Privacy Policy

Last updated: January 2026 

1. Introduction

Talent Token ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

2. Information We Collect

2.1 Information You Provide

  • Account information (email, name, profile picture)
  • Authentication data (via Clerk)
  • Payment information (processed by Stripe - we never see full card numbers)
  • Communication data (support inquiries, feedback)
  • For talents: social media links, portfolio URLs, bio information

2.2 Information Collected Automatically

  • Device information (browser type, operating system)
  • Usage data (pages visited, features used, time spent)
  • IP address and approximate location
  • Cookies and similar tracking technologies

2.3 Information from Third Parties

  • Social login providers (if you sign in with Google, etc.)
  • Stripe (payment confirmation, fraud detection)
  • Clerk (authentication status)

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Create and manage your account
  • Track your card collection and gamification progress
  • Send promotional communications (with your consent)
  • Respond to your comments, questions, and support requests
  • Monitor and analyze trends, usage, and activities
  • Detect, investigate, and prevent fraudulent transactions
  • Comply with legal obligations

4. Third-Party Services

We use the following third-party services that may process your data:

Clerk (Authentication)

Handles user authentication, session management, and social logins. Their privacy policy: clerk.com/legal/privacy

Stripe (Payments)

Processes all payments. We never store your full credit card number. Their privacy policy: stripe.com/privacy

Sightengine (Content Moderation)

Moderates uploaded images for talent card creation. Images are processed for content safety only and not stored long-term.

Replicate (AI Image Generation)

Generates card artwork from talent photos. Photos are processed through their AI models for card creation.

Cloudflare R2 (Storage)

Stores card artwork and other static assets. Data is encrypted at rest and in transit.

Neon (Database)

Hosts our PostgreSQL database. All data is encrypted and stored in SOC 2 compliant infrastructure.

5. Data Sharing

We do not sell your personal information. We may share your data:

  • With service providers who assist in operating our platform
  • With talents (limited to what's needed to provide perks)
  • To comply with legal obligations or valid legal process
  • To protect our rights, privacy, safety, or property
  • In connection with a merger, acquisition, or sale of assets

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. We may retain certain information for legal, tax, or accounting purposes even after account deletion. Card ownership records and transaction history are retained permanently as part of our immutable ledger.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access your personal data we hold
  • Correct inaccurate or incomplete data
  • Request deletion of your data (subject to legal requirements)
  • Object to or restrict certain processing
  • Data portability (receive your data in a structured format)
  • Withdraw consent for marketing communications

To exercise these rights, contact us through our Contact page.

8. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential cookies: Required for authentication and security
  • Functional cookies: Remember your preferences
  • Analytics cookies: Understand how you use our service

You can control cookies through your browser settings. Disabling certain cookies may affect functionality.

9. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), encryption at rest, access controls, and regular security audits. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

10. Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly. Users between 13 and 18 should have parental consent before using our services.

11. International Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where required.

12. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information we collect, the right to delete personal information, and the right to opt-out of the sale of personal information. We do not sell personal information.

13. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under the GDPR including access, rectification, erasure, restriction, portability, and objection. Our legal basis for processing includes contract performance, legitimate interests, and consent where applicable.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through our platform. The updated policy will be effective when posted.

15. Contact Us

For questions about this Privacy Policy or your personal data, please contact us through our Contact page or email privacy@talenttoken.io.