Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Full name
• Email address
• Password (stored as a one-way cryptographic hash — we never store your plaintext password)

1.2 Social Media Account Data (Social Ninja)

When you connect social media accounts through Social Ninja, we collect and store:

• Platform username and display name
• Profile image URL
• Platform user ID
• OAuth access tokens and refresh tokens (encrypted at rest using AES-256 encryption)
• Token expiration timestamps

We use this information solely to publish content to your connected accounts on your behalf. We do not read, analyze, or store your social media feeds, followers, or engagement data beyond what is necessary to display your connected accounts.

1.3 Content You Create

We store content you create through our Service, including:

• Post text and scheduling information (Social Ninja)
• Uploaded media files (images, videos)
• Product configurations and license keys (License Ninja)
• Trading strategy configurations (Strategy Ninja)

1.4 Payment Information

We do not directly collect or store credit card numbers or payment instrument details. All payment processing is handled by our third-party payment processor, who acts as the Merchant of Record. Please refer to their privacy policy for details on how they handle payment information. Bippsi also retains payment, wallet lifecycle, dormancy fee, and disbursement records necessary to administer Bips balances, Creator Earnings payouts, Tremendous mailout orders, tax reporting, fraud prevention, dispute defense, and unclaimed-property compliance.

1.5 Automatically Collected Information

• IP address (logged during license validation requests and for security purposes)
• Browser user agent string
• Pages visited and actions taken within the Service
• Session cookies required for authentication

1.6 Identity Verification Data

Identity-verification vendor. Bippsi uses Authenticate.com (operated by Authenticating.com LLC) as our third-party identity-verification provider. Where the discussion below refers to "the verification provider," it means Authenticate.com or any successor vendor Bippsi may engage and disclose in this Policy.

Your identity data is data you gave us. When you create a verified account, apply for an A.I. Lock monetization slot, or initiate any verification flow described in the Bippsi Terms of Use §1.1 and §10, you enter the following information directly on our forms:

• Full legal name, date of birth, and residential address
• For business verification: legal business name and Federal Employer Identification Number (FEIN)
• For parental-consent flows on minor accounts: the parent or legal guardian's identity information (so the parent can complete their own Verified Person verification first, before the minor's verification fires)

When you initiate verification, we transmit your submitted information to Authenticate.com so they can confirm it against authoritative records (such as government databases and document authentication). During that process, Authenticate.com may also collect:

• A government-issued identification document scan (driver's license, passport, learner's permit, or national ID)
• Biometric data for liveness and face-match (a selfie image, video frames, and liveness-check signal)
• Additional documents or knowledge-based-authentication answers if requested by the verification flow

Biometric notice and consent. Before any biometric or liveness data is captured, Bippsi and/or Authenticate.com will present any legally required biometric notices, consents, releases, and retention disclosures required by applicable biometric privacy laws (including, where applicable, the Illinois Biometric Information Privacy Act and the Texas Capture or Use of Biometric Identifier Act). Capture proceeds only after you have completed any such required acknowledgements.

Authenticate.com collects, processes, and stores these items under their own privacy policy and applicable law. From Authenticate.com, Bippsi receives back:

• The verification outcome (pass / fail / pending / untestable)
• Extracted attributes from your scanned identification document, specifically: your full name as printed on the document, your date of birth, and (where applicable) your scanned residential address. We retain these as authoritative records replacing the values you originally entered into our forms.
• Match scores for name and date of birth
• Risk signals returned by the verification flow (such as liveness assessment outcome and identity-data confidence ratings)
• Confirmation of your "capability tier" status (Verified Person, Verified Business, Verified Age — as defined in the Bippsi Terms of Use §2)

What we store in your account. Bippsi stores the verification outcome and extracted attributes (specifically: your date of birth, capability tier timestamps, and the verification audit log entry) in your account record for as long as your account remains active and the data is reasonably needed for verification, gating, fraud prevention, compliance, or dispute-defense purposes, subject to the retention and anonymization rules in §7. The actual scanned identification documents and biometric artifacts (the selfie image, video frames, and liveness-check data) remain with Authenticate.com under their own data retention practices; Bippsi does not store copies of those source artifacts on our infrastructure.

What we use it for. Bippsi uses your verification outcomes and extracted attributes to:

• Establish your account's capability tier (Verified Person, Verified Business, Verified Age)
• Evaluate access gates configured by Bippsi or by Partners (such as age-gated content or business-only services) — see the Bippsi Terms of Use §10 (Access Gating and Verification)
• Compute the date you reach legal contracting age in your jurisdiction (for the continued-use-acceptance mechanism described in the Bippsi Terms of Use §1.1)
• Validate your eligibility for Stripe Connect onboarding, payouts, and other regulated financial flows
• Detect and respond to fraud, account compromise, or violation of the Terms
• Maintain audit records required for dispute defense, regulatory compliance, and tax reporting

Re-verification. Bippsi may require periodic re-verification (typically a low-cost selfie-match against your previously-verified identity through Authenticate.com) before granting access to high-impact actions, including but not limited to: large Bip purchases, payouts, age-restricted purchases or content, or any action where Bippsi reasonably believes the account holder may have changed since the original verification. See Bippsi Terms of Use §10.4 for the full re-verification framework.

Parental-consent flow data. When a parent or legal guardian completes the parental-consent flow to enable verification of a minor's identity, Bippsi creates a database link between the parent's account and the minor's account (the parent_user_id field on the minor's account). This linkage records the parent-minor relationship and is designed to support Bippsi's verifiable-parental-consent obligations under COPPA, GDPR Article 8, the UK Children's Code, the California Age-Appropriate Design Code, and similar laws. Bippsi stores the parent's confirmed verification status and the explicit consent record (timestamp, IP address, action) as evidence the consent was given. The parent retains the right to revoke consent at any time by contacting Bippsi support; revocation triggers re-evaluation of the minor's account status and may result in access restrictions.

Operator overrides. In operational and testing contexts, Bippsi staff may manually set, reset, or modify verification attributes on accounts through internal administrative tools. Such Operator Overrides are recorded in the verification audit log distinctly from real verifications and do not constitute representations by Bippsi about the actual identity, age, or business status of any user. Operator Overrides are not available to users on request; see Bippsi Terms of Use §10.5 for full scope.

Verification correction and appeal. If you believe your verification outcome is incorrect, you may submit a correction request through our support contact form. We will review the request, may re-run verification at no additional cost to you, and may request supplemental documentation. Final determination rests with Bippsi, but we will use commercially reasonable efforts to resolve correction requests within thirty (30) days. See Bippsi Terms of Use §10.7.

Transmission and storage security. We protect verification outcomes and extracted attributes using administrative, technical, and organizational safeguards appropriate for sensitive identity data, including encryption in transit, restricted access controls, and (where supported by Bippsi systems) audit logging of access to identity attributes for security and audit purposes. Authenticate.com's own data-protection practices are described in their privacy policy (authenticate.com/privacy-policy) and biometric information retention and destruction policy (authenticate.com/biometric-policy).

1.7 Partner Site Content (Agent Initiative)

This Privacy Policy covers personal data you provide to Bippsi as a user. If you enroll a website in the Agent Initiative (A.I. Certified, A.I. Lock, A.I. Key, Partner program), the public-facing content and metadata of that site — including pages, pricing manifests, agents.json, /bippsi-unified.md, priced element configurations, and previews — is your public business data, not personal information about you, and is governed by the Bippsi Terms of Use, not this Privacy Policy.

Under the Bippsi Terms of Use, Bippsi may crawl, cache, embed, index, aggregate, and use your Partner Site's public content and metadata for directory, search, analytics, research, and machine-learning purposes, including training and distribution of models and datasets. See Bippsi Terms of Use §3.5 (Bippsi Platform Rights) and §6 (Intellectual Property) for the complete scope. These rights apply only to content you publish on a Partner Site for agents to access — they do not extend to personal data about you as an account holder, which is governed exclusively by this Privacy Policy.

1.8 Email Engagement Tracking

When Bippsi sends email to your registered email address (such as account notifications, security alerts, billing receipts, password resets, or service updates), Bippsi may record whether you opened the email and whether you clicked any links within it. Specifically, we may capture:

• Whether and when the email was opened (via an embedded tracking pixel that loads from Bippsi's servers when the email is displayed)
• Whether you clicked any links inside the email, and which links (links may pass through a Bippsi click-tracking endpoint before redirecting to the final destination)
• The IP address and user-agent your email client used to load the tracking pixel or click-tracking link (used to confirm engagement and detect automated email scanners)
• Bounce status (delivered / soft bounce / hard bounce / spam complaint) returned by your email provider

We use email-engagement data for:

• Confirming you have received and seen critical account communications
• Marking your account as "active" under the Human-Driven Activity definition in the Bippsi Terms of Use §11.1 (so that engaging with our emails counts as keeping your account active and prevents inactivity-based anonymization)
• Detecting bounces and unsubscribing your address from further sends in compliance with applicable bulk-sender laws (such as CAN-SPAM in the United States) and major mailbox-provider deliverability requirements
• Improving the deliverability of our transactional and notification emails

We do not use email-engagement data for advertising profiling or targeted marketing. Email-engagement records are retained alongside your account record subject to the retention rules in §7. Except where applicable law requires consent or opt-out rights, engagement tracking on critical transactional emails (security, billing, terms-update notifications) is part of the Service and is not separately opt-outable, because we use it to confirm receipt of essential communications and to maintain your account's active status under the Human-Driven Activity framework. You may unsubscribe from optional product or marketing emails at any time using the unsubscribe link in those emails.

EU and UK users. Where required by applicable law, including UK and EU ePrivacy rules (such as PECR in the UK and the ePrivacy Directive in the EU), Bippsi will obtain consent before using email open pixels for engagement tracking, or will disable pixel-based open tracking for users in those jurisdictions. Critical transactional emails may still include security or delivery logging necessary to provide the Service.

1.9 Access Gate Evaluations and Audit Log

Bippsi operates a centralized access-control system — the "Gate Engine," defined in the Bippsi Terms of Use §10. When you attempt to access certain Bippsi products, services, content, or features, the Gate Engine evaluates your account attributes (such as Verified Person status, Verified Business status, Verified Age, country, account history, and similar) against the gate requirements configured for that resource. Every such evaluation produces an audit log entry containing:

• Your account ID (or null if you are unauthenticated)
• The resource you attempted to access (its type and identifier — for example, "monetization_slot" with a slot ID, or "crypto_product" with a product ID)
• The evaluation result (allow / deny)
• If denied: which gates you failed, so we can show you a remediation path (such as "Verify your age" or "Complete business verification")
• Timestamp of the evaluation

We use Gate Engine audit logs to:

• Show you contextual upgrade prompts when you are denied access ("To access this content, you need to: Verify your age (18+)")
• Detect attempted access patterns indicative of fraud or account compromise
• Debug verification or access-control issues at your or your Partners' request
• Generate aggregate, de-identified statistics about gate effectiveness and product reach

Gate audit logs are retained subject to the retention rules in §7. Aggregate, de-identified statistics derived from the audit log may be retained longer for product analytics.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Authenticate your identity and manage your account
• Establish and update your account's capability tier (Verified Person, Verified Business, Verified Age) using outcomes from Authenticate.com
• Evaluate access gates configured by Bippsi or Partners under the Gate Engine framework (see §1.9 and the Bippsi Terms of Use §10)
• Publish social media content on your behalf to your connected accounts (when you use Social Ninja)
• Process subscription billing and payment processing through Stripe
• Validate software licenses on behalf of License Ninja users
• Process Stripe Connect onboarding, transfers, and payouts for Verified Business or Verified Person creators
• Send important account notifications (security alerts, billing issues, service changes, Terms or Privacy Policy updates)
• Track email-engagement signals to confirm receipt of critical communications and to mark your account as active under the Human-Driven Activity framework (see §1.8 and Bippsi Terms of Use §11.1)
• Respond to your support requests
• Detect and prevent fraud, abuse, account compromise, or security incidents
• Compute the date you reach legal contracting age in your jurisdiction and apply the continued-use-acceptance mechanism described in the Bippsi Terms of Use §1.1
• Apply the inactivity-based account anonymization process described in §7 and in the Bippsi Terms of Use §11
• Maintain audit records required for dispute defense, regulatory compliance, and tax reporting

We do not sell, rent, or trade your personal information to third parties. We do not use your data for advertising profiling or targeted marketing.

3. Data Storage and Security

3.1 Storage

Your data is stored on secure servers hosted by our infrastructure provider in the United States. All data is stored in encrypted databases where applicable.

3.2 Encryption

• Social media tokens are encrypted at rest using AES-256-CBC encryption with unique keys
• Passwords are hashed using bcrypt with a cost factor of 12
• All connections to our Service use TLS/HTTPS encryption in transit

3.3 Access Controls

Access to user data is restricted to authorized personnel only. All data queries are scoped to the authenticated user — users cannot access other users' data.

4. Data Sharing

We share your information only in the following circumstances:

• Social Media Platforms: When you use Social Ninja to publish content, we transmit your post content and media to the platforms you have selected (e.g., Bluesky, X/Twitter, Facebook, Instagram). This is the core function of the Service and happens only at your direction.
• Payment Processor (Stripe): We share necessary billing information (name, email, address, and where applicable for Stripe Connect: tax ID / business identifiers) with Stripe, Inc. to manage your subscription, process transactions, and execute payouts via Stripe Connect. Stripe's data handling is governed by their own privacy policy at stripe.com/privacy.
• Identity Verification Provider (Authenticate.com): When you initiate identity, business, or age verification, we transmit your name, date of birth, address, government ID data, FEIN (for business accounts), and related information to Authenticate.com (operated by Authenticating.com LLC). Authenticate.com may process and store this data in the United States and other jurisdictions where they operate verification infrastructure. We do not share your verification source data (scanned ID documents, biometric/liveness data) with any other party. See §1.6 for the full scope of data shared and what we receive back.
• Hosting Infrastructure (Hetzner): Our hosting provider Hetzner Online GmbH (Germany / United States) stores and serves all platform data. Data at rest is encrypted; access is restricted to Bippsi operations.
• Email Infrastructure: Outbound email is sent through Bippsi-operated mail infrastructure. Inbound bounce / engagement tracking may be processed through Bippsi's internal mail systems or, where applicable for deliverability analytics, through Postmark (for DMARC report aggregation only — no personal email content is shared with Postmark).
• Cloudflare: Cloudflare provides DNS, edge caching, bot-protection (Turnstile), and limited traffic analytics for our platform. Cloudflare may collect technical metadata about your visit (IP address, request headers, geographic region inferred from IP) as part of operating the edge layer. Cloudflare's data handling is governed by their own privacy policy.
• Legal Requirements: We may disclose your information if required by law, subpoena, court order, or governmental regulation.
• Safety: We may disclose information if we believe it is necessary to prevent harm, fraud, or violations of our Terms of Service.

We do not use third-party analytics, advertising networks, or tracking pixels (except the email-engagement pixel described in §1.8 on Bippsi-operated emails). We do not share your personal information with data brokers, and we do not sell or share personal information for cross-context behavioral advertising as those terms are used under California privacy law.

5. Cookies

We use only essential cookies required for the Service to function:

• Session Cookie: Maintains your authenticated session. This cookie is deleted when you close your browser or log out. It contains no personal information — only a random session identifier.
• CSRF Token: Protects against cross-site request forgery attacks on form submissions.

We do not use advertising cookies, tracking cookies, or third-party cookies. Because we only use strictly necessary cookies, no cookie consent banner is required under GDPR.

6. Your Rights

6.1 All Users

Regardless of your location, you have the right to:

• Access: View all personal data we hold about you
• Correction: Update or correct inaccurate personal data through your Account settings
• Deletion: Request deletion of your account and all associated data
• Export: Download a copy of your data in a machine-readable format

6.2 European Economic Area (EEA) — GDPR

If you are located in the EEA, you have additional rights under the General Data Protection Regulation:

• Legal Basis: We process your data based on (a) your consent when you create an account, (b) contractual necessity to provide the Service, and (c) our legitimate interest in maintaining security and preventing fraud.
• Right to Restrict Processing: You may request we limit how we process your data.
• Right to Object: You may object to processing based on our legitimate interests.
• Right to Data Portability: You may request your data in a structured, commonly used, machine-readable format (JSON).
• Right to Withdraw Consent: You may withdraw consent at any time by deleting your account.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority.

6.3 California Residents — CCPA/CPRA

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

• Right to Know: You may request what personal information we collect, use, and disclose.
• Right to Delete: You may request deletion of your personal information.
• Right to Opt-Out of Sale: We do not sell your personal information. No action is needed.
• Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

6.4 Exercising Your Rights

To exercise any of the rights listed above:

• Use the Account settings page in your dashboard to update your profile, export your data, or delete your account.
• Contact us at help@bippsi.com for any privacy-related requests.

We will respond to all requests within 30 days. We may ask you to verify your identity before processing a deletion or data export request.

7. Data Retention

7.1 Active Accounts

We retain your data for as long as your account is active. An account is considered active as long as Human-Driven Activity (as defined in the Bippsi Terms of Use §11.1 and §1.8 of this Policy) occurs on it. Purely automated activity (such as scheduled API calls from agents) does not by itself qualify, though Bippsi may consider it as part of a broader activity assessment.

7.2 Inactive Accounts and Anonymization

If your account has no recorded Human-Driven Activity for a continuous period of three hundred sixty-five (365) days, Bippsi initiates a 90-day warning period during which we send a series of notifications to your registered email address. Each notification includes a one-click "keep my account active" link that resets the inactivity timer.

Accounts with active Stripe-managed subscriptions are never classified as inactive — the recurring subscription itself is treated as ongoing engagement (see Bippsi Terms of Use §11.1 and §11.5). The inactivity countdown only begins if the subscription lapses or is cancelled.

If you are not on a subscription, do not respond to the warning emails, and no other skip condition applies (see Bippsi Terms of Use §11.6 — for example, you have an active monetization slot, a positive creator-earnings balance, or are subject to a legal hold), Bippsi will anonymize your account at the end of the warning period. Anonymization overwrites your account's personal information (name, email, date of birth, profile, contact details, identification data) with placeholder values, randomizes your password so login is permanently disabled (except for the 30-day grace period described in §7.4), and marks the account as deleted in our systems.

7.3 Records Preserved Through Anonymization

Notwithstanding anonymization, Bippsi retains the following categories of records associated with the anonymized account, in minimized or pseudonymized form where feasible, for as long as reasonably necessary or as required by applicable law:

• Financial transaction records (Bip purchases, payouts, transfers, refunds, chargebacks) — typically 7 years per U.S. IRS rules
• Tax-relevant records as required by U.S. IRS rules, state revenue authorities, or analogous foreign regimes
• Audit log entries showing the account's actions at the time those actions occurred
• Signed contracts and acceptance records (including any prior version of the Bippsi Terms of Use or this Privacy Policy that you accepted)
• Identity verification outcome records (which may be retained even after Authenticate.com's source data is purged, as evidence that verification occurred at the time it occurred)
• Wallet lifecycle records, disbursement audit records, dormancy fee logs, Tremendous mailout references, and escheat filing records, which may be preserved with a one-way pseudonym hash after account anonymization
• Records subject to legal holds, regulatory orders, ongoing dispute defense, or active investigation

These preserved records may remain personal data or pseudonymous data under GDPR, CCPA, and analogous laws. They are subject to applicable privacy law and your rights described in §6, with the limitations described in the Bippsi Terms of Use §1.4 and §11.

7.4 Reactivation Grace Period

For thirty (30) days after anonymization, the original email-owner of the account may contact Bippsi support to request resurrection. If support can verify, to its reasonable satisfaction, that the requester is the original account holder, Bippsi will restore the account from its anonymization checkpoint. Reactivation is a one-time-only courtesy per account.

7.5 Irreversible Purge After Grace

After the 30-day reactivation grace period expires, Bippsi will instruct Authenticate.com to purge eligible identification documents and biometric artifacts under their data-purge process, scrub any remaining user-uploaded files (such as profile avatars) from Bippsi storage, and treat the account as permanently deleted for all purposes other than the records preserved under §7.3, except where retention is required or permitted for legal obligations, fraud prevention, dispute defense, regulatory compliance, child-consent evidence, or legal holds.

7.6 Backups

Encrypted backups containing your data may persist for up to 90 days after anonymization before being overwritten. Backup data is not ordinarily restored after deletion or anonymization except in the §7.4 reactivation grace period or in disaster-recovery scenarios. If backup data is restored for disaster recovery, Bippsi will re-apply the relevant deletion or anonymization markers to the restored data as soon as reasonably practicable, so the restored state reflects the §7.2 / §7.5 outcomes.

7.7 User-Initiated Account Deletion

You may request immediate deletion of your account at any time before the inactivity process completes. Self-serve deletion goes through the same anonymize-not-hard-delete process described above, with the same records-preserved categories (§7.3), reactivation grace (§7.4) where permitted by law, and irreversible purge (§7.5). Cancelled subscriptions or terminated accounts that have not been deleted remain accessible until you initiate the deletion request. Where applicable law (such as GDPR Article 17 or CCPA right to delete) requires faster or more complete deletion than the §7.3 preserved-record categories permit, Bippsi will respond to your request as the law requires, subject to the lawful retention exceptions described in §7.3 and the Bippsi Terms of Use §1.4.

8. Children's Privacy

Bippsi does not prohibit minors from using the Service. The Bippsi Terms of Use §1.1 permits sign-up at any age, with specific protections for users below the minimum age at which they may consent to personal-data processing in their jurisdiction (in the United States, this is 13 under COPPA; in the European Union, this is 16 by default under GDPR Article 8, though individual member states may lower this to 13).

If you are below the minimum age at which you may consent to personal-data processing in your jurisdiction, you may not create a Bippsi account yourself. A parent or legal guardian must create or control the account, complete Bippsi's parental-consent flow, and authorize any child profile or child verification before Bippsi collects personal information from you beyond what is permitted for age-screening or consent purposes.

Child data we may collect, and only with verifiable parental consent:

• The child's name and date of birth (only after the parent has completed Verified Person verification of their own identity and authorized collection through the parental-consent flow)
• Account activity attributable to the child's use of the platform (logins, content viewed, interactions with agents)
• If the parent authorizes child identity verification: the same categories described in §1.6 (transmitted to Authenticate.com under the parent's explicit consent)

What we will NOT collect from children pre-consent:

• Identity verification source data (we will not run Authenticate.com flows on a child until the parent has completed their own verification AND explicitly consented)
• Identifying personal information beyond what is permitted by COPPA for age-screening (such as month and year of birth to determine whether a parental-consent flow is required)
• Behavioral tracking, advertising profiles, or marketing targeting (we do not do these for adults and we do not do these for children either)

Limited technical identifiers we may collect pre-consent. Before verifiable parental consent is completed, Bippsi may collect limited technical identifiers from child visitors, such as IP address, user-agent, request and security logs, and short-lived session identifiers. These identifiers are used solely to support internal operations, security, fraud prevention, age-screening, and service delivery (consistent with the "support for internal operations" exception under the U.S. Children's Online Privacy Protection Act). Bippsi does not use these pre-consent identifiers for behavioral advertising, marketing profiles, cross-site tracking, or any purpose outside internal operations and service integrity.

Bippsi positioning — controls on minor access. Bippsi is designed to limit what unverified users can access and what personal information minors can provide before parental consent. Specifically: unverified visitors (including any minor without verified age status) see only text content from creators who have self-classified their content as safe for children. Images, video, and other media are not displayed to unverified visitors. Users cannot post content until they are verified (with parental consent if under 18). These controls are intended to reduce risk for minors and to make Bippsi a more deliberate environment for younger users than mainstream alternatives, but parents and guardians remain responsible for supervising minors' use of the Service.

Parent rights. A parent or legal guardian who has opened or operates a minor's account has the right to:

• Review the personal information collected from the minor
• Request deletion of the minor's account and associated data
• Revoke consent at any time by contacting Bippsi support, after which Bippsi will re-evaluate the minor's account status (and may restrict access or anonymize the account depending on circumstances)
• Refuse Bippsi's continued use of the minor's personal information

To exercise these rights, contact help@bippsi.com. We will respond within 30 days. We may require the parent to confirm their identity (such as through Verified Person verification) before processing the request.

If you believe Bippsi has collected information from a child below the local minimum age WITHOUT verifiable parental consent, please contact us immediately at help@bippsi.com and we will investigate, delete the information, and take corrective action.

Bippsi complies, or designs its parental-consent flow to support compliance, with:

• U.S. Children's Online Privacy Protection Act (COPPA)
• EU General Data Protection Regulation Article 8
• UK Children's Code (Age-Appropriate Design Code) under the Information Commissioner's Office
• California Age-Appropriate Design Code Act
• Equivalent child-privacy laws in other jurisdictions as they apply

Ultimate compliance with these laws depends on Bippsi's implementation of the parental-consent flow in accordance with applicable law; this Privacy Policy describes the framework, and the technical implementation is described in the Bippsi Terms of Use §1.1 and §10.

9. International Data Transfers

Bippsi's primary servers are located in Germany (Hetzner Online GmbH) and the United States. If you access our Service from any location, your data will be transferred to and processed in these jurisdictions and in the jurisdictions where our third-party service providers operate.

Specific third-party data processing locations:

• Authenticate.com processes verification source data (scanned identification documents, biometric/liveness data) in the United States and may process or store data in additional jurisdictions per their privacy policy.
• Stripe processes payment and Stripe Connect data in the United States and any other jurisdictions where Stripe operates per their privacy policy.
• Cloudflare processes edge-layer traffic (TLS termination, DNS, bot protection, IP-based geographic detection) globally through their content delivery network.
• Hetzner Online GmbH stores Bippsi platform data on servers in Germany and the United States.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland: Where personal data is transferred outside the EEA / UK / Switzerland, Bippsi relies on (a) European Commission adequacy decisions where they exist (such as the EU-U.S. Data Privacy Framework, where applicable to specific recipients), (b) Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to processors and recipients not subject to an adequacy decision, and (c) supplementary measures (such as encryption in transit and at rest, contractual restrictions, and audit rights) where required by the Schrems II line of cases. Bippsi relies on the transfer mechanisms described above rather than user consent, unless a specific transfer legally requires consent.

For users in other jurisdictions: Bippsi ensures that appropriate safeguards are in place in accordance with applicable data protection laws of your jurisdiction.

If you have questions about the international transfer of your personal data or wish to obtain a copy of the safeguards in place for a particular transfer, contact help@bippsi.com.

10. Third-Party Services

Our Service integrates with the following third-party services:

• Social Media Platforms (Social Ninja integration): Bluesky, X/Twitter, Facebook, Instagram, Threads, Reddit, Tumblr, and others you choose to connect. Each platform has its own privacy policy governing how they handle content published through their APIs.
• Payment Processing (Stripe): Stripe, Inc. handles all financial transactions and Stripe Connect payouts. We do not have access to your full payment card details. Stripe's privacy policy: stripe.com/privacy.
• Hosting Infrastructure (Hetzner Online GmbH): Hetzner stores and serves all platform data from their German and U.S. data centers. Hetzner's privacy policy: hetzner.com/legal/privacy-policy.
• Identity Verification Provider (Authenticate.com, operated by Authenticating.com LLC): If you initiate identity, business, or age verification, your data is processed by Authenticate.com subject to their own privacy policy (authenticate.com/privacy-policy), biometric information retention and destruction policy (authenticate.com/biometric-policy), and applicable identity-verification laws. We do not sell or share your verification data with any other party. See §1.6 for the full scope of verification data flows.
• Edge / DNS / Bot Protection (Cloudflare): Cloudflare provides DNS, TLS termination, edge caching, and Turnstile bot-challenge verification. Cloudflare's privacy policy: cloudflare.com/privacypolicy.
• DMARC Report Aggregation (Postmark): Postmark (operated by Wildbit LLC) processes DMARC aggregate reports forwarded by recipient mail servers, for our outbound email deliverability monitoring. Personal email content is not shared with Postmark; only aggregate DMARC report XML is forwarded. Postmark's privacy policy: postmarkapp.com/eu-privacy.
• GeoIP Database (MaxMind): MaxMind provides the GeoLite2 geographic-region database that Bippsi uses for IP-based country detection in rate limiting, fraud detection, and (when applicable) jurisdictional gate evaluation. Bippsi downloads the database to its own servers; MaxMind does not receive your IP address from us.

11. Data Breach Notification

In the event of a data breach that may affect your personal information, we will:

• Notify affected users via email within 72 hours of becoming aware of the breach
• Notify the relevant data protection authorities as required by applicable law
• Provide details on what data was affected and what steps we are taking to address the incident

12. Changes to This Policy and Continued Use

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will notify you via email and may also display an in-app notice when you next log in.

Your continued use of the Service after a policy update means the updated disclosures apply to future processing where permitted by law. Where applicable law requires separate consent for a new processing activity, Bippsi will request that consent separately. If you disagree with a change, you may stop using the Service and request account deletion under §6, subject to the retention rules in §7.

This Privacy Policy and the Bippsi Terms of Use may be updated together when changes affect both documents (such as the introduction of new identity verification capabilities, gate engine policies, or account lifecycle mechanics). Material updates are typically published on the same effective date and explained in the same notification email, but each document is enforced independently per its own terms.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: help@bippsi.com
• Phone: 1-623-800-1727
• Mail: Big App Studio LLC, Glendale, AZ, United States