Privacy Policy

1. Information We Collect

1.1 Information You Provide

Account Information:

• Full name
• Email address
• Phone number
• Mailing address (for device shipping)
• Date of birth (for age verification)
• Profile photo (optional)

Payment Information:

• Bank account details (for receiving payouts)
• Payment processor information (Stripe account)
• Tax identification information (as required by law)

Professional Information:

• Job title and workplace (optional)
• Industry and work schedule (for analytics)
• Custom tip page preferences

1.2 Information Collected Automatically

Transaction Data:

• Tip amounts and timestamps
• Device used (which NFC tag)
• Transaction location (if available)
• Payout history

Usage Data:

• Pages visited and features used
• Time spent on the Service
• Device information (type, OS, browser)
• IP address and approximate location
• Referral source (how you found us)

Device Data:

• NFC device serial numbers
• Device activation dates
• Device usage patterns

1.3 Information from Third Parties

• Stripe: Payment processing data and compliance information
• Analytics Providers: Aggregated usage statistics
• Fraud Prevention: Identity verification data

2. How We Use Your Information

We use the information we collect to:

• Provide the Service: Process tips, manage your account, and deliver payouts
• Verify identity: Comply with KYC (Know Your Customer) requirements for payment processing
• Fulfill orders: Ship NFC devices to your address
• Communicate: Send transaction confirmations, support responses, and product updates
• Improve the Service: Analyze usage patterns to enhance features and user experience
• Comply with legal obligations: Meet IRS reporting requirements, fraud prevention, and regulatory compliance
• Protect against fraud: Detect and prevent fraudulent transactions and account misuse

We will not use your information for purposes incompatible with those listed above without your consent.

3. Information Sharing

We never sell your personal information. We share your information only in these limited circumstances:

• Stripe (Payment Processor): Required to process payments and verify your identity for payouts. Stripe's privacy policy governs their use of your data.
• IRS and Tax Authorities: We report tip income as required by law (Form 1099-K for tips over $600/year).
• Service Providers: We work with trusted vendors for email delivery, analytics, and fraud detection. These providers are contractually bound to protect your data.
• Legal Requirements: We may disclose information if required by law, court order, or to protect the rights and safety of GratifID, our users, or the public.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction, with advance notice to you.
• With Your Consent: We may share information for other purposes with your explicit consent.

4. Data Security

We implement industry-standard security measures to protect your information:

• 🔒 Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS
• 🔒 Encryption at rest: Sensitive data is encrypted in our databases
• 🔒 PCI-DSS compliance: Our payment processing meets the highest standards for payment security
• 🔒 Access controls: Employee access to personal data is strictly limited and logged
• 🔒 Regular security audits: We regularly test and update our security practices
• 🔒 Stripe's security: Payment card data is handled entirely by Stripe and never stored on our servers

Despite our efforts, no method of transmission over the internet or electronic storage is 100% secure. We encourage you to use strong passwords and protect your account credentials.

If you believe your account has been compromised, contact us immediately at info@gratifid.com.

5. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

• Active accounts: Data is retained while your account is active
• Financial records: Transaction data and tax records are retained for 7 years as required by IRS regulations
• Deleted accounts: Most personal data is deleted within 90 days of account deletion, except where legal retention is required
• Anonymized analytics: Aggregated, anonymized usage data may be retained indefinitely

6. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request that we correct inaccurate information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Data portability: Request your data in a machine-readable format
• Opt-out of marketing: Unsubscribe from promotional communications at any time
• Restriction: Request that we limit how we use your information

To exercise any of these rights, contact us at info@gratifid.com. We will respond within 30 days.

California Residents (CCPA): You have additional rights under the California Consumer Privacy Act, including the right to know what categories of personal information we collect and share. We do not sell personal information.

European Users (GDPR): If you are in the European Economic Area, you have rights under GDPR including the right to lodge a complaint with your local supervisory authority.

7. Cookies and Tracking

We use cookies and similar tracking technologies to:

• Keep you logged in to your account
• Remember your preferences
• Analyze how users interact with our Service (via Google Analytics)
• Measure the effectiveness of our marketing (via Reddit Pixel, LinkedIn Insight Tag)

Types of cookies we use:

• Essential cookies: Required for the Service to function (cannot be disabled)
• Analytics cookies: Help us understand usage patterns (can be disabled)
• Marketing cookies: Used for advertising measurement (can be disabled)

You can control cookies through your browser settings. Disabling certain cookies may affect Service functionality.

8. Third-Party Services

Our Service integrates with third-party services, each with their own privacy policies:

• Stripe: Payment processing — stripe.com/privacy
• Google Analytics: Usage analytics — policies.google.com/privacy
• Google (Fonts/APIs): Web fonts and services
• LinkedIn: Professional analytics
• Reddit: Advertising measurement

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.

9. Children's Privacy

GratifID is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a minor, please contact us immediately at info@gratifid.com and we will delete it promptly.

10. International Users

GratifID is operated in the United States. If you are located outside the United States, please be aware that your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

By using our Service, you consent to the transfer and processing of your information in the United States as described in this Privacy Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Send a notification to your registered email address
• Display a prominent notice within the GratifID app

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: info@gratifid.com
• Company: GratifID, Inc.
• Website: gratifid.com

We take privacy concerns seriously and will respond to your inquiry within 30 days.