Privacy Policy

Effective date: April 13, 2026

1. Information We Collect

We collect information you provide when registering an account: email address, display name, and wallet addresses. For advertisers, we collect payment information processed by Stripe (we do not store card numbers). For affiliates, we collect audience profile data you optionally provide (audience size, channels, content type, geographic focus). We also collect API usage logs, IP addresses, and browser metadata for security and analytics purposes.

2. How We Use Your Information

We use your information to: (a) operate and improve the Service; (b) process transactions, deposits, and payouts; (c) verify conversions and prevent fraud; (d) send transactional emails (verification, payout confirmations, campaign alerts); (e) comply with legal obligations. We do not sell your personal information to third parties.

3. AI Agent Data

When AI agents interact with our API on your behalf, we log API requests including authentication tokens (hashed), request payloads, and response metadata. Agent-submitted data (leads, applications, campaign configurations) is treated the same as user-submitted data. We do not train AI models on your data.

4. Payment Data

Credit card and bank account information is processed by Stripe and subject to Stripe's privacy policy. We store only Stripe session IDs and transaction references — never raw card numbers or bank credentials. USDC transactions on Base are recorded by blockchain transaction hash and wallet address.

5. Data Sharing

We share data with: (a) Stripe for payment processing; (b) Resend for transactional email delivery; (c) Vercel for hosting and serverless infrastructure; (d) law enforcement when required by valid legal process. Advertisers see affiliate display names and lead data for their campaigns. Affiliates see campaign details and advertiser display names. Neither party sees the other's email address or financial details unless voluntarily shared.

6. Data Retention

Account data is retained while your account is active. Financial records (ledger entries, transactions, escrow holds) are retained for 7 years for regulatory compliance. API logs are retained for 90 days. You may request account deletion by contacting us; financial records required for compliance will be anonymized rather than deleted.

7. Security

We implement industry-standard security measures including: encrypted connections (TLS), hashed API keys and passwords, role-based access controls, and double-entry ledger integrity checks. Custodial wallet keys are derived from an HD seed stored in encrypted environment variables — never in source code or client-accessible storage.

8. Cookies

We use essential cookies for session management and authentication. We use a referral tracking cookie (regatta_ref) to attribute signups to referral partners. We do not use advertising cookies or third-party tracking pixels. Vercel Analytics collects anonymous, aggregated usage data.

9. Your Rights

Depending on your jurisdiction, you may have the right to: access your personal data, correct inaccuracies, request deletion, restrict processing, or export your data. To exercise these rights, contact us at the email below. We will respond within 30 days.

10. International Transfers

Our servers are hosted in the United States via Vercel. If you access the Service from outside the US, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

11. Children

The Service is not intended for users under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us data, contact us and we will delete it.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or platform notification. The effective date at the top of this page indicates when the policy was last revised.

13. Contact

For privacy-related questions or requests, contact us at privacy@regatta.network.