Case Studies How We Work Blog About Book a call
Legal

Privacy Policy

Last updated: July 2026

This Privacy Policy explains how DOTWRK, UNIPESSOAL, LDA, trading as .wrk ("we", "us", "our"), collects, uses, discloses, and protects personal information when you visit https://dotwrk.com and related pages we operate (the "Website"), when you contact us, when you apply for a role, or when you otherwise interact with us in connection with our B2B technology services.

The Website belongs to DOTWRK, UNIPESSOAL, LDA, which is the data controller for your personal data within the meaning of applicable privacy laws.

We serve business clients and website visitors primarily in Europe, the United Kingdom, the United States, Canada, and other countries in the Americas. We aim to apply practices that reflect major privacy laws in those regions, including the EU General Data Protection Regulation ("GDPR"), the UK GDPR, Portugal's implementation of the GDPR, the Swiss Federal Act on Data Protection ("FADP"), the California Consumer Privacy Act as amended by the CPRA ("CCPA/CPRA"), other US state comprehensive privacy laws, Canada's Personal Information Protection and Electronic Documents Act ("PIPEDA"), and Brazil's Lei Geral de Proteção de Dados ("LGPD"), as well as common industry practice for B2B corporate websites.

This policy should be read together with our Cookie Policy, which describes cookies and similar technologies in detail.

This policy is provided in English. If anything in a translated version conflicts with the English version, the English version prevails unless applicable law requires otherwise.

1. Who we are

.wrk is a distributed technology team providing software development outsourcing, IT staff augmentation, dedicated development teams, AI services, and B2B digital marketing. We have been building products for US and European companies since 2011.

Data controller (legal entity):
DOTWRK, UNIPESSOAL, LDA
Registered office: Rua Doutor Juiz José M. Vidal, 3, 3750-552 União das Freguesias de Trofa, Segadães, Lamas do Vouga, Águeda, Portugal

Business contact address:
Rua Ramalho Ortigão, 104, Sala 15, 4490-678 Póvoa de Varzim, Portugal

Contact:
General and sales inquiries: [email protected]
Career and recruitment inquiries: [email protected]
General contact (also used on earlier versions of the Website): [email protected]
Website: https://dotwrk.com

For privacy-related requests, contact us at [email protected] with the subject line "Privacy request". We will route recruitment-related requests appropriately if you contact the general address.

2. Scope of this policy

This Privacy Policy applies to personal information we process in connection with:

  • browsing the Website (including the homepage, services, industries, case studies, blog, about, how we work, careers, contact, and legal pages);
  • submitting contact or consultation forms on the Website (including forms on the homepage and contact page);
  • submitting career applications through the Website;
  • emailing us directly or contacting us through LinkedIn or other channels we publish;
  • arriving on the Website through redirects from legacy URLs of earlier versions of dotwrk.com or related domains (for example, /privacy-policy, /contact-us, or /cases/…);
  • pre-contract discussions about our services, NDAs, proposals, and client engagements that begin through the Website.

This policy does not cover:

  • third-party websites linked from the Website (for example, LinkedIn, Clutch, or Upwork), which have their own privacy policies;
  • personal information we process solely as a processor or service provider on behalf of a client under a separate contract — in those cases, the client's privacy notice and agreement govern;
  • information about our employees processed under internal HR policies (except where you apply for a role through the Website, which is covered here).

3. Personal information we collect

The information we collect depends on how you interact with us. We collect only what is reasonably necessary for the purposes described in this policy.

3.1 Information you provide directly

Contact and consultation forms. When you request a consultation or contact us through the Website, we may collect:

  • name;
  • work email address;
  • company name;
  • type of help needed (for example, IT outsourcing, staff augmentation, dedicated team, AI services, digital marketing);
  • project or hiring details you choose to share;
  • optional budget range and timeline;
  • optional file attachments (for example, a brief or RFP in PDF, DOC, DOCX, TXT, or ZIP format, up to 10 MB per file).

Career applications. When you apply through the careers page, we may collect:

  • name;
  • email address;
  • position or role of interest;
  • optional message, portfolio links, or other details you include;
  • optional CV or other file attachments (PDF, DOC, DOCX, TXT, or ZIP, up to 10 MB per file);
  • your confirmation that you agree to processing for recruitment purposes in accordance with this Privacy Policy (required checkbox);
  • whether you are open to signing an NDA for client projects (optional checkbox).

Direct communications. If you email us, message us on LinkedIn, or speak with us on a call arranged through the Website, we collect the information you choose to provide (for example, name, contact details, company, role, and the content of your message).

We do not operate user registration, newsletters, or payment checkout on the Website. We do not ask you to provide payment card details through the public Website forms.

3.2 Information collected automatically when you use the Website

When you visit the Website, our infrastructure and service providers may automatically collect technical and usage information, such as:

  • IP address and approximate location derived from it (for example, country or region);
  • browser type and version, device type, operating system, and language settings;
  • pages viewed, links clicked, referral source, and time spent on pages;
  • date and time of access and general interaction data;
  • security-related signals (for example, to detect abuse, bots, or excessive form submissions).

Much of this information is collected through:

  • Server and hosting logs generated when pages and API endpoints are requested;
  • Cloudflare, which provides content delivery, SSL termination, web application firewall, and protection against abuse and DDoS attacks in front of our Website;
  • Google Analytics 4, but only if you have consented to analytics cookies where consent is required — see our Cookie Policy;
  • Strictly necessary storage (for example, to remember your cookie consent choice).

We do not use analytics to capture the text you type into form fields. If you consent to analytics, we may record a technical event when a form is submitted successfully (for example, that a contact or career form submission occurred), without sending the contents of your message to Google Analytics.

3.3 Information from anti-abuse and security measures

To protect the Website and our team from spam and automated abuse, form submissions may be subject to:

  • rate limiting based on IP address (for example, a limited number of submissions per time window);
  • honeypot and timing checks designed to filter bots;
  • optional Cloudflare Turnstile verification, when enabled, which may process interaction signals to distinguish humans from bots.

These measures may involve processing IP addresses and related technical data. We do not use them for advertising profiling.

3.4 Information we do not collect through the Website

  • We do not offer user accounts or logins on the Website.
  • We do not knowingly collect sensitive categories of personal information (such as health data, government ID numbers, or payment card data) through the public Website forms. If you include such information voluntarily in a message or attachment, we will handle it only as needed to respond and will encourage you to share sensitive commercial information under NDA through agreed secure channels.
  • We do not currently use marketing or advertising cookies on the Website (for example, remarketing pixels).

4. How we use personal information

We use personal information for the following purposes:

PurposeExamples
Respond to inquiriesReview your message, reply within our stated timelines, schedule discovery calls, propose engagement models
RecruitmentReview applications, contact candidates, conduct interviews, assess fit for roles
Pre-contract discussionsNDAs, scoping, proposals, and commercial conversations that follow a Website inquiry
Operate and secure the WebsiteHosting, delivery, troubleshooting, abuse prevention, rate limiting, bot protection
Improve the WebsiteUnderstand which pages and calls to action are useful (with consent where required for analytics)
Comply with lawRespond to lawful requests, enforce terms, protect rights and security
Business recordsKeep reasonable records of communications and recruitment activity

We do not sell your personal information. We do not use Website analytics to build advertising profiles for third-party targeted advertising on this Website.

5. Legal bases for processing (EEA, UK, and Switzerland)

Where the GDPR, UK GDPR, or Swiss FADP applies, we rely on the following legal bases depending on the activity:

ActivityLegal basis
Responding to contact forms and sales inquiriesSteps at your request before a contract; and/or our legitimate interests in operating and growing our B2B business
Recruitment and career applicationsSteps at your request before an employment or contractor relationship; your consent where you tick the recruitment checkbox; and/or our legitimate interests in hiring
Strictly necessary Website operation and securityOur legitimate interests in providing a secure, functional Website; and/or legal necessity
Google Analytics 4Your consent, where required — see Cookie Policy
Compliance, fraud prevention, and legal claimsLegal obligation; and/or legitimate interests in protecting our business and users

Where we rely on legitimate interests, you may object as described in Section 12. Where we rely on consent, you may withdraw it at any time without affecting processing that was lawful before withdrawal.

6. How form submissions are handled

When you submit a contact or career form on the Website:

  • Your data is sent securely to our application server over HTTPS.
  • Our server validates the submission (required fields, length limits, anti-abuse checks, and optional Turnstile verification).
  • We deliver the submission to our team by email using our configured mail infrastructure (SMTP). Contact inquiries are routed to [email protected]; career applications to [email protected].
  • File attachments are transmitted as email attachments. Temporary copies on the server are deleted after processing.
  • We may retain the content in our email systems and business records for the periods described in Section 10.

If delivery fails, you will see an error message inviting you to email us directly. We do not guarantee that every submission is stored in a separate customer database — our primary intake channel for Website forms is email to our team.

7. Cookies and similar technologies

We use strictly necessary storage to remember your cookie choices and, with your consent where required, Google Analytics 4 for website measurement. We do not currently use marketing cookies.

For full details — including cookie names, retention, regional rules, and how to change your preferences — see our Cookie Policy and use Cookie settings in the website footer.

8. Who we share personal information with

We share personal information only as described below. We require service providers to protect information and use it only for the purposes we specify.

Recipient / categoryRoleWhy they receive data
Hosting and infrastructure providersProcessors / service providersOperate servers, deliver the Website, store logs
CloudflareProcessor / service providerCDN, security, SSL, WAF, bot and abuse protection
Email provider (SMTP)Processor / service providerDeliver form submissions and business email
Google (Analytics 4)Processor / service provider (when analytics is enabled with consent)Website usage measurement and reporting
Cloudflare TurnstileProcessor / service provider (when enabled)Bot verification on forms
Professional advisersIndependent controllers or processorsLegal, accounting, or compliance advice where needed
AuthoritiesAs required by lawCompliance with legal obligations or valid legal process

We do not sell personal information. We do not "share" personal information for cross-context behavioural advertising as defined under California and similar US state laws through the Website as currently configured.

If we use a subcontractor or change providers, we will continue to apply appropriate contractual and security safeguards.

9. International data transfers

We are a distributed team and use service providers that may process personal information in countries other than your own, including the United States, Portugal, and other countries in Europe and elsewhere.

Where required by law (for example, under the GDPR or UK GDPR), we implement appropriate safeguards for transfers, such as:

  • Standard Contractual Clauses or equivalent mechanisms offered by providers such as Google and Cloudflare;
  • transfer impact assessments and supplementary measures where appropriate;
  • your explicit consent for certain transfers where no other mechanism applies and consent is appropriate.

You may contact us for more information about safeguards relevant to your region.

10. How long we keep personal information

We retain personal information only as long as necessary for the purposes described in this policy, unless a longer period is required or permitted by law.

  • Contact and sales inquiries: typically up to 3 years from last meaningful contact, or longer if an active opportunity, contract, or legal claim requires it.
  • Career applications: typically up to 24 months from receipt for active recruitment, unless you ask us to delete earlier or we need longer retention for legal or hiring pipeline reasons with your renewed consent.
  • Contract and client records: retained in accordance with applicable commercial, tax, and legal requirements when an engagement proceeds.
  • Server and security logs: typically days to months, depending on operational and security needs.
  • Analytics data: governed by Google Analytics settings and our Cookie Policy; aggregated reports may be kept longer for business analysis.
  • Cookie consent records: as described in the Cookie Policy.

When information is no longer needed, we delete or anonymise it where feasible.

11. Security

We implement appropriate technical and organisational measures to protect personal information, including:

  • HTTPS encryption for Website traffic;
  • infrastructure-level protection (firewall, DDoS mitigation, and related controls through Cloudflare and hosting providers);
  • rate limiting and anti-abuse controls on form endpoints;
  • access controls limiting who in our team can read business email and recruitment materials;
  • confidentiality practices aligned with NDA-ready client work.

No method of transmission or storage is completely secure. If you believe your interaction with us is no longer secure, please contact us promptly.

12. Your privacy rights

Depending on where you live, you may have some or all of the rights below. We will verify your request where appropriate and respond within timeframes required by applicable law.

RightWhat it meansHow to exercise it
AccessObtain confirmation and a copy of personal information we hold about youEmail [email protected]
CorrectionRequest correction of inaccurate informationEmail us with details
DeletionRequest deletion where applicableEmail us; some data may be retained where legally required
RestrictionAsk us to limit certain processingEmail us with the reason
ObjectionObject to processing based on legitimate interestsEmail us; we will assess your objection under applicable law
PortabilityReceive certain data in a structured, machine-readable formatEmail us where the right applies
Withdraw consentWithdraw consent for analytics cookies or recruitment consent where consent is the basisCookie settings for analytics; email us for other consent
Opt out of sale/sharing (US)Opt out of sale or certain sharingWe do not sell personal information via the Website; disable analytics via Cookie settings
Non-discriminationExercise rights without discriminatory treatmentWe do not discriminate for exercising privacy rights where prohibited by law
ComplaintLodge a complaint with a supervisory authoritySee Section 13

We may need to retain certain information to comply with law, resolve disputes, or enforce agreements even after a deletion request.

13. Regional information

Laws differ by country. This section summarises how we approach major regions. It is not exhaustive legal advice for every jurisdiction.

13.1 Portugal

DOTWRK, UNIPESSOAL, LDA is established in Portugal. Portuguese law applies to our establishment, and the GDPR applies to our processing of personal data. You may lodge a complaint with the Portuguese supervisory authority, the Comissão Nacional de Proteção de Dados (CNPD): https://www.cnpd.pt.

13.2 European Economic Area (EEA)

For visitors and contacts in the EEA, the GDPR applies. You have the rights listed in Section 12 and may lodge a complaint with your local supervisory authority. A list of EU authorities is available from the European Data Protection Board.

13.3 United Kingdom

For visitors and contacts in the UK, the UK GDPR applies. You may lodge a complaint with the Information Commissioner's Office (ICO): https://ico.org.uk.

13.4 Switzerland

For visitors in Switzerland, the FADP applies. You may contact the Federal Data Protection and Information Commissioner (FDPIC) if you believe we have processed your data unlawfully.

13.5 United States

California (CCPA/CPRA): We provide this notice at or before collection. Categories of personal information we may collect through the Website include identifiers (name, email, IP address), commercial information (inquiry context, budget range if provided), internet or network activity (browsing and analytics with consent), and professional information (company, role, CV content). Sources: you, your browser/device, and our service providers. Purposes: as in Sections 4 and 6. We do not sell personal information. We do not share personal information for cross-context behavioural advertising through the Website as currently configured. California residents may submit requests to know, delete, and correct personal information, and to limit use of sensitive personal information where applicable, by emailing [email protected]. We will verify requests as required. You may use an authorised agent where permitted by law.

Other US states with comprehensive privacy laws (including, as examples, Colorado, Connecticut, Virginia, Utah, Oregon, Texas, Montana, Delaware, Iowa, and others depending on your location): we provide notice at collection and honour applicable rights to access, delete, correct, and opt out of targeted advertising, sale, or certain profiling. Our use of GA4 on this B2B site is for website analytics, not for decisions that produce legal or similarly significant effects solely through automated processing.

If you send a recognised Global Privacy Control (GPC) signal where we are required to honour it for opt-out of sale/sharing, we will process it in line with applicable law and our technical capabilities.

13.6 Canada

For visitors in Canada, PIPEDA and applicable provincial laws may apply. We obtain meaningful consent for non-essential cookies where required. You may contact us to access or challenge our handling of your personal information. You may also contact the Office of the Privacy Commissioner of Canada if you are unsatisfied with our response.

13.7 Brazil and other Americas

For visitors in Brazil, the LGPD may provide rights including confirmation of processing, access, correction, anonymisation, portability, deletion, and information about sharing. Contact us to exercise applicable rights.

For other countries in the Americas, we apply this policy and local law to the extent required. Where local law demands stricter protection, we align our practices accordingly.

14. Recruitment-specific notice

If you apply for a role through the Website:

  • we process your application data to assess your candidacy, communicate with you, and conduct our hiring process;
  • by submitting the form and ticking the required privacy checkbox, you confirm you agree to this processing for recruitment purposes in accordance with this Privacy Policy;
  • if you are not selected, we may retain your application for a limited period for future opportunities unless you ask us to delete it;
  • if you indicate openness to an NDA, that preference is stored with your application but does not by itself create a contractual NDA — separate terms apply when needed.

We do not use automated hiring decisions that produce legal effects solely through algorithms on the Website.

15. Children

The Website is directed at business professionals. We do not knowingly collect personal information from children under 16 (or under 13 where the US Children's Online Privacy Protection Act applies). If you believe a child has provided information through the Website, contact us and we will take appropriate steps to delete it.

16. Third-party links and social media

The Website may link to third-party services such as LinkedIn, Clutch, or Upwork. If you follow those links or interact with us on third-party platforms, those platforms process your data under their own policies. We are not responsible for their practices.

17. Redirects from our previous website

We may redirect visitors from legacy URLs (including /privacy-policy, /contact-us, /cases/…, and other addresses from earlier versions of dotwrk.com) to the current Website using standard HTTP redirects.

Redirects are a routing mechanism and do not by themselves change how we collect personal information on the current Website. When you land on dotwrk.com after a redirect, this Privacy Policy and our Cookie Policy apply. Prior cookie choices on an old page layout are not automatically transferred; you may see our cookie banner again on the current Website.

18. Automated processing and profiling

We do not use Website data to make solely automated decisions about you that produce legal or similarly significant effects. Anti-abuse checks and analytics aggregation are not used for that purpose.

19. Do Not Track and preference signals

There is no uniform industry standard for "Do Not Track" browser signals. We honour applicable legal opt-out mechanisms (such as GPC where required) and provide Cookie settings for analytics. See our Cookie Policy for details.

20. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in our Website, services, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top and post the revised policy on this page. Where required, we will provide additional notice or request fresh consent.

We encourage you to review this policy periodically.

21. Contact us

This Privacy Policy is provided for transparency. It does not constitute legal advice. We recommend periodic review by qualified counsel for your specific jurisdictions, corporate structure, and data flows.