Privacy Policy

Last updated: March 28, 2026

1. Introduction

Lancr ("we", "our", "us") is a third-party application that integrates with the Freelancer.com platform via its official API. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our service.

By using Lancr, you consent to the practices described in this policy. If you do not agree, please do not use our service.

2. Information We Collect

2.1 Information from Freelancer.com

When you connect your Freelancer.com account via OAuth, we access the following data through the Freelancer API:

  • Your public profile information (username, display name, avatar, country)
  • Your skills and reputation data (rating, review count)
  • Active project listings (publicly available project data)
  • Your bid history and bid statuses

We only request the minimum API scopes required to provide our service:basic,fln_project_search,fln_bid_management, andfln_messaging.

2.2 Information You Provide

  • Filter preferences (budget ranges, skill preferences, project types)
  • AI settings (writing tone, proposal templates, custom instructions)
  • Proposals you write or edit before submission

2.3 Automatically Collected Data

  • Session cookies for authentication (HTTP-only, secure)
  • Basic request logs for debugging and security monitoring

3. How We Use Your Information

We use your data exclusively to provide and improve Lancr's features:

  • Project matching: Scoring and filtering projects based on your skills and preferences
  • AI proposal drafting: Generating personalized proposal drafts for your review
  • Bid submission: Submitting bids to Freelancer.com on your behalf, only when you explicitly approve
  • Analytics: Showing you bidding performance metrics (win rate, earnings, trends)
  • Notifications: Alerting you to new matching projects and bid status changes

We never submit bids automatically. All bid submissions require your explicit review and approval.

4. Data Storage and Security

4.1 OAuth Token Storage

Your Freelancer.com OAuth access and refresh tokens are encrypted at rest using AES-256-GCM encryption before being stored in our database. We never store your Freelancer.com password.

4.2 Database

All data is stored in a PostgreSQL database. We store the minimum data necessary to provide the service. Project data from Freelancer.com is cached temporarily for matching and scoring purposes.

4.3 Security Measures

  • Encrypted token storage (AES-256-GCM)
  • HTTP-only secure session cookies
  • HTTPS-only communication
  • Rate limiting to prevent abuse
  • CORS restrictions to authorized origins only

5. Third-Party Services

5.1 Freelancer.com API

We interact with Freelancer.com through their official REST API. Your use of Lancr is also subject to Freelancer.com's Privacy Policy and their Terms of Service.

5.2 AI / LLM Provider

We use OpenAI's API to generate proposal drafts. When generating proposals, we send project details (publicly available data) and your profile context to OpenAI. We do not send your OAuth tokens, passwords, or financial information to any AI provider. OpenAI's data usage is governed by their privacy policy.

6. Data Sharing

We do not sell, rent, or share your personal data with any third parties, except:

  • Freelancer.com API (to fetch projects and submit bids on your behalf)
  • OpenAI API (to generate proposal drafts, using only public project data)
  • If required by law or legal process

7. Your Rights

You have the right to:

  • Disconnect: Revoke Lancr's access to your Freelancer.com account at any time via the app settings or directly through Freelancer.com's OAuth settings
  • Delete: Request deletion of all your data stored in our system
  • Access: Request a copy of the personal data we hold about you
  • Correct: Update your preferences and settings at any time

When you disconnect your account, we revoke the OAuth token with Freelancer.com and clear your session.

8. Data Retention

We retain your data for as long as your account is connected. When you disconnect:

  • OAuth tokens are immediately revoked and deleted
  • Session data is cleared
  • Cached project data is periodically cleaned up

Bid history and analytics data may be retained for up to 30 days after disconnection for your convenience if you reconnect. After 30 days, all data is permanently deleted.

9. Cookies

We use a single HTTP-only session cookie (session_id) for authentication. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

10. Children's Privacy

Lancr is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact

If you have any questions about this Privacy Policy or your data, please contact us at:

support@lancr.tech