Privacy Policy

Introduction

Welcome to TYSM's Privacy Policy. We respect your privacy and are committed to protecting your personal data. This policy explains how we collect, use, share, and protect your information when you use our Platform.

TYSM operates as a social finance network. By default, certain information (like your Gratitude Score™ and transactions you choose to make public) is visible to build network effects and reputation. However, you have granular controls to adjust your privacy settings.

1.1 Information You Provide

• Account Information: Your Gratitude Address™ (@handle), name, email, phone number, and password
• Profile Information: Bio, profile photo, social links, and other optional profile details
• Financial Information: Bank account details, card information (processed securely by Stripe), and transaction history
• Campaign Information: Campaign descriptions, images, updates, and fundraising details
• Communication: Messages, notes attached to transactions, and support inquiries

1.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent, and interaction patterns
• Device Information: IP address, browser type, device type, operating system
• Location Data: General location based on IP address (not precise GPS)
• Cookies: We use cookies to enhance your experience and analyze usage

1.3 Information from Third Parties

• Payment Processors: Transaction verification and fraud prevention data from Stripe
• Identity Verification: Information from identity verification services
• Social Login: If you connect social accounts, we receive basic profile information

We use your information to:

• Provide Services: Process transactions, maintain your wallet, calculate your Gratitude Score™
• Build Your Reputation: Display transactions you choose to make public and your Gratitude Score to create network effects
• Personalize Experience: Recommend people to support, suggest campaigns, customize your feed
• Communicate: Send transactional emails, campaign updates, security alerts, and (with consent) marketing
• Ensure Security: Detect fraud, prevent abuse, verify identity, comply with KYC/AML regulations
• Improve Platform: Analyze usage patterns, test new features, optimize performance
• Legal Compliance: Meet regulatory requirements, respond to legal requests, enforce Terms

3.1 Public Information

By default, the following information is publicly visible to build network effects:

• Your Gratitude Address (@handle), name, and profile photo
• Your Gratitude Score™ (with granular privacy controls available)
• Public transactions (you can make individual transactions private)
• Campaigns you create or support
• Your Gratitude Graph™ connections (supporters/supporting lists)

3.2 With Service Providers

We share data with:

• Payment Processors (Stripe): To process transactions securely
• Cloud Hosting (Vercel, AWS): To store data and deliver services
• Analytics (Vercel Analytics): To understand usage patterns
• Email Service: To send transactional and campaign update emails
• Identity Verification: To comply with KYC/AML requirements

3.3 For Legal Reasons

We may disclose information when required by law, to:

• Comply with legal obligations or court orders
• Protect our rights, property, or safety
• Investigate fraud or security incidents
• Enforce our Terms of Service

3.4 Business Transfers

If TYSM is acquired or merged, your information may be transferred to the new entity. We will notify you before your information becomes subject to a different privacy policy.

We give you granular control over your privacy:

We implement industry-standard security measures:

• Encryption: All data is encrypted in transit (TLS) and at rest
• Payment Security: We never store full card numbers (PCI-DSS compliant via Stripe)
• Access Controls: Strict employee access controls with audit logging
• Regular Audits: Security assessments and penetration testing
• Fraud Detection: Real-time monitoring for suspicious activity

However, no system is 100% secure. We cannot guarantee absolute security but will notify you of any breaches as required by law.

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete information
• Deletion: Request deletion of your data (subject to legal requirements)
• Portability: Receive your data in a machine-readable format
• Opt-Out: Unsubscribe from marketing communications
• Object: Object to certain processing of your data

To exercise these rights, email us at privacy@tysm.to

6.1 GDPR Rights (EU Users)

If you're in the European Union, you have additional rights under GDPR, including the right to lodge a complaint with your local data protection authority.

6.2 CCPA Rights (California Users)

California residents have specific rights under CCPA, including the right to know what information we collect and the right to opt-out of "sales" (we do not sell your data).

7. Data Retention

We retain your data:

• Active Accounts: As long as your account is active
• Closed Accounts: Up to 7 years for financial/tax records, shorter for other data
• Legal Requirements: As required by law or to resolve disputes

8. Children's Privacy

TYSM is not intended for users under 18. We do not knowingly collect information from children. If we discover we have collected data from a child, we will delete it promptly.

9. International Data Transfers

TYSM operates in the United States. If you access the Platform from outside the U.S., your data may be transferred to and processed in the U.S. We use appropriate safeguards for international transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Platform. The "Last updated" date at the top reflects the most recent version.

11. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us: