cases, we may extend this period by a further two months, in which case we will notify you within the initial 30-day period.

Submit a data rights request:

Email: privacy@workia.dev

Please include your full name, the email address associated with your account, and a clear description of the right you wish to exercise. We may need to verify your identity before processing your request.

If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority. For users in France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL).

6. Data Processing Agreements & DPA Contact

If your organisation processes personal data through Workia.dev and requires a formal Data Processing Agreement (DPA) — for example, because you use Workia.dev as part of your own data processing activities or under an Enterprise arrangement — please contact us to request a DPA.

We have existing DPAs in place with all sub-processors we use, including Stripe (payment processing) and Supabase (database and authentication). A list of current sub-processors is available upon request.

DPA & Sub-processor Enquiries

Email: privacy@workia.dev

Please use the subject line "DPA Request" and include your organisation name and a brief description of your use case.

For a full overview of how we handle your data, please read our Privacy Policy. For general legal questions, see our Terms of Service.