Last updated: December 7, 2024

Privacy Policy
on Tpylo

Your privacy is our priority. Learn how we protect your data and give you control over your information.

GDPR Compliant256-bit EncryptionFull TransparencyYour Control
CollectionUsageSharingCookiesYour RightsSecurityChildrenContact

Introduction

Welcome to Tpylo. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our platform. By using Tpylo, you consent to the practices described in this policy. We comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, username, password, and business information for creators.
  • Profile Data: Display name, profile picture, cover image, bio, location, website links, and social media handles.
  • Payment Information: Processed securely by Stripe and PayPal. We store transaction IDs, payment history, and payout preferences only.
  • Content: Posts, messages, comments, products, digital files, and any content you upload or create.
  • Communications: Messages through our chat system (PartyKit), support requests, and feedback.
  • Identity Verification: Government-issued ID information when verifying your account.

1.2 Automatically Collected

  • Device Information: Browser type, OS, device identifiers, screen resolution, language preferences.
  • Usage Data: Pages visited, features used, time spent, click patterns, interaction with content.
  • Log Data: IP addresses, access times, referring URLs, error logs for security purposes.
  • Location: General geographic location from IP address (country/region level only).

1.3 From Third Parties

  • Social Login: Name, email, and profile picture from Google OAuth if you choose to sign in with Google.
  • Payment Providers: Transaction status, payout information, and fraud detection signals from Stripe/PayPal.
  • File Scanning: Hash values of uploaded files shared with VirusTotal for malware detection.

2. How We Use Your Data

  • Provide Services: Create accounts, process memberships, deliver digital products, enable interactions.
  • Process Payments: Facilitate transactions via Stripe/PayPal, calculate fees, manage payouts.
  • Manage Subscriptions: Handle recurring payments, tier access, subscription lifecycle.
  • Badge System: Calculate and display supporter rank badges based on contribution history.
  • Communications: Power real-time chat, community discussions, direct messaging.
  • Platform Safety: Detect fraud, prevent abuse, scan files for malware, enforce Terms of Service.
  • Improve Services: Analyze usage, conduct research, develop new features.
  • Send Notifications: Transactional emails, security alerts, optional marketing communications.
  • Legal Compliance: Respond to legal requests, enforce rights, meet regulatory requirements.

3. Third-Party Services

We share data with trusted service providers who help operate our platform. They are contractually obligated to protect your information.

Stripe

Payment processing for subscriptions and donations.

PayPal

Alternative payment processing and payouts.

Cloudflare R2

Secure cloud storage for files and media.

PartyKit

Real-time messaging infrastructure.

VirusTotal

File scanning for malware detection.

Google OAuth

Authentication for Google sign-in.

Important: We do not sell your personal information to third parties. Data is only shared as necessary to provide our services or as required by law.

4. Cookies & Tracking

Essential Cookies

Required for authentication (Better-Auth sessions), security, and basic functionality. Cannot be disabled.

Preference Cookies

Store your settings like theme (light/dark), language, and notification preferences.

Analytics Cookies

Help us understand how users interact with the platform to improve features.

5. Your Privacy Rights

Under GDPR, CCPA, and other laws, you have the following rights:

Right to Access

Request a copy of your personal data.

Right to Rectification

Correct inaccurate information.

Right to Erasure

Delete your data ("right to be forgotten").

Right to Portability

Export data in machine-readable format.

Right to Object

Object to certain data processing.

Right to Restriction

Limit how we process your data.

To exercise these rights, contact us at privacy@tpylo.com. We respond within 30 days.

6. Data Security

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest.
  • Secure Authentication: Better-Auth sessions with HTTP-only cookies, WebAuthn/Passkey support.
  • Payment Security: PCI-DSS compliant providers (Stripe, PayPal). We never store card numbers.
  • Access Controls: Strict internal policies, all access logged and audited.
  • File Security: Malware scanning before storage, token-based access with expiration.
  • Regular Audits: Security assessments and vulnerability testing.

Breach Notification: We will notify you and relevant authorities within 72 hours of any data breach as required by GDPR.

7. Data Retention

  • Active Accounts: Data retained while your account is active.
  • Deleted Accounts: Personal data removed within 30 days, except where legally required.
  • Transaction Records: Retained for 7 years for tax compliance.
  • System Logs: Retained for 90 days.
  • Backups: May retain data up to 90 days after deletion.

8. Children's Privacy (COPPA)

Tpylo is not intended for children under 13. In compliance with COPPA:

  • • Users must be at least 13 years old to create an account.
  • • Users under 18 may need parental consent in certain jurisdictions.
  • • If we discover data from a child under 13, we will promptly delete it.
  • • Contact us at privacy@tpylo.com if you believe a child has provided data.

9. International Data Transfers

Tpylo operates globally. Your data may be transferred to countries outside your own. When transferring data outside the European Economic Area (EEA), we use Standard Contractual Clauses approved by the European Commission to ensure equivalent protection.

10. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will notify you by email or through a prominent notice on our platform at least 30 days before changes take effect. Your continued use of Tpylo after changes become effective constitutes acceptance of the revised policy.

11. Contact Us

Questions about this Privacy Policy? We're here to help.

Privacy Inquiries

privacy@tpylo.com

General Support

info@Tpylo.com

EU residents may also lodge a complaint with their local data protection authority.