Data Retention Policy

WorkMate — Last updated: April 2026

Overview

WorkMate retains personal data only for as long as necessary for the purposes for which it was collected, or as required by Irish and EU law. This policy sets out the specific retention periods for each category of data we hold. It should be read alongside our Privacy Policy.

1. Account & Profile Data

Active accounts: retained for the duration of your account.
Closed accounts: profile data (name, email, phone, address) is anonymised within 30 days of account closure, unless a legal retention obligation applies.
Legal basis: Contract performance (GDPR Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f)).

2. Financial & Transaction Records

Retention period: 7 years from the date of the transaction or account closure (whichever is later).
This includes payment records, invoices, Stripe transaction references, job fees, platform commission records, and payout history.
Legal basis: Legal obligation (GDPR Art. 6(1)(c)) — required under the Taxes Consolidation Act 1997, the Companies Act 2014, and Revenue Commissioners guidance.
DAC7 reporting data (TIN, date of birth, transaction totals for qualifying providers) is retained for the duration required by the DAC7 Directive (EU Directive 2021/514), a minimum of 10 years from the end of the reporting year.

3. Provider Verification & Documents

Identity, business, and bank-account verification is performed by Stripe Connect during payment setup. WorkMate does not collect, review, or store provider identity documents — Stripe holds and verifies that data.
Trade-document uploads (e.g. Public Liability Insurance) were retired on 20 June 2026. There is no upload form and no document-review workflow; WorkMate does not accept new provider documents.
Legacy documents: a small number of trade documents uploaded before retirement remain in storage (currently two Public Liability Insurance certificates). They no longer contribute to any score or badge and will be deleted in line with our storage-limitation obligations (GDPR Art. 5(1)(e)).
Legal basis: contract performance (GDPR Art. 6(1)(b)) for enabling providers to transact on the platform, and legal obligation (Art. 6(1)(c)) for the identity / KYC / anti-money-laundering verification carried out via Stripe.
Stripe's role:for the identity and KYC/AML data Stripe collects, Stripe acts as a separate, independent data controller in its own right, determining how that data is processed for its own legal and fraud-prevention obligations. See Stripe's Privacy Policy (stripe.com/privacy) and Data Processing Agreement (stripe.com/legal/dpa).

4. Job, Quote & Communication Data

Job posts, quotes, reviews, and in-platform messages are retained for the duration of your account.
After account closure, job and quote records linked to financial transactions are subject to the 7-year financial retention period.
Reviews and ratings are anonymised within 30 days of the reviewer's account closure, unless required for an open dispute or legal proceeding.
Legal basis: Legitimate interests (GDPR Art. 6(1)(f)) — dispute resolution and platform integrity.

5. Support Messages & Security Logs

Support correspondence: retained for up to 3 years to facilitate follow-up and fraud investigation.
Security and audit logs: retained for up to 12 months for platform security and incident response purposes.
Legal basis: Legitimate interests (GDPR Art. 6(1)(f)).

6. Your Rights & How to Contact Us

You have the right to request erasure of your personal data, subject to applicable legal retention obligations. Requests to exercise your data rights can be submitted to:

privacy@workmate.ie. We will respond within 30 days. If you are unsatisfied with our response, you may lodge a complaint with the Data Protection Commission Ireland.

1. Account & Profile Data

Active accounts: retained for the duration of your account.

Closed accounts: profile data (name, email, phone, address) is anonymised within 30 days of account closure, unless a legal retention obligation applies.

Legal basis: Contract performance (GDPR Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f)).

2. Financial & Transaction Records

Retention period: 7 years from the date of the transaction or account closure (whichever is later).

This includes payment records, invoices, Stripe transaction references, job fees, platform commission records, and payout history.

Legal basis: Legal obligation (GDPR Art. 6(1)(c)) — required under the Taxes Consolidation Act 1997, the Companies Act 2014, and Revenue Commissioners guidance.

DAC7 reporting data (TIN, date of birth, transaction totals for qualifying providers) is retained for the duration required by the DAC7 Directive (EU Directive 2021/514), a minimum of 10 years from the end of the reporting year.

3. Provider Verification & Documents

Identity, business, and bank-account verification is performed by Stripe Connect during payment setup. WorkMate does not collect, review, or store provider identity documents — Stripe holds and verifies that data.

Trade-document uploads (e.g. Public Liability Insurance) were retired on 20 June 2026. There is no upload form and no document-review workflow; WorkMate does not accept new provider documents.

Legacy documents: a small number of trade documents uploaded before retirement remain in storage (currently two Public Liability Insurance certificates). They no longer contribute to any score or badge and will be deleted in line with our storage-limitation obligations (GDPR Art. 5(1)(e)).

Legal basis: contract performance (GDPR Art. 6(1)(b)) for enabling providers to transact on the platform, and legal obligation (Art. 6(1)(c)) for the identity / KYC / anti-money-laundering verification carried out via Stripe.

Stripe's role:for the identity and KYC/AML data Stripe collects, Stripe acts as a separate, independent data controller in its own right, determining how that data is processed for its own legal and fraud-prevention obligations. See Stripe's Privacy Policy (stripe.com/privacy) and Data Processing Agreement (stripe.com/legal/dpa).

4. Job, Quote & Communication Data

Job posts, quotes, reviews, and in-platform messages are retained for the duration of your account.

After account closure, job and quote records linked to financial transactions are subject to the 7-year financial retention period.

Reviews and ratings are anonymised within 30 days of the reviewer's account closure, unless required for an open dispute or legal proceeding.

Legal basis: Legitimate interests (GDPR Art. 6(1)(f)) — dispute resolution and platform integrity.

6. Your Rights & How to Contact Us

You have the right to request erasure of your personal data, subject to applicable legal retention obligations. Requests to exercise your data rights can be submitted to:

privacy@workmate.ie. We will respond within 30 days. If you are unsatisfied with our response, you may lodge a complaint with the Data Protection Commission Ireland.