Privacy Policy

Your privacy is fundamental to everything we do. This policy explains how we collect, use, and protect your information.

Last updated: August 17, 2025

Effective date: August 17, 2025

Privacy at a Glance

What We Collect

  • • Email address (for authentication)
  • • Display name and bio (profile information)
  • • Transaction data (amounts, notes, receipts)
  • • Usage analytics (anonymized)

How We Use It

  • • Provide and improve TYSM services
  • • Process gratitude transactions
  • • Send important account notifications
  • • Prevent fraud and abuse

Information We Collect

Account Information

  • Email address: Used for authentication and important notifications
  • Display name: Shown on your public profile
  • Handle (@username): Your unique TYSM identity
  • Bio: Optional profile description
  • Avatar: Optional profile image (when uploaded)

Transaction Data

  • Transaction amounts: Dollar amounts of gratitude sent/received
  • Transaction notes: Optional messages accompanying transactions
  • Transaction timestamps: When gratitude was exchanged
  • Receipt hashes: Unique identifiers for transaction receipts

Usage Information

  • Device information: Browser type, operating system (anonymized)
  • Usage analytics: How you interact with TYSM (anonymized)
  • Performance data: Page load times, error rates (anonymized)
  • IP address: For security and fraud prevention (not stored long-term)

How We Use Your Information

Primary Uses

  • Service Delivery: Process transactions, maintain your profile, enable gratitude sharing
  • Authentication: Verify your identity and maintain secure sessions
  • Communication: Send magic links, transaction confirmations, important updates
  • Security: Prevent fraud, abuse, and unauthorized access

Secondary Uses

  • Product Improvement: Analyze usage patterns to enhance TYSM (anonymized data only)
  • Support: Help resolve technical issues and answer questions
  • Legal Compliance: Meet regulatory requirements and legal obligations

Your Privacy Rights & Controls

Privacy by Default

Your gratitude network is private by default. Only you can see your full transaction history and network connections.

  • • Your account balance is never public
  • • Transaction notes are only visible to sender and receiver
  • • Your gratitude graph is private unless you enable public sharing
  • • Email address is never displayed publicly

Your Rights

  • Access: Request a copy of your data
  • Correction: Update or correct your information
  • Deletion: Request account and data deletion
  • Portability: Export your data in standard formats
  • Objection: Opt out of certain data processing

How to Exercise Rights

  • Account settings: Manage most preferences in your profile
  • Email us: privacy@tysm.to
  • Response time: We respond within 30 days
  • Verification: We may need to verify your identity

When We Share Information

We DO NOT sell your data

TYSM will never sell, rent, or trade your personal information to third parties for marketing purposes.

Limited Sharing Scenarios

Service Providers

We share minimal data with trusted service providers who help us operate TYSM:

  • Stripe: Payment processing (they never see your gratitude data)
  • Vercel: Web hosting and performance
  • Neon: Database hosting with encryption
  • Resend: Email delivery for magic links

Legal Requirements

We may disclose information when required by law, such as responding to valid legal requests, court orders, or to protect our rights and the safety of our users.

With Your Consent

We may share information in other circumstances with your explicit consent, such as when you choose to make your gratitude graph public.

Data Retention & Deletion

How Long We Keep Data

  • Account data: Until you delete your account
  • Transaction records: 7 years (required for financial compliance)
  • Analytics data: 2 years maximum (anonymized)
  • Security logs: 1 year (for fraud prevention)

Account Deletion

  • Self-service: Delete your account anytime in settings
  • Data removal: Most data deleted within 30 days
  • Transaction records: Anonymized but preserved for compliance
  • Backup cleanup: Removed from backups within 90 days

Cookies & Tracking

Essential Cookies

These cookies are necessary for TYSM to function and cannot be disabled:

  • Authentication: Keep you signed in securely
  • Security: Prevent cross-site request forgery (CSRF)
  • Preferences: Remember your privacy and display settings

Analytics Cookies (Optional)

These help us understand how TYSM is used and improve the experience:

  • PostHog: Privacy-focused analytics (anonymized)
  • Performance monitoring: Page load times and error tracking

Your choice: You can opt out of analytics cookies in your browser settings or through our cookie banner.

International Data Transfers

TYSM is based in the United States, and your data may be transferred to and processed in the US and other countries where our service providers operate.

Protection for International Users

  • GDPR compliance: European users have full GDPR rights
  • Adequate protection: We ensure equivalent privacy protection regardless of location
  • Standard contractual clauses: Legal safeguards for international transfers
  • Data minimization: We only transfer data necessary for service operation

Children's Privacy

Age Requirement

TYSM is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If you believe we have collected information from a child under 13, please contact us at privacy@tysm.to and we will promptly delete it.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You

  • Email notification: For significant changes affecting your rights
  • In-app notice: Prominent notification when you next visit TYSM
  • Updated date: The "last updated" date at the top of this policy
  • Continued use: Using TYSM after changes means you accept the updated policy

Contact Us About Privacy

Privacy Questions

If you have questions about this privacy policy or how we handle your data:

privacy@tysm.to

We typically respond within 2 business days

Questions? Contact Support →View Security Practices← Back to TYSM