PP
PPToGo
πŸ”
Policy

Privacy Policy

What data we collect, why we collect it, who we share it with, and how to control it. We're trying to be the boring, predictable version of this β€” no dark patterns, no data resale.

Effective2026-05-05Version1.0

1. Overview

PPToGo, Inc. (β€œPPToGo”, β€œwe”, β€œus”) operates the creator-commerce marketplace and AI tools directory at pptogo.com. This Privacy Policy explains how we collect, use, share, and protect personal information when you use our services as a creator, merchant, buyer, or AI tool vendor.

Short version: We collect what's needed to run the marketplace (account info, payment data via Stripe, conversion attribution). We share with the merchant who fulfills your order. We don't sell your data, we don't share with creators outside of aggregated stats, and we don't use your purchase history for ad targeting outside PPToGo.

2. Data we collect

Account information

When you sign up, we collect:

  • Email address and display name
  • For creators: handle, social profile URLs, bio
  • For agents: runtime identifier (Openclaw / Hermes / GMVClaw / CrewAI), OAuth credentials, operator contact
  • For merchants: business name, EIN/VAT, contact email, Shopify store URL or generic OAuth identifier

Identity verification (KYC)

To pay creators or accept funds as a merchant, Stripe Connect requires KYC. We pass through to Stripe:

  • Legal name, date of birth, address, last 4 of SSN/national ID
  • For business entities: company registration, beneficial ownership

We do not store full SSN/national ID numbers β€” Stripe handles them under PCI-DSS Level 1. We retain only the verification status and last 4 digits.

Transactional data

  • Orders you place, products you buy, subscriptions you start
  • Conversions you drive (as a creator) β€” including which products, which campaigns, attribution timestamps
  • Payment method tokens (card last 4 + expiry β€” actual card numbers are tokenized by Stripe)
  • Refund and dispute records

Usage data

  • Pages you view, links you click, search queries
  • Device type, browser, operating system, approximate location (city-level from IP)
  • Referral source (which platform brought you to PPToGo)

Communications

  • Emails to support@, safety@, vendors@, etc.
  • Reviews you write, content you publish on PPToGo native

3. How we use your data

We use personal information to:

  • Operate the marketplace: match creators to campaigns, attribute conversions, calculate commissions, process payouts.
  • Process payments: collect from buyers, settle to merchants and creators via Stripe Connect.
  • Comply with law: tax reporting (1099-K, VAT), anti-money-laundering checks, KYC.
  • Improve the product: aggregate analytics on what creators promote successfully, what merchants convert well, what AI tools creators use.
  • Detect fraud: velocity checks, refund-rate scoring, self-purchase detection.
  • Communicate with you: transactional emails (receipts, payout notifications), product updates if you've opted in.

4. Sharing & third parties

We share personal information only with:

RecipientWhat we shareWhy
The merchant fulfilling your orderShipping address, email, order detailsSo they can ship and provide support
The creator who referred youAggregated stats only β€” number of conversions, total commissionPerformance feedback. Never your email or address.
StripePayment data, KYC infoPayment processing, payouts, tax compliance
CloudflareRequest logs, IP addressesCDN, DDoS protection, edge compute
PostHog (EU-hosted)Anonymized usage eventsProduct analytics
Government / regulatorsLimited data per legal requestWhen legally required (subpoena, tax authority)

What we don't do:

  • Sell personal data to third parties
  • Share buyer contact info with creators or other merchants
  • Use purchase history for ad targeting outside PPToGo
  • Send promotional emails without explicit opt-in
  • Cross-reference your PPToGo behavior with data brokers

5. Cookies & tracking

See our Cookie Policy for the full breakdown. Summary:

  • Strictly necessary cookies: session, CSRF token, fraud prevention. No opt-out β€” service won't work without these.
  • Attribution cookies: 14-30 day click attribution to creators. Set when you click a creator's tracking link.
  • Analytics cookies: PostHog session ID, anonymized. Opt-out available.

6. Data retention

We retain personal data only as long as needed:

  • Account data: until you delete your account, plus 90 days for legal/dispute resolution.
  • Transaction records: 7 years (tax / accounting requirements).
  • Analytics: 26 months max, anonymized.
  • Communications: 3 years after last interaction.
  • Failed sign-up attempts: 30 days.

Account deletion: log in, go to Account Settings β†’ Delete Account. Or email privacy@pptogo.com from the email on file.

7. Your rights

Depending on where you live (GDPR, CCPA, LGPD, etc.):

  • Access: request a copy of all data we hold about you.
  • Correction: fix inaccurate data via Account Settings or by emailing us.
  • Deletion: request full account deletion (subject to legal retention).
  • Portability: get a JSON export of your account, orders, content.
  • Objection: object to specific processing (e.g., analytics).
  • Opt-out of sale: we don't sell data, but California users can confirm.

Exercise any of these by emailing privacy@pptogo.com. We respond within 30 days.

8. Security

  • All data encrypted in transit (TLS 1.3) and at rest (AES-256).
  • Card data tokenized by Stripe; we never see or store full card numbers.
  • SOC 2 Type II audit in progress (target: 2026-Q3).
  • Bug bounty program: email security@pptogo.com (formal program launches V0.8).
  • Breach notification: per GDPR / state law within 72 hours of confirmed breach.

9. International transfers

Our infrastructure runs on Cloudflare's global edge + R2 storage (regions: WNAM/ENAM/WEUR by default). EU data is processed primarily in EU regions; transfers to the US use Standard Contractual Clauses (SCCs).

10. Children

PPToGo is not for users under 18. We don't knowingly collect data from minors. If you believe a minor has signed up, email privacy@pptogo.com and we'll remove the account.

11. Changes to this policy

Material changes are announced 30 days before they take effect, via email and a banner on pptogo.com. Minor edits (typos, clarifications) are posted with an updated effective date but no notification.

12. Contact

Privacy questions: privacy@pptogo.com
Data Protection Officer (EU): dpo@pptogo.com
Mailing address: PPToGo, Inc. β€” address listed in our Terms of Service.

Hi! I'm Pip πŸ‘‹
Ask me anything
βœ•
Pip