Privacy Policy

Information We Collect

• You provide: account identifiers and profile details you choose to share (e.g., email, display name), redemption and gift details (recipient handle, product, notes), and shipping information for recipients.
• Identity graph data: minimal identifiers needed to deliver gifts to the right person (wallet addresses, ENS names, Farcaster/Twitter/X usernames, OAuth provider IDs).
• Authentication data: OAuth access/refresh tokens, session identifiers (e.g., httpOnly cookies).
• Payment and fulfillment data: gift metadata, price, timestamps, and status. We do not store card numbers. First-party card payments are processed by Stripe; third-party merchant purchases may use crypto rails (e.g., USDC on Base via the x402 protocol or MoonPay Commerce).
• Automatically collected: device and usage information (IP address, browser, OS), log data, coarse geolocation, and cookies or similar technologies for essential functionality and analytics.
• From third parties: information from authentication providers (Google, Twitter/X), payment processors and vendors (e.g., Stripe, Shopify merchants), and public blockchain networks when you interact on-chain.

How We Use Information

• Provide, maintain, and improve the Services, including gift flows and order fulfillment
• Authenticate users, maintain our identity graph, and keep accounts secure
• Process payments and combat fraud, abuse, and violations of our Terms
• Perform content safety checks and compliance screening before purchases are completed
• Communicate with you about orders, support, updates, and policy changes
• Comply with legal obligations and enforce our agreements

Content Moderation

To comply with processor policies and maintain platform safety, we use OpenAI's Moderation API to screen product names and descriptions for prohibited content before processing gifts. This helps prevent purchases of violent, sexual, hateful, or illegal items.

Product information sent for moderation is processed by OpenAI under their Privacy Policy. We do not retain moderation results beyond the transaction lifecycle.

Payment Processing

First-party products (e.g., Bea's Bazaar) use Stripe. Stripe processes your payment information under its Privacy Policy. We do not store card details on our servers.

Some third-party merchant purchases use cryptocurrency payment rails (e.g., USDC on Base via the x402 protocol). On-chain transactions are public and may be permanently viewable. We may also integrate MoonPay Commerce. Please review the applicable payment provider's privacy policies before use.

Legal Bases (EEA/UK Users)

Where applicable, we process personal data under the following legal bases:

• Performance of a contract (to provide the Services and fulfill orders)
• Legitimate interests (e.g., securing our Services, preventing fraud, improving features)
• Consent (e.g., certain cookies/analytics where required by law)
• Legal obligations (e.g., tax, accounting, compliance)

How We Share Information

• Vendors/Processors: infrastructure, hosting, analytics, monitoring, anti-abuse, moderation, and payment/fulfillment partners (e.g., Stripe, OpenAI, cloud providers, Sentry). These parties access data only to perform services for us under appropriate safeguards.
• Merchants and logistics providers: to fulfill orders and deliveries you initiate.
• Public blockchains: on-chain activity (e.g., wallet address, transaction metadata) is public by design and may be read by anyone.
• Legal and compliance: to comply with law, respond to lawful requests, or protect rights, safety, and integrity.
• Business transfers: in connection with a merger, acquisition, financing, or sale of assets.

Data Retention

Recipient shipping information is encrypted at rest and purged approximately 30 days after redemption. We retain other data for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Blockchain data may persist indefinitely on public networks.

Security

We use technical and organizational measures to protect personal information (e.g., encryption at rest/in transit, access controls). No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

International Data Transfers

We may process and store information in the United States and other countries. Where required, we rely on appropriate transfer mechanisms (such as Standard Contractual Clauses) for cross-border data transfers.

Your Rights

Depending on your location, you may have rights to access, correct, delete, or port your personal information, to object to or restrict certain processing, and to withdraw consent where processing is based on consent.

California residents may have rights under the CCPA/CPRA, including to know, delete, and opt out of certain disclosures. We do not sell personal information as defined by the CCPA/CPRA.

To exercise rights, please email support@buyit.bot. We may need information (e.g., gift ID, account email) to verify your request.

Cookies & Tracking

We use essential cookies to operate the Services and may use analytics or functional cookies to improve performance and features. You can control cookies through your browser settings. Some features may not function properly without certain cookies.

Children's Privacy

The Services are not directed to anyone under 18. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us and we will take appropriate action.

Third-Party Links

Our Services may link to third-party sites or services. Their privacy practices are governed by their own policies, and we are not responsible for them.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with a new "Last Updated" date. Your continued use of the Services after changes become effective constitutes your acceptance of the revised policy.

Contact

Questions or requests: support@buyit.bot