Effective date: 15 March 2025
Indstry (“we”, “us”, “our”) operates a platform connecting creative professionals with opportunities. This privacy policy explains how we collect, use, store, and share your personal data when you use our website, applications, and services (collectively, the “Platform”).
We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We use artificial intelligence to enhance your experience on the Platform. Specifically:
AI processing is performed only with your explicit consent. You can opt in or out of AI processing at any time through your account settings. By default, AI processing is disabled for new accounts.
When you enable AI processing, we generate vector embeddings from:
These embeddings are stored using pgvector in our PostgreSQL database hosted by Neon. They are used exclusively for search relevance and matching purposes within the Platform. Embeddings are deleted when you delete the associated content or disable AI processing.
We share your personal data with the following third-party processors, each acting under a data processing agreement:
| Processor | Purpose |
|---|---|
| OpenAI | AI embedding generation and onboarding assistance |
| Stripe | Payment processing, subscriptions, and billing |
| Clerk | Authentication and identity management |
| ManyChat | WhatsApp notifications (opt-in only) |
| Uploadcare | Image and document hosting and CDN delivery |
| Mux | Video hosting and streaming |
| Sanity | Content management for editorial content and brand assets |
| Resend | Transactional email delivery |
| Loops | Marketing email communications (consent-gated) |
| PostHog | Product analytics (consent-gated) |
| Sentry | Error monitoring and performance tracking |
| Neon | Database hosting (PostgreSQL) |
| Inngest | Background job processing |
| Vercel | Website hosting and edge delivery |
Marketing email contact sync to Loops occurs only when you have given explicit marketing email consent.
Under the UK GDPR, you have the right to:
We use the following cookies:
| Cookie | Type | Duration | Purpose |
|---|---|---|---|
| __clerk_* | Essential | Session | Authentication and session management via Clerk |
| aw_draft_token | Essential | 30 days | Pre-registration identity verification. This cookie stores a securely hashed token that links your pre-registration activity to your account during the onboarding process. It is HttpOnly and cannot be accessed by client-side scripts. |
| ph_* | Analytics | 1 year | PostHog product analytics. Only set after you accept analytics cookies via our consent banner. |
We retain your personal data for the following periods:
| Data Category | Retention Period |
|---|---|
| Account and profile data | Until account deletion, then removed within 30 days |
| Portfolio content and media | Until deleted by user or account deletion |
| Vector embeddings | Until source content is deleted or AI processing is disabled |
| Payment and billing records | 7 years (UK legal requirement for financial records) |
| Application data | Until account deletion or 2 years after job expiry, whichever is sooner |
| Pre-registration lead data | 90 days if not converted to a full account |
| Analytics data | 24 months, then automatically anonymised |
| Error logs and diagnostics | 90 days |
When you delete your account, we initiate a deletion process that removes your personal data, profile content, portfolio items, and associated embeddings. Some data may be retained where required by law (e.g. financial records).
During our onboarding process, we issue a secure token to link your pre-registration activity (such as early access sign-up via WhatsApp) to your eventual account. This token is:
If you have questions about this privacy policy or wish to exercise your data protection rights, please contact us at [email protected].
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data protection rights have been violated.