refr.you
refr.you Invite Only ยท Private Beta

Privacy Policy

Company: Rebar Technology Ltd (Company Number: 16877600)
Data protection registration number: TBC
Last updated: January 2026

1. Important information and who we are

Welcome to Rebar Technology's Privacy and Data Protection Policy ("Privacy Policy"). Rebar Technology Ltd ("Rebar", "we", "us", or "our") is committed to protecting and respecting your privacy and personal data in compliance with the UK GDPR, the Data Protection Act 2018, and other applicable UK laws and regulations.

This Privacy Policy explains how we collect, process, and keep your data safe, your privacy rights, and how the law protects you. The individuals from which we may gather and use data include customers, users, and any other people that the organisation has a relationship with or may need to contact.

This Privacy Policy applies to all our employees and staff members and all personal data processed at any time by us.

1.2 Data controller and data protection officer

Rebar Technology is your Data Controller and is responsible for your personal data. We have appointed a Data Protection Officer (DPO) to oversee questions in relation to this Privacy Policy.

Name: George Balfour
Email: support@refr.you

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

1.3 Processing data on behalf of a controller

In discharging our responsibilities as a Data Controller, we have employees who will deal with your data on our behalf (known as "Processors"). The Data Controller and our Processors have the following responsibilities:

  • Ensure processing is governed by one of the legal bases laid out in the GDPR.
  • Ensure Processors are bound by confidentiality obligations.
  • Implement appropriate technical and organisational measures for security.
  • Obtain authorisation before engaging another Processor.
  • Assist with data subject rights requests.
  • Make information available to demonstrate GDPR compliance.
  • Maintain records of processing activities.
  • Cooperate with supervisory authorities when requested.
  • Designate a DPO where required and communicate details to regulators.
  • Ensure personnel only process data on controller instructions.
  • Notify the controller without undue delay after a personal data breach.

2. Legal basis for data collection

2.1 Types of data and scope

"Personal Data" means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store, and transfer the following kinds of personal data:

  • Profile/Identity Data: first name, last name, date of birth, gender, profile picture, companies and roles.
  • Contact Data: phone number, addresses, email addresses.
  • Marketing and Communications Data: preferences for marketing information.
  • Reference Data: references received and given.
  • Technical Data: IP address, browser type/version, time zone, location, OS, platform.
  • Customer Support Data: feedback and survey responses.
  • Usage Data: information about how you use our website and services.

We also collect, use, and share Aggregated Data such as anonymised skills data for peer groups and benchmarks. Aggregated Data could be derived from your Personal Data but is not considered Personal Data in law. If we combine Aggregated Data with Personal Data so it can identify you, we treat it as Personal Data.

We do not collect Special Categories of Personal Data (e.g., race, religion, health, genetics, biometrics), nor criminal convictions or offences.

2.2 The legal basis for collecting data

We rely on the following legal bases under the GDPR:

  • Consent: e.g., opting in to marketing communications.
  • Contractual obligations: to provide the service you requested.
  • Legal compliance: where required by law.
  • Legitimate interest: where needed to run our business without overriding your rights.

3. How we use your personal data

3.1 Our data uses

  • Managing your account and profile: Profile/Identity, Contact, Marketing and Communications, Usage Data. Legal basis: Consent, Contractual Obligations, Legal Compliance, Legitimate Interest.
  • Connecting and aggregating your data: Profile/Identity, Contact, Reference Data. Legal basis: Contractual Obligations, Explicit Consent.
  • Providing core services: Profile/Identity, Reference Data. Legal basis: Contractual Obligations.
  • Communicating with you: Profile/Identity, Contact, Marketing and Communications, Technical and Other Data. Legal basis: Consent, Contractual Obligations, Legitimate Interest.
  • Security and legal compliance: Profile/Identity, Contact, Technical Data. Legal basis: Legal Compliance, Legitimate Interest.
  • Customer support: Contact and Customer Support Data. Legal basis: Legitimate Interest.
  • Improving services (analytics): Technical and Usage Data. Legal basis: Legitimate Interest.

3.2 Marketing and content updates

You will receive marketing and new content communications if you have created an account and opted in. We may send essential service-related communications and, with an opt-out, marketing to existing customers about similar services.

3.3 Change of purpose

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another compatible reason. If we need to use it for an unrelated purpose, we will notify you and explain the legal basis for doing so. We may process Personal Data without your knowledge or consent where this is required or permitted by law.

4. Your rights and how you are protected

4.1 Your legal rights

  • Right to be informed about how we process your data.
  • Right of access to the data we hold about you.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure in certain circumstances.
  • Right to object to processing in certain circumstances.
  • Right to restrict processing in certain circumstances.
  • Right to data portability where applicable.

To make a request, contact support@refr.you.

4.2 Your control over your account

You may delete your account at any time, which removes your account page from our systems. You can access your account information by logging in. Please protect your password and sign off after use.

4.3 How we protect personal data

  • On-device encryption and minimal data footprint.
  • Encryption in transit between your device and our systems.
  • Biometric authentication for an added layer of access security.
  • UK-based deployment for backend systems.
  • Role-based access controls with multi-factor authentication.
  • Audit trails to track access and changes to data.
  • Encryption at rest within our systems.
  • Automated anomaly and DoS protection.

Personal Data is accessible only to employees with special access rights and confidentiality obligations. If we use subcontractors to store data, we do not relinquish control of your Personal Data or expose it to additional risks. No transmission over the internet is guaranteed to be completely secure; any transmission is at your own risk.

4.4 Opting out of marketing promotions

You can ask us to stop sending marketing messages at any time by unsubscribing or emailing support@refr.you. We will retain other Personal Data provided to us for non-marketing interactions.

4.5 Requesting your data

You will not have to pay a fee to access your Personal Data unless the request is clearly unfounded. We may request specific information to confirm your identity and ensure you have the right to access your Personal Data.

5. Your data and third parties

5.1 Sharing your data with third parties

We may share Personal Data in the event of a change in control or acquisition of all or part of our business or assets, or in connection with licensing of our technology. If we are sold or make a sale or transfer, we may transfer or assign Personal Data to a third party as part of that transaction. The acquiring entity's Privacy Policy may govern the further use of your Personal Data.

We may share Personal Data at any time if required for legal reasons or to enforce our terms or this Privacy Policy.

5.2 Third-party links

This site may include links to third-party websites, plug-ins, and applications. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our site, please read the privacy policy of every website you visit.

6. How long we retain your data

We retain Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for. We may retain data longer in the event of a complaint or if there is a prospect of litigation.

7. Age limit

You must not use Rebar Technology systems and apps unless you are aged 18 or older. If you are under 18 and access our systems by lying about your age, you must immediately stop using them. This website is not intended for children and we do not knowingly collect data relating to children.

8. International transfer of data

Your information may be stored and processed in the UK or other countries where Rebar Technology has facilities. By using our systems and apps, you consent to the transfer of information, including Personal Data, outside the UK.

9. Notification of changes and acceptance

We keep our Privacy Policy under review and will place any updates here. This version is dated 6 January 2026. By using our systems and apps, you consent to the collection and use of data as set out in this Privacy Policy. Continued access or use constitutes acceptance of any modifications.

10. Interpretation

All uses of the word "including" mean "including but not limited to" and examples are not intended to limit the term they illustrate. Email addresses in this policy may be used only for the purpose provided, and unrelated correspondence may be ignored. You are more likely to receive a reply if your request is polite and reasonable and there is not a more obvious way to address your concern.

Our staff are not authorised to contract on behalf of Rebar Technology, waive rights, or make representations. If an email from a Rebar Technology address contradicts this policy, our terms, or an official public announcement, the latter will take precedence. The only exception is genuine correspondence from the Rebar Technology legal team.