At GratifID, your privacy is paramount. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.
Our commitment: We will never sell your personal data. Period. Your information is used solely to provide and improve the GratifID Service.
1. Information We Collect
1.1 Information You Provide
Account Information:
- Full name
- Email address
- Phone number
- Mailing address (for device shipping)
- Date of birth (for age verification)
- Profile photo (optional)
Payment Information:
- Bank account details (for receiving payouts)
- Payment processor information (Stripe account)
- Tax identification information (as required by law)
Professional Information:
- Job title and workplace (optional)
- Industry and work schedule (for analytics)
- Custom tip page preferences
1.2 Information Collected Automatically
Transaction Data:
- Tip amounts and timestamps
- Device used (which NFC tag)
- Transaction location (if available)
- Payout history
Usage Data:
- Pages visited and features used
- Time spent on the Service
- Device information (type, OS, browser)
- IP address and approximate location
- Referral source (how you found us)
Device Data:
- NFC device serial numbers
- Device activation dates
- Device usage patterns
1.3 Information from Third Parties
- Stripe: Payment processing data and compliance information
- Analytics Providers: Aggregated usage statistics
- Fraud Prevention: Identity verification data
2. How We Use Your Information
2.1 To Provide the Service
- Process and facilitate tip transactions
- Manage your account and authenticate your identity
- Process payouts to your designated account
- Send transaction notifications
- Provide customer support
- Ship NFC devices to you
2.2 To Improve the Service
- Analyze usage patterns and trends
- Develop new features and products
- Troubleshoot technical issues
- Conduct research and testing
- Personalize your experience
2.3 For Security and Compliance
- Prevent fraud and abuse
- Verify your identity
- Comply with legal obligations (tax reporting, AML, KYC)
- Enforce our Terms of Service
- Protect our rights and property
2.4 For Communication
- Send important Service updates
- Respond to your inquiries
- Send promotional emails (with your consent)
- Request feedback and reviews
3. Information Sharing
We do NOT sell your personal information. We share your information only in these limited circumstances:
3.1 Service Providers
We share information with trusted third parties who help us operate the Service:
- Stripe: Payment processing and compliance
- Cloud Hosting: Data storage and infrastructure (AWS, Google Cloud)
- Analytics: Usage analysis (anonymized data)
- Customer Support: Help desk tools
- Shipping: Device fulfillment partners
These partners are contractually obligated to protect your data and use it only for the services they provide to us.
3.2 Legal Requirements
We may disclose your information if required by law, such as:
- Compliance with subpoenas or court orders
- Cooperation with law enforcement
- Protection of our legal rights
- Prevention of fraud or illegal activity
3.3 Business Transfers
If GratifID is acquired, merged, or undergoes a business transfer, your information may be transferred to the new entity. You will be notified of any such change.
3.4 With Your Consent
We may share information for other purposes with your explicit consent.
4. Data Security
We take data security seriously and implement industry-standard measures to protect your information:
4.1 Technical Safeguards
- Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
- Secure Servers: Data stored in SOC 2 certified data centers
- Access Controls: Role-based access with multi-factor authentication
- Regular Audits: Security assessments and penetration testing
- Monitoring: 24/7 security monitoring and threat detection
4.2 Organizational Safeguards
- Employee background checks and security training
- Strict data access policies
- Incident response procedures
- Regular security awareness training
4.3 Payment Security
We never store your full bank account or credit card details. Payment information is handled by Stripe, which is PCI-DSS Level 1 certified (the highest security standard in the payments industry).
4.4 Your Responsibility
You play a role in security too:
- Use a strong, unique password
- Enable two-factor authentication
- Never share your login credentials
- Report suspicious activity immediately
5. Data Retention
How long we keep your data:
5.1 Account Data
- Active accounts: Retained as long as your account is active
- Closed accounts: Retained for 7 years (for tax and legal compliance)
- Transaction records: Retained for 7 years (IRS requirement)
5.2 Usage Data
- Analytics data: Anonymized after 2 years
- Log files: Deleted after 90 days
- Support tickets: Retained for 3 years
5.3 Marketing Data
- Deleted within 30 days of unsubscribing
- Anonymized for aggregate analysis
6. Your Rights
You have control over your personal information. Depending on your location, you may have the following rights:
6.1 Access
You can access your personal information anytime through your account dashboard or by contacting us.
6.2 Correction
You can update your account information directly in your dashboard. Contact us for help with corrections.
6.3 Deletion
You can request deletion of your account and personal data. Note that we must retain certain information for legal compliance (e.g., tax records for 7 years).
6.4 Portability
You can request a copy of your data in a machine-readable format.
6.5 Opt-Out
- Marketing emails: Unsubscribe via the link in any email
- Analytics cookies: Adjust your browser settings
- Push notifications: Disable in your device settings
6.6 Object
You can object to certain data processing activities (e.g., direct marketing).
6.7 Complain
You have the right to lodge a complaint with your local data protection authority if you believe we've violated your privacy rights.
To exercise these rights, contact us at: privacy@grafitid.com
7. Cookies and Tracking Technologies
7.1 What We Use
Essential Cookies:
- Authentication and security
- Session management
- Load balancing
Analytics Cookies:
- Google Analytics (anonymized IP)
- Usage statistics
- Performance monitoring
Marketing Cookies (with consent):
- Ad conversion tracking
- Retargeting pixels
7.2 Your Choices
You can control cookies through:
- Browser settings (block or delete cookies)
- Opt-out tools (Network Advertising Initiative, Digital Advertising Alliance)
- Our cookie consent banner (manage preferences)
Note: Disabling essential cookies may affect Service functionality.
8. Third-Party Services
GratifID integrates with third-party services. Each has their own privacy policy:
8.1 Payment Processing
Stripe: Handles all payment processing. Review their Privacy Policy.
8.2 Analytics
Google Analytics: Tracks usage with anonymized IPs. Review their Privacy Policy.
8.3 Social Media
If you connect via social login (Google, Apple), those platforms may share basic profile information with us. We don't post on your behalf without permission.
We are not responsible for third-party privacy practices. Please review their policies independently.
9. Children's Privacy
GratifID is not intended for children under 18. We do not knowingly collect information from children. If you're under 18:
- You may use GratifID only with parental consent
- Your parent/guardian must create the account
- We may verify parental consent
If we discover we've collected information from a child without proper consent, we'll delete it immediately.
Parents: If you believe your child has created an account without your permission, contact us immediately at privacy@grafitid.com.
10. International Users
10.1 Data Transfers
GratifID is based in the United States. If you're accessing the Service from outside the US, your information will be transferred to, stored in, and processed in the US.
10.2 EU/UK Users (GDPR)
If you're in the EU or UK, you have additional rights under GDPR:
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to automated decision-making
We process your data based on:
- Contract: To provide the Service you signed up for
- Legitimate Interest: To improve and secure the Service
- Consent: For marketing communications
- Legal Obligation: Tax and regulatory compliance
10.3 California Users (CCPA)
California residents have specific rights:
- Know what personal information we collect
- Know whether we sell or share personal information (we don't)
- Access your personal information
- Delete your personal information (with exceptions)
- Non-discrimination for exercising your rights
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect:
- Changes to our practices
- New features or services
- Legal or regulatory requirements
- Technological advances
When we update this policy:
- We'll update the "Last Updated" date
- We'll notify you via email or in-app notification
- Material changes will require your consent
- Continued use constitutes acceptance
We encourage you to review this policy periodically.
12. Contact Us
Questions, concerns, or requests about your privacy? We're here to help.
Response time: We aim to respond to all privacy inquiries within 30 days.
Data Protection Officer (EU users): dpo@grafitid.com