Privacy Policy

Last updated: February 2026

Work References is committed to protecting your privacy. This policy explains what data we collect, why we collect it, and your rights in relation to that data.

1. Data Controller

The Work References Foundation ("we", "us", "our"), a Charitable Incorporated Organisation, is the data controller for personal data processed through workreferences.org. If you have questions about how we handle your data, contact us at contact form.

2. What Data We Collect

We collect the following categories of personal data:

  • Account data: your email address and associated company domain name.
  • Cryptographic keys: an encrypted private key (AES-256-GCM), stored so that only you can decrypt it with your password. We never have access to your unencrypted private key.
  • Reference content: candidate names, job titles, employment dates, and reference text that you create and sign.
  • Session data: a session token stored in an HTTP-only cookie to keep you signed in.
  • Usage data: basic server logs including IP addresses and request timestamps, retained for security and debugging purposes.

3. How We Use Your Data

We process your data for the following purposes:

  • Account management: to create and maintain your account, and to authenticate you when you sign in.
  • Signing references: to generate cryptographically signed employment references on your behalf.
  • Verification: to allow third parties to verify the authenticity of references using public keys published in DNS.
  • Transactional emails: to send you sign-in links (magic links) and account notifications.

4. Legal Basis for Processing

We rely on the following legal bases under UK GDPR:

  • Contractual necessity: processing your account and reference data is necessary to provide the Work References service.
  • Consent: you provide your email address voluntarily when creating an account.
  • Legitimate interest: server logging for security, fraud prevention, and service reliability.

5. Data Storage and Retention

Your data is stored in a PostgreSQL database hosted by Neon (EU region). The application is hosted on Vercel. We retain your data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are legally required to retain it.

Signed references are designed to be permanent records. Once a reference has been issued and shared, the signature and public verification data remain available. You can revoke references by removing the corresponding DNS TXT record from your domain.

6. Third-Party Processors

We share data with the following third-party processors, all of whom are bound by data processing agreements:

  • Neon (neon.tech): database hosting. Stores account data, encrypted keys, and reference content.
  • Vercel (vercel.com): application hosting and serverless functions. Processes requests and serves the application.
  • Resend (resend.com): transactional email delivery. Receives your email address to send sign-in links.
  • PostHog (posthog.com): website analytics (EU region). Collects usage data only with your consent.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: ask us to correct any inaccurate data.
  • Erasure: ask us to delete your account and associated data.
  • Data portability: receive your data in a structured, machine-readable format.
  • Object: object to processing based on legitimate interest.
  • Restriction: ask us to restrict processing in certain circumstances.

To exercise any of these rights, email us at contact form. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

8.1 Essential Cookies

We use a single, strictly necessary cookie to maintain your authenticated session. This cookie is HTTP-only, secure in production, and contains no tracking information. No consent is required for this cookie as it is essential to the functioning of the service.

8.2 Analytics

We use PostHog (EU-hosted) for website analytics to understand how visitors use Work References and to improve the service. PostHog is only activated if you explicitly opt in via our cookie consent banner. Until you consent, no analytics data is collected.

When enabled, PostHog collects anonymised usage data such as pages visited, referral source, browser type, and general location (country level). We do not use advertising cookies or any other third-party tracking. PostHog stores data using localStorage rather than cookies.

8.3 Managing Your Preferences

You can change your analytics preference at any time by clicking "Cookie Settings" in the website footer. Your preference is stored in your browser's localStorage under the key cookie-consent. Clearing your browser data will reset your preference, and you will see the consent banner again on your next visit.

9. Security

Work References uses a zero-knowledge architecture. Your private signing key is encrypted with AES-256-GCM before it leaves your browser, using a key derived from your password via PBKDF2. We never see or store your unencrypted private key or password. All references are signed with Ed25519, and verification relies on public keys published in DNS TXT records that you control.

10. Changes to This Policy

We may update this policy from time to time. If we make significant changes, we will notify you by email or by placing a notice on the site. The "last updated" date at the top of this page indicates when the policy was last revised.

11. Contact

For any questions about this privacy policy or our data practices, contact us at contact form.