Privacy Policy.

Last updated: May 5, 2026

This Privacy Policy explains how Refery, operated by 10K Ventures ("Refery," "we," "our," or "us"), collects, uses, and protects personal data you provide through our website and intake forms. We aim to be straightforward about what we do with your information.

1. What we collect

When you submit an intake form on our site, we collect the information you provide directly. This includes:

• Full name
• Email address (work email for hiring managers)
• Company name (for hiring managers)
• LinkedIn profile URL (for scouts and recruiters)
• Roles you are hiring for, if you choose to provide them
• Timestamp of your consent to these terms

We also collect limited technical information automatically when you visit the site, such as your IP address and basic browser information, used only for security and to keep the site running.

2. How we use your information

• To evaluate your fit for our network or services
• To match candidates with roles and recruiters with hiring companies
• To communicate with you about opportunities, applications, and updates
• To operate, maintain, and improve our platform
• To comply with legal obligations and protect our rights

3. Legal basis for processing (GDPR)

If you are in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:

• Consent: when you check the box on an intake form, you give us consent to process the data you submit for the purposes described above. You can withdraw consent at any time.
• Legitimate interests: to operate, secure, and improve our platform, and to follow up on inquiries you have initiated, where these interests are not overridden by your rights.
• Legal obligation: where we are required to retain or disclose data to comply with applicable law.

4. How we share your information

We do not sell your personal data. We share information only in the following ways:

• With our network of recruiters, scouts, and client companies as part of the matching process you have asked us to perform
• With service providers who help us operate the platform, such as Supabase for data storage and hosting infrastructure, under contractual confidentiality obligations
• If required by law, court order, or to protect the rights, safety, or property of Refery or others
• In connection with a corporate transaction, such as a merger or acquisition, with appropriate notice

5. Data retention

We retain your information for the duration of our business relationship with you, plus two years, unless you ask us to delete it earlier or a longer period is required by law. Where we no longer need your data, we will securely delete or anonymize it.

6. Your rights

You have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you
• Correction: ask us to correct information that is inaccurate or incomplete
• Deletion: ask us to delete your personal data, subject to legal exceptions
• Portability: request a copy of your data in a portable format
• Withdraw consent: at any time, where processing is based on consent
• Object or restrict: object to or restrict certain processing activities

For users in the European Economic Area or the United Kingdom, you also have the right to lodge a complaint with your local data protection supervisory authority. For users in California, you have additional rights under the California Consumer Privacy Act, including the right to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising.

To exercise any of these rights, email us at hello@refery.io.

7. Cookies and tracking

We use a minimal set of cookies that are necessary for the site to function. We do not use advertising cookies or third-party trackers for behavioral advertising. We may use simple, privacy-respecting analytics to understand site usage in aggregate.

8. International transfers

Refery is based in the United States, and your data may be processed in the US or in other countries where our service providers operate. For users in the European Economic Area or the United Kingdom, where we transfer personal data outside your region, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses to protect your information.

9. Security

We use technical and organizational measures designed to protect your information, including encryption in transit, access controls, and least-privilege practices. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

10. Children

Refery is not directed to children under 18, and we do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the latest version. Material changes will be communicated through the platform or by email.

12. Contact us

For privacy questions or data requests, email hello@refery.io.