Privacy Policy
Last updated: June 28, 2026 · Version 2026-06-28
Template for review. Draft only, not legal advice. Must be finalized by counsel, including specific biometric-privacy compliance (e.g., Illinois BIPA, Texas CUBI, Washington), CCPA/CPRA, and GDPR where applicable.
What we collect
- Account & identity: name, email, date of birth, address, and (for payouts) government-ID verification handled by Stripe Identity, plus payout/bank details handled by Stripe Connect.
- Gameplay: challenge scores, device/camera capabilities, and — for payout-eligible challenges — short gameplay recordings retained as fraud evidence when a session is flagged.
- Biometric / facial data: a facial reference and face-geometry derived at enrollment and at each payout-eligible challenge, used solely for 1:1 identity verification and liveness/anti-fraud (see below).
- Usage & device: IP address, approximate location (for eligibility), browser/device info, and cookies for authentication and analytics.
- Payments: subscription and prize transactions processed by Stripe; we do not store full card numbers.
Biometric notice & consent. To prevent fraud in cash-prize challenges, we (and our facial-recognition service provider) create a facial template from your camera image and compare it 1:1 to your enrolled reference, and run a liveness check. We use this only to confirm it's really you playing. We do not sell biometric data. Facial templates are retained only as long as needed for verification and fraud investigation and then deleted per our retention schedule (or sooner on request, subject to anti-fraud/legal holds). You may decline — but cash-prize challenges will be unavailable. By opting in you provide written consent to this processing.
How we use it
- Operate the games, accounts, subscriptions, and prize payouts.
- Verify identity, age, and location; detect and prevent fraud, cheating, and impersonation.
- Comply with tax, KYC/AML, and other legal obligations.
- Improve and secure the Service and communicate with you.
Who we share with
Service providers acting on our behalf: Stripe (payments, identity, payouts), Memberstack (auth), our facial-recognition/anti-fraud provider, hosting/storage (DigitalOcean), and analytics. Sponsors receive aggregate/limited campaign results, not your raw biometric data. We may disclose information to comply with law or protect rights/safety. We do not sell personal information.
Your rights & choices
Depending on your location you may access, correct, delete, or port your data, opt out of certain processing, and withdraw biometric consent. Manage subscriptions in the portal; request data actions at service@stripit.ai. We honor applicable CCPA/CPRA, BIPA, and GDPR rights.
Security & retention
We use industry-standard safeguards. No system is perfectly secure. We retain data as long as needed for the purposes above and legal/fraud obligations, then delete or de-identify it.
Children
The Service is for adults 18+. We do not knowingly collect data from minors; contact us if you believe a minor has used the Service.
Changes & contact
We will post updates here and notify you of material changes. Contact: service@stripit.ai, STRIPIT INC.