Privacy Policy

• Account info: email, name, username, payout method + handle, social media handles you provide
• Tax info: address, tax ID (collected only when required for 1099 reporting at $600+ in earnings)
• Performance data: clicks, conversions, earnings tied to your unique tracking links
• Device info: IP country, user agent, referrer (when end users click your tracking links)
• Cookies: session cookie for authentication, optional referral cookie if you arrived via someone's invite link

• To attribute conversions and pay you correctly
• To detect fraud (self-conversions, click farms, suspicious patterns)
• To send you product updates, payout receipts, and weekly summaries (you can opt out in Settings)
• To file required tax forms (1099-NEC at $600+)
• To display your opt-in profile in the creator directory if you enable it

We do not sell your data. We do not show ads in the platform.

• Payment processors (PayPal, Venmo, Zelle, Tremendous) — your payout handle and amount, only when sending you money
• Tax authorities — your tax info if a 1099 is required (US only)
• Infrastructure providers (Supabase, Vercel, ClickMagick, Resend) — to run the platform
• Other creators in the directory — only if you opt in via Settings

We do not share your data with the upstream offer networks (FreeCash, etc.) beyond the anonymized tracking sub-id.

• Access: view all your data anytime in Settings + Earnings + Profile
• Correction: edit any field in Settings
• Deletion: close your account and delete your data anytime via Settings → Delete Account. Cascades to remove all personal data within 30 days. Some financial records (paid invoices, tax forms) are retained for 7 years per IRS rules.
• Opt out of email: toggles in Settings → Email Preferences
• Data portability: request a CSV export of your data via chris@ssaff.co

For EU/UK creators: these rights are provided under GDPR. For California creators: under CCPA.

We use a minimal set:

• Session cookie — required for authentication. Without it, you can't stay logged in.
• Referral cookie (gth_ref) — set if you visited via someone's invite link, used to credit them when you sign up. Auto-deleted once you complete signup.
• No tracking cookies, no ad-tech, no third-party analytics that profile you.

We use Supabase (SOC 2 certified) for storage and auth. All traffic is HTTPS. Service-role keys are server-side only. Postback endpoints use shared-secret tokens with rate limiting. We have not had a security incident; if we do, affected users will be notified within 72 hours.

This platform is for users 18+. We do not knowingly collect data from anyone under 18. If you believe a minor has signed up, email us and we'll delete the account immediately.

Privacy questions: chris@ssaff.co