Privacy Policy

Last updated: August 2021

Fiverr International Ltd. and its affiliates (including Fiverr Inc.) (“Fiverr” or “we”) takes privacy very seriously. This Privacy Policy describes our policies and procedures regarding the collection, use and disclosure of your information in connection with Your use of AND CO’s Services, Website, and App (“AND.CO”). When You use the Services, You are consenting to the collection, transfer, manipulation, storage, disclosure and other uses of Your information as described in this Privacy Policy. We encourage You to read this privacy policy (“Policy”) carefully. It will help You make informed decisions about sharing Your Personal Information with us.

The defined terms in this Privacy Policy, if not defined herein, shall have the same meaning as in AND.CO’s Terms of Service, available at https://www.and.co/terms (the “Terms of Service,” and together with the Privacy Policy, the “Terms”), which You should read together with this Privacy Policy before accessing or using the Services. By accessing and using our Services, You acknowledge you have read the terms of this Privacy Policy. You should review our Privacy Policy regularly to keep informed of any updates.

We collect Your Personal Information:

AND.CO is a platform for online back office service designed for freelancers and small businesses, including online accounting and finance management application and services, simple contract and document template services, and professional referral services. The information we gather enables us to personalize, improve and continue to operate the Services. In connection with certain aspects of the Services, we may request, collect and/or display some of your Personal Information. “Personal Information” is information about an identifiable individual, and may include information such as the individual’s name, email address, telephone number, bank account details, taxation details, and accounting and financial information.

We receive information about You from various sources, including without limitation: (i) if You register for the Services, through Your user account (your “Account”); (ii) Your use of the Services, Website, and App generally; and (iii) from third party websites and services.

We may collect Personal Information directly from You when You:

  • register to use the Services through Your user account (your “Account”),
  • use the Services,
  • post to the AND.CO Community forum or on our blog,
  • contact the AND.CO support team, and/or
  • visit our Website or App.

You can always choose not to provide us Your Personal Information, but it may mean that we are unable to provide You with the Services.

Note that we do not collect your payment information, such as bank account or credit card number, credit card type and expiration date, and other such information (“Financial Payment Information”). When You register for your Account or pay Your invoices, Your Financial Payment Information is collected and stored by our Payment Processor. Currently, our’s Payment Processor for payments for use of the Services is Stripe (https://stripe.com), We Pay (https://go.wepay.com/), and Paypal (https://www.paypal.com/us/home). If you use Stripe, Wepay, or Paypal you agree to the terms of service of each service (located at https://stripe.com/payment-terms/legal, https://www.paypal.com/us/webapps/mpp/ua/useragreement-full, and https://go.wepay.com/terms-of-service-us/) and privacy policy (located at https://stripe.com/us/privacy, https://www.paypal.com/en/webapps/mpp/ua/privacy-full, and https://go.wepay.com/privacy-policy/).

We may receive Personal Information from You about others:

Through Your use of the Services, we may also collect information from You about someone else. If You provide us with Personal Information about someone else, You warrant and represent that You are authorized to disclose that information to us and that we may collect, use and disclose such information for the purposes described in this Privacy Policy.

This means that You must take reasonable steps to ensure the individual concerned is aware of and/or consents to the various matters detailed in this Privacy Policy, including the fact that their Personal Information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual's right to obtain access to that information, our identity, and how to contact us.

Where requested to do so by us, You must also assist us with any requests by the individual to access or update the Personal Information You have collected from them and entered into the Services.

We collect, hold, and use Your Personal Information for limited purposes:

We collects Your Personal Information so that we can provide You with the Services. In doing so, we may use the Personal Information we have collected from You for purposes related to the Services, including but not limited to:

  • verify Your identity and secure your account,
  • administer the Services,
  • notify You of new or changed services offered in relation to the Services,
  • carry out marketing or training relating to the Services,
  • assist with the resolution of technical support issues or other issues relating to the Services,
  • comply with applicable rules, laws and regulations, and
  • communicate with You.

The information we gather also enables us to personalize, improve and continue to operate the Services.

We will only use Your Personal Information for the purposes described in this Policy or in accordance with Your express consent.

We may aggregate Your non-personally identifiable data:

By using the Services, You agree that we may access, aggregate and use non-personally identifiable data we have collected from You (“Non-Personal Information”). We may share Non-Personal information with our partners, service providers and other persons with whom we conduct business (“Business Partners”). Non-Personal information includes information that is (i) not Personal Information or (ii) derived from Personal Information but has been anonymized so that it is no longer personally identifiable. We use and share this type of data so that we and our Business Partners can understand how and how often people use our and their services or websites, which facilitates improving our Services, their services and how our Services interface with their services. In addition, these Business Partners may share with us non-private, aggregated or otherwise Non-Personal Information about You that they have independently developed or acquired.

We may use Non-Personal Information to:

  • assist us to better understand how our customers are using the Services,
  • provide our customers with further information regarding the uses and benefits of the Services,
  • enhance freelancer’s productivity, including by creating useful business insights from that aggregated data and allowing You to benchmark Your business’ performance against that aggregated data, and
  • otherwise to improve the Services.

Our Servers:

All data, including Personal and Non-Personal Information, that is entered into the Services by You, or automatically imported on Your instruction, is transferred to our servers as a function of transmission across the Internet. By using the Services, You consent to Your Personal Information being transferred to our servers as set out in this Privacy Policy.

Steps We Take to protect your Personal Information:

We are committed to protecting the security of Your Personal Information and we take reasonable, industry-standard precautions to protect it from unauthorized access, modification or disclosure. Your Personal Information is stored on secure servers and all data transferred between You and the Services is encrypted. However, the Internet is not in itself a secure environment and we cannot give an absolute assurance that Your Personal Information will be secure at all times. Transmission of Personal Information over the Internet is at Your own risk and You should only input, or instruct the inputting of, Personal Information to the Services within a secure environment. You are responsible for preventing unauthorized access to Your account and Personal Information, including, for example, by protecting Your account credentials and limiting access to devices on which You access the Services.

We will advise You as soon as reasonably possible, in accordance with applicable laws, upon discovering or being advised of a security breach where Your Personal Information is lost, stolen, accessed, used, disclosed, copied, modified, or disposed of by any unauthorized persons or in any unauthorized manner.

Where We Store Your Personal Data

Some of the personal information you provide to us will be stored or processed on our behalf by third party suppliers and data processors and may be located in other jurisdictions, such as the United States and Israel, whose laws may differ from the jurisdiction in which you live. There are also transfers of personal information from the European Economic Area (“EEA”) to countries not deemed to provide an adequate level of data protection from a European data protection perspective. For example, we transfer your personal information to the United States for which an adequacy decision by the European Commission does not exist. With regard to data transfers to such recipients outside of the EEA we provide safeguards, in particular, by way of entering into European Union (EU) standard contractual clauses as amended from time to time, and/or equivalent data transfer mechanism. We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this Policy.

We only disclose Your Personal Information in limited circumstances:

We will only disclose the Personal Information You have provided to us to entities outside the Fiverr group of companies if it is necessary and appropriate to facilitate the purpose for which Your Personal Information was collected pursuant to this Privacy Policy, including the provision of the Services. We will not otherwise disclose Your Personal Information to a third party unless You have provided Your express consent. However, notwithstanding the foregoing, we do reserve the right to access, read, preserve, and disclose any information as we reasonably believe is necessary to (i) satisfy any applicable law, regulation, legal process or governmental request; (ii) enforce this Privacy Policy and our Terms of Service, including investigation of potential violations hereof; (iii) detect, prevent, or otherwise address fraud, security or technical issues; (iv) respond to user support requests or (v) protect our rights, property or safety, our users and the public. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention. Where possible and appropriate, we will notify You if we are required by law to disclose Your Personal Information.

We may employ and contract with people and other entities that perform certain tasks on our behalf and who are under our control (our “Agents”). We may need to share Personal Information with our Agents in order to provide the Services to You. Unless we tell you differently, our Agents do not have any right to use Personal Information or other information we share with them beyond what is necessary to assist us. You hereby consent to our sharing of Your Personal Information with our Agents.

Finally, We may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use Your Personal Information as set forth in this policy.

Updating and Accessing Your Personal Information:

It is Your responsibility to ensure that the Personal Information You provide to us is accurate, complete and up-to-date. We also take steps to ensure that the personal information we collect is accurate and up to date, and we provide you with the opportunity to update personal information related to you through your account profile settings. In the event that you believe personal information related to you is in any way incorrect or inaccurate, please let us know immediately. We will make sure we investigate the matter and correct any inaccuracies as quickly as possible where necessary or give you ways to update it quickly or to delete it - unless we have to keep that information for legitimate business or legal purposes. If for any reason, you have a problem with deleting personal information related to you, please contact us and we will make reasonable efforts to delete any such information pursuant to applicable laws.

You may request access to the Personal Information we hold about You, or request that we update or correct any Personal Information we hold about You, by setting out Your request in writing and sending it to us at [email protected] We will process Your request as soon as reasonably practicable, provided we are not otherwise prevented from doing so on legal grounds. If we are unable to meet Your request, we will let you know why. In some circumstances, it may be necessary for us to seek to arrange access to Your Personal Information through a mutually agreed intermediary (for example, the Subscriber).

Data Retention

We’ll only keep Your Personal Information for as long as we require it for the purposes of providing You with the Services. However, we may also be required to keep some of Your Personal Information for specified periods of time, for example under certain laws relating to corporations, money laundering, and financial reporting legislation.

Please note that deletion of your account will not include deletion of content made public by you, which will remain viewable in cached and archived pages.

Minors Under the Age of 18

Our Service is not intended for minors under 18 years of age. We do not knowingly collect personal information from children under 13. Parents and guardians should at all times supervise their children's activities. If we learn we have collected or received personal information from minors under 18, we will delete that personal information. If you believe we might have any information from or about a child under 13, please contact us at [email protected]

Rights of Users Under EU Regulation

This section of the Policy applies to you if you are in the EU.

Where we process personal data related to you as a data controller, the processing is based on the following lawful grounds:

  • All processing of personal data related to you which are not based on the lawful grounds indicated below, are based on your consent.
  • We process your account, payment details and other personal data to perform the contract with you.
  • We will process personal data related to you to comply with a legal obligation or regulatory obligation that we have (e.g. fraud prevention) and to protect your and others' vital interests.
  • We will further rely on our legitimate interests, which we believe are not overridden by your fundamental rights and freedoms For example, for the purpose of cybersecurity, fraud detection and misuse of the services, customer relations, service operations and communication with you.

Under applicable EU regulation you have the following rights in respect of your personal data:

  • to obtain information about how and on what basis your personal data is processed and to obtain a copy;
  • to rectify inaccurate personal data;
  • to erase your personal data in limited circumstances where (a) you believe that it is no longer necessary for us to hold your personal data; (b) we are processing your personal data on the basis of legitimate interests and you object to such processing, and we cannot demonstrate an overriding legitimate ground for the processing; (c) where you have provided your personal data to us with your consent and you wish to withdraw your consent and there is no other ground under which we can process your personal data; and (d) where you believe the personal data we hold about you is being unlawfully processed by us;
  • to restrict processing of your personal data where: (a) the accuracy of the personal data is contested; (b) the processing is unlawful but you object to the erasure of the personal data; (c) we no longer require the personal data for the purposes for which it was collected, but it is required for the establishment, exercise or defense of a legal claim or (d) you have objected to us processing your personal data based on our legitimate interests and we are considering your objection;
  • to object to decisions which are based solely on automated processing or profiling;
  • where you have provided your personal data to us with your consent, to ask us for a copy of this data in a structured, machine-readable format and to ask us to share (port) this data to another data controller; or
  • to obtain a copy of or access to safeguards under which your personal data is transferred outside of the EEA by contacting us at [email protected]

Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, or where personal data are processed for direct marketing purposes to the processing of your personal data by us and we can be required to no longer process your personal data.

In addition to the above, you have the right to lodge a complaint with a supervisory authority for data protection.

Please note that the some of the above-mentioned rights do not constitute absolute rights. We may not be required to comply with your request to exercise these rights where an exception under applicable law applies.

To exercise your rights please contact us at [email protected] We will ask you for additional data to confirm your identity and for security purposes, before disclosing data requested by you. We reserve the right to charge a fee where permitted by law. We will decline to process requests that jeopardize the privacy of others, are extremely impractical, or would cause us to take any action that is not permissible under applicable laws. Additionally, as permitted by applicable laws, we will retain where necessary certain personal data for a limited period of time for record-keeping, accounting and fraud prevention purposes.

A summary and further details about your rights under EU data protection laws, is available on the EU Commission's website at: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en. Where we process personal data as part of the Service, as a data processor of our subscribers, we are committed to assist our data controllers to fulfill the above mentioned EU rights.

Specific Provisions for California Residents: 

This section applies solely to users of our Service who reside in the State of California.

In the preceding twelve (12) months we have collected the following categories of personal information:

  • Information that you chose to upload or otherwise provided by you, which may include:
    • Identifiers and personal information, such as name, postal addresses, online identifiers, email addresses, passport number or driving license number, social security number;
    • Characteristics of protected classifications, such as gender; facial image; audio, electronic or similar information;
    • Professional or employment-related information;
    • Education information;
    • Commercial information;
    • Audio or other sensory information.
  • Information that we collect when you use the Site, including:
    • Identifiers and personal information, such as online identifiers, internet protocol (IP) addresses, access device and connection information such as browser type, version, and time zone setting and browser plug-in types and versions.
    • Commercial information, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
    • Internet or other electronic network activity information, including, but not limited to log-in and log-out time, the duration of sessions, the content uploaded and downloaded, viewed web-pages or specific content on web-pages, activity measures.
    • Location information.
  • Information that we collect or receive from third parties, such as service providers, advertisers, and third-party accounts, including:
    • Identifiers and personal information, such as name, postal addresses, online identifiers, demographic information, email addresses, online identifiers, internet protocol (IP) addresses, access device and connection information such as browser type, version, and time zone setting and browser plug-in types and versions;
    • Protected classes of information, such as certain demographic information;
    • Professional or employment-related information;
    • Internet or other electronic network activity information, including, but not limited to log-in and log-out time, the duration of sessions, the content uploaded and downloaded, viewed web-pages or specific content on web-pages, activity measures; and
    • Location information
  • Inferences drawn from any of the information identified above to create a profile about you.

We use the personal information that we collect or receive for the business purposes as described above under the Section titled “We collect, hold, and use Your Personal Information for limited purposes” of this Policy. We may disclose the above listed categories of personal information to third parties for business purposes as described above under the section titled “You are responsible for transfer of Your data to third-party applications” in this Policy. In the preceding twelve (12) months, we have disclosed all the categories of personal information detailed above for business purposes.

In the preceding twelve (12) months, we have not sold personal information.

You are entitled to the following specific rights under the California Consumer Privacy Act (‘CCPA’) in relation to personal information:

  • You have the right to request that we will disclose certain information to you about our collection and use of personal information related to you over the past 12 months. After verifying your request, we will disclose to you:
    • The categories of personal information we collected about you;
    • The categories of sources for the personal information we collected about you;
    • The purpose for collecting and using that personal information;
    • The categories of personal information that we disclosed for a business purpose, and the categories of third parties to whom we disclosed that particular category of personal information;
    • The specific pieces of personal information that we collected about you;
    • If we disclosed personal information related to you for a business purpose,the categories of personal information we have disclosed.
  • You have a right to request that we delete personal information related to you that we collected from you under certain circumstances and exceptions.
  • You also have a right not to be discriminated against for exercising your rights under the CCPA.
  • You also have a right to submit your request via an authorized agent. Should you choose to do so, we may request proof of your authorization.
  • To make such requests, we kindly ask that you contact us at [email protected]

We will verify your request using the information associated with your account.

A request for access can be made by you only twice within a 12-months period. Any disclosures that we provide will only cover the 12-months period preceding receipt of your request.

Use of Cookies:

In providing the Services, we utilizes "cookies." A cookie is a small text file that is stored on Your computer for record-keeping purposes. A cookie does not identify You personally or contain any other information about You but it does identify Your computer.

We and some of our affiliates and third-party service providers may use a combination of “persistent cookies” (cookies that remain on Your hard drive for an extended period of time) and “session ID cookies” (cookies that expire when You close Your browser) on the Website to, for example, track overall site usage, and track and report on Your use and interaction with ad impressions and ad services.

You can set your browser to notify You when You receive a cookie so that You will have an opportunity to either accept or reject it in each instance. However, You should note that refusing cookies may have a negative impact on the functionality and usability of the Website.

You can do this trough the browser settings page of your the browser you use.The following links may assist you in managing your cookies settings, or you can use the 'help' option in your internet browser for more details:

You can prevent Google Analytics from collecting and using data about you by downloading and installing the browser plug-in available here. This creates an opt-out cookie that prevents the processing of your data. For more information about Google Analytics cookies, please see Google's help pages and privacy policy.

Find more information about deleting or controlling cookies at www.aboutcookies.org. (Note that this website is a third-party website. Therefore, we cannot ensure its accuracy, completeness or availability).

You can opt-out of any email communications:

We send billing information, product information, Services updates and Services notifications to You via email. Our emails will contain clear and obvious instructions describing how You can choose to be removed from any mailing list not essential to the Services. We will remove You at Your request. Please read the applicable unsubscribe instructions carefully. Please note that requesting to be removed from one mailing list may not result in Your being removed from all mailing lists to which You are subscribed. You may need to send separate requests to be removed from each specific mailing list to which You are subscribed.

You are responsible for transfer of Your data to third-party applications:

The Services may allow You, the Subscriber, or another Invited User within the relevant subscription to the Services to transfer data, including Your Personal Information, electronically to and from third-party websites, services and applications. This Privacy Policy does not apply to the practices of such third parties that we do not own or control. While we attempt to facilitate access only to those third-party websites, services, and applications that share our respect for your privacy, we have no control over, and take no responsibility for, the privacy practices or content of these websites, services, and applications. You are responsible for checking the privacy policy of any such applications so that You can be informed of how they will handle Your Personal Information.

Privacy complaints process:

If You have any questions or concerns regarding privacy in connection with the Services, Website, or App, or wish to complain about how we have handled Your Personal Information, please provide our team with full details and any supporting documentation:

We will endeavor to:

  • provide an initial response to Your query or complaint within 10 business days, and
  • investigate and attempt to resolve Your query or complaint within 30 business days or such longer period as is necessary and notified to you by our Privacy Officer.

This policy may be updated from time to time:

We may amend this Privacy Policy from time to time. The use of information we collect now is subject to the Privacy Policy in effect at the time such information is collected. If we make changes in the way we collect or use information, we will notify You by posting an announcement on the Services or sending You an email. A user is bound by any changes to the Privacy Policy when he or she uses the Services after such changes have been first posted.