Legal

Privacy Policy

Effective date: April 1, 2026
Operated by Workodin LLC, a Delaware limited liability company

Table of Contents

  1. Introduction
  2. Who This Policy Applies To
  3. Data Controller
  4. Definitions
  5. Data We Collect
  6. How We Collect Data
  7. Why We Use Your Data
  8. How We Share Your Data
  9. International Data Transfers
  10. Data Retention
  11. Your Rights
  12. KYC and Identity Verification
  13. Payment Data
  14. Data Security
  15. Children's Privacy
  16. Changes to This Policy
  17. Contact
  18. Jurisdiction-Specific Provisions
  19. Relationship to Companion Documents

1. Introduction

This Privacy Policy explains how Workodin LLC, operating as PayOdin in its capacity as Merchant of Record, collects, uses, stores, shares, and protects personal data. This policy supplements the Subcontractor Agreement and Terms of Service.

2. Who This Policy Applies To

This policy applies to Freelancers and Clients who access or use the Platform.

3. Data Controller

PayOdin is the data controller under GDPR, the Philippines PDPA, Saudi Arabia PDPL, and other applicable laws.

Contact: Workodin LLC, 16192 Coastal Highway, Lewes, Delaware 19958. Email: legal@workodinllc.com.

4. Definitions

As used in this policy: Chargeback means a reversal of a Client payment initiated by a card network or bank. Client means the end customer who pays PayOdin for services delivered by a Freelancer. Delivery Confirmation means the acknowledgment that a Freelancer's services have been received. Freelancer means the individual subcontractor registered on the Platform. GDPR means the EU General Data Protection Regulation. Invoice means the payment request issued by PayOdin in its own name to a Client. KYC means Know Your Customer identity verification. Merchant of Record means PayOdin's role as the legal entity of record on all Invoices and transactions. Personal Data means any information relating to an identified or identifiable natural person. Platform means the PayOdin website, apps, APIs, dashboards, and related services. SCCs means Standard Contractual Clauses approved by the European Commission. Transaction Fee means the fee described in Section 7 of the Terms of Service.

5. Data We Collect

  • Identity and KYC Data: Full legal name, date of birth, nationality, government-issued ID, and proof of address.
  • Contact Data: Email address, phone number, and mailing address.
  • Account Data: Username, hashed password, account preferences, and communication history.
  • Financial Data: Bank account details, payout history, Transaction Fee deductions, Invoice records, and Chargeback history.
  • Transaction Data: Service descriptions, Invoice amounts, Delivery Confirmations, and applicable FX rates.
  • Technical Data: IP address, browser type, device identifiers, and access logs.
  • Communications Data: Platform messages, support tickets, and dispute records.

6. How We Collect Data

We collect data directly from users during account registration and use of the Platform, automatically through Platform systems, from payment processors Stripe and Mercury, and from third-party KYC providers.

7. Why We Use Your Data

We use your data for the following purposes, each supported by an applicable legal basis under GDPR, the Philippines PDPA, and the Saudi Arabia PDPL:

  • Account registration and verification
  • KYC compliance and identity verification
  • Payment processing and Transaction Fee calculation
  • Invoice generation and delivery
  • Chargeback management and dispute resolution
  • Platform communications and support
  • Fraud detection and prevention
  • Compliance with legal and regulatory obligations
  • Platform improvement and development

8. How We Share Your Data

We do not sell your personal data. We do not share your data for advertising purposes. We share your data only with:

  • Stripe — for payment processing
  • Mercury — for payout operations
  • KYC providers — for identity verification
  • Legal and regulatory authorities — where required by law
  • Successors in interest — in connection with a merger, acquisition, or sale of assets

9. International Data Transfers

Data is hosted in the EU. Transfers to Stripe and Mercury in the United States are covered by Standard Contractual Clauses (SCCs) approved by the European Commission. Cross-border transfer requirements under the Philippines PDPA and Saudi Arabia PDPL are specifically addressed in the jurisdiction-specific provisions below.

10. Data Retention

  • KYC Data: Retained for the duration of your account plus 5 years after closure.
  • Financial and Transaction Data: Retained for 7 years after the relevant transaction.
  • Account Data: Retained for the duration of your account plus 2 years after closure.
  • Technical Data: Retained for 12 months.
  • Communications Data: Retained for 3 years.

11. Your Rights

Depending on your jurisdiction, you may have rights regarding your personal data. These include:

Under GDPR: Rights of access, rectification, erasure, restriction of processing, data portability, objection, and the right to lodge a complaint with a supervisory authority.

Under the Philippines PDPA: Rights of access, correction, erasure or blocking, data portability, and the right to be informed and to object.

Under the Saudi Arabia PDPL: Rights of access, correction, erasure, and restriction of processing, and the right to object to processing.

To exercise any of these rights, email legal@workodinllc.com. We will respond within 30 days.

12. KYC and Identity Verification

Identity verification is required before any payout is released. KYC is processed by PayOdin and third-party verification providers. KYC data is used solely for verification and compliance purposes and is never used for marketing.

13. Payment Data

Payment card data is processed by Stripe. No full card numbers are stored by PayOdin (PCI-DSS tokenization is used). Bank account details for payouts are encrypted at rest.

14. Data Security

We implement role-based access controls, encryption in transit and at rest, and continuous logging and monitoring. In the event of a data breach, we will notify the relevant supervisory authorities within 72 hours.

15. Children's Privacy

The Platform is restricted to adults aged 18 and over. We do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a child, we will delete it promptly.

16. Changes to This Policy

We will provide at least 30 days' notice of material changes by email or through the Platform. Your continued use of the Platform after the effective date of an updated policy constitutes acceptance of the changes.

17. Contact

Workodin LLC
16192 Coastal Highway, Lewes, Delaware 19958
Email: legal@workodinllc.com

18. Jurisdiction-Specific Provisions

18.1 GDPR (EU and Balkans)

No automated decision-making with legal or similarly significant effects is applied to your personal data without human review. Transfers to Stripe and Mercury in the United States are governed by Standard Contractual Clauses (SCCs). Article 28 Data Processing Agreements are in place with Stripe and Mercury.

18.2 PDPA (Philippines)

The National Privacy Commission (NPC) serves as the supervisory authority for data subjects in the Philippines. Cross-border transfers are subject to accountability requirements under the PDPA.

18.3 PDPL (Saudi Arabia and MENA)

The Saudi Data and Artificial Intelligence Authority (SDAIA) serves as the supervisory authority for data subjects in Saudi Arabia. Heightened safeguards apply to sensitive personal data under the PDPL.

19. Relationship to Companion Documents

This Privacy Policy is incorporated into the Terms of Service. Where a conflict exists between this policy and the Terms of Service regarding the processing of Personal Data, this Privacy Policy controls.

↑ Back to top