Privacy Policy

Account data: email, username, password (stored only as a salted hash), and your self-attested date of birth (used to verify you are 18+). Profile data for creators: display name, bio, and connected platform handles. Payment data: card details are collected and stored by Stripe, not by us — we keep only non-sensitive references (e.g., card brand and last four) and transaction records. Usage and security data: pledges, ideas, IP address, and device/user-agent for login and security events.

Creator identity verification (KYC) and payouts are handled by Stripe Connect. Stripe collects and verifies government identity information directly; Kamirin does not build or store its own government-ID verifier. We receive only verification status and the limited fields needed to operate payouts and tax reporting.

When a creator links a platform account (e.g., Twitch, YouTube, Kick, TikTok, Facebook, Instagram) via OAuth, we receive that account’s public identifiers — canonical id, handle, display name, follower/subscriber count, and any native verified signal — to prove ownership and help prevent impersonation. Access tokens are encrypted at rest and are never exposed to the browser. You can disconnect a platform at any time.

To operate the marketplace (pledging, acceptance, delivery, settlement, refunds); to verify eligibility and identity; to provide notifications and security alerts; to prevent fraud, abuse, and money laundering; to comply with legal and tax obligations; and to improve the service. We do not sell your personal data, and we do not send marketing email — only transactional and security messages.

We share data with service providers that operate the Platform under contract — notably Stripe (payments/identity) and our email provider (transactional email) — and as required by law. Public information you choose to publish (e.g., a creator page or a pledge shown in the public pledge book) is visible to others according to your visibility settings.

We protect accounts with hashed passwords, optional authenticator-app two-factor authentication, revocable sessions, encryption of sensitive tokens at rest, signed and idempotent payment webhooks, and an immutable audit log of money and moderation events. No system is perfectly secure, but we design to minimize what we hold and to detect misuse.

You can access a portable copy of your data and delete your account from your account settings, and correct your profile details there. When you delete your account, we scrub your personal data and close the account; for legal and financial-integrity reasons, anonymized money and audit records are retained, and deletion is blocked while you have active charged pledges or a held payout.

[Counsel to finalize state-specific rights (e.g., CCPA/CPRA, other state privacy laws), opt-out / Global Privacy Control handling, and retention schedules.]

The Platform is for adults 18 and older. We do not knowingly collect data from anyone under 18, and accounts found to belong to minors are removed.

We may update this Policy; the version above will change for material updates. Privacy questions and data-rights requests can be sent to the contact address published at launch.