OIR35J

outsideir35jobs.com

Privacy policy

Last updated 21 June 2026

This privacy policy explains how outsideir35jobs.com (“we”, “us”, “our”), a service operated by Chewy Bytes Limited (company number 16443347, registered at 71-75 Shelton Street, London, WC2H 9JQ), collects, uses and protects your personal data. Chewy Bytes Limited is the data controller.

We are committed to keeping your data safe and to being honest about what we do with it. If you have any questions, contact us at hello@chewybytes.com.

Who this applies to

This policy covers contractors (job seekers), people who post or hire for contracts, and visitors to the site.

What we collect

  • Account details — your name and email address when you sign in (via Google), and the role you choose at onboarding.
  • Contractor profile — information you choose to provide, including your limited company details (company name, registration number, VAT number) and uploaded documents (CV, certificate of incorporation, insurance certificates, right-to-work evidence).
  • Information extracted from your CV — when you upload a CV we use AI to extract a structured summary of your skills and experience to help match you to contracts. We extract professional competency only and do not extract identity details such as your name, address or phone number from the CV.
  • Job postings — the content you submit if you post a contract.
  • Technical data — basic logs and error reports needed to run and secure the service.

How we use it, and our lawful basis

Under UK GDPR we rely on the following lawful bases:

  • Performance of a contract — to provide your account, your profile, document storage, and job-matching features you ask for.
  • Legitimate interests — to operate, secure and improve the platform, and to surface relevant contracts to you. We balance this against your rights.
  • Legal obligation — where we must keep or disclose data to comply with the law.
  • Consent — where we ask for it; you can withdraw consent at any time.

Verification of company and tax details

When you add a limited company, we check the details you provide against official public registers: Companies House (to confirm the company is registered and active) and, where available, HMRC’s “Check a UK VAT number” service (to confirm a VAT registration). We record only the result of these checks (for example, “verified” and the date). We never assert a role’s IR35 status — only the end client can determine that.

Where your data is stored and who processes it

We use trusted service providers (processors) to run the platform. Your data may be processed by:

  • Neon (PostgreSQL database) and Vercel (hosting) — core application data; servers in the United States.
  • Cloudflare R2 — secure, private storage for your uploaded documents (CV, certificates). These are never publicly accessible; they are served only to you via short-lived, signed links.
  • Anthropic and OpenAI — AI processing to extract your CV profile and to power semantic search and matching.
  • Companies House and HMRC — to verify company and VAT details you provide.
  • Google — sign-in.

Some of these providers are based outside the UK. Where data is transferred internationally, it is protected by appropriate safeguards as required by UK GDPR. Data is encrypted in transit (HTTPS/TLS) and at rest.

How long we keep it

We keep your account and profile data for as long as your account is active. If you close your account or ask us to delete your data, we remove your personal data and uploaded documents, except where we must keep certain records to comply with the law.

Your rights

Under UK GDPR you have the right to:

  • access the personal data we hold about you;
  • ask us to correct inaccurate data;
  • ask us to delete your data;
  • restrict or object to certain processing;
  • request a copy of your data in a portable format;
  • withdraw consent where we rely on it.

To exercise any of these, email hello@chewybytes.com. You also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk.

Security

We protect your data with encryption in transit and at rest, private storage for documents, access controls, and monitoring. No system is perfectly secure, but we work to keep your data safe and will notify the relevant authorities and affected users of any breach as required by law.

Changes to this policy

We may update this policy from time to time. We will update the “last updated” date above when we do.