Privacy Policy

Effective Date: TBD — set at launch  |  Last Updated: TBD

DRAFT — requires legal review before publication.

CHIP, PBC ("CHIP," "we," "us," "our") takes your privacy seriously. This Privacy Policy explains what data we collect, how we use it, and what we never do with it.

The short version: We collect only what we need to run the Platform. We never sell your data. We never share individual donor identities publicly. We publish aggregate financial data in the Glass Ledger, but never who gave it. You control your contact preferences.

1. What We Collect

1.1 Information You Provide

  • Account information: Name, email address, and (for Creators) entity details, EIN/FEC ID, and payout account information.
  • Payment information: Payment method details are collected and stored by our payment processor, [Payment Processor Name]. CHIP does not store full card numbers or bank account details.
  • Chip-in data: Amount, frequency, earmark, monthly cap, and recipient cause.
  • Communications: Messages you send to us or to Creators through the Platform.

1.2 Information Collected Automatically

  • Usage data: Pages visited, features used, interactions with the Platform. We use this to improve the product, not to profile you for advertising.
  • Device data: Browser type, operating system, device type, IP address. Standard server logs.
  • No cross-site tracking. CHIP does not use third-party tracking cookies, advertising pixels, or analytics tools that track you across other websites.

1.3 Information We Do NOT Collect

  • We do not buy or license personal data from data brokers.
  • We do not collect information about your activity on other websites or apps.
  • We do not use fingerprinting, device graphing, or other covert identification techniques.

2. How We Use Your Data

We use your data to:

  • Operate the Platform (process chip-ins, track streaks, award badges, display the Glass Ledger)
  • Communicate with you about your account and the Platform
  • Enforce compliance (KYC, contribution limits, foreign-national checks for political arcades)
  • Improve the Platform (analytics on feature usage, performance, errors)
  • Comply with legal obligations

We do NOT use your data to:

  • Target you with advertising (CHIP does not run ads)
  • Build profiles for sale to third parties
  • Make automated decisions with legal or similarly significant effects

3. What Is Public and What Is Private

3.1 Public (in the Glass Ledger)

  • Aggregate chip-in amounts per boss/objective
  • Expenditure line items (date, amount, category, description, outcome)
  • Creator entity information and tax status
  • CHIP's own platform fee data

3.2 Private (never public)

  • Individual Player identities
  • Individual Player chip-in amounts linked to their identity
  • Player contact information
  • Player payment details
  • Player-set caps and preferences

3.3 Player-Controlled Visibility

  • Your username and squad membership (visible to other squad members)
  • Your badge collection (you control whether it's visible to others)
  • Your streak (you control visibility)

4. Data Sharing

4.1 We Share Data With:

  • Payment processor: To process your chip-ins. They receive your payment details and transaction amount. They do not receive your CHIP gameplay data.
  • KYC/identity verification provider: For Creator onboarding only.
  • Creators (causes you chip in to): They see aggregate chip-in data (total raised, number of players, boss progress) but NOT individual Player identities. Exception: if you opt in to share your impact with the Creator, they see your username and aggregate chip-in total.
  • Service providers: Hosting, email, and infrastructure providers who help us operate the Platform. They process data on our instructions only.
  • Legal compliance: When required by valid legal process (subpoena, court order, regulatory requirement), we may disclose necessary data. We notify affected users unless prohibited by law.

4.2 We NEVER:

  • Sell, rent, or trade Player data to anyone
  • Share individual Player data with advertisers, data brokers, or analytics firms
  • Share Player data with political campaigns or PACs beyond what the Player explicitly consents to
  • Use Player data for any purpose not described in this policy

The constitutional rule (Article 7): "No data sales. Ever. Player data is not a product. Donor privacy is the default."

5. Your Choices & Rights

5.1 Account Settings

  • Update your account information anytime in Settings
  • Change your monthly cap anytime
  • Adjust contact cadence per channel (email, push, SMS)
  • Export your data (streaks, badges, impact receipt, chip-in history)
  • Delete your account

5.2 Communications

  • You control how often we contact you, per channel
  • Unsubscribe is one click and permanent
  • Transactional emails (chip-in confirmations, cap warnings) are operational, not marketing — you can't opt out of these while your account is active, but you can close your account

5.3 Data Portability

You may export your data at any time in a machine-readable format. For Players: streak history, badge collection, chip-in history, impact receipts. For Creators: Glass Ledger export, analytics data, player aggregate data.

5.4 Account Deletion

You may close your account at any time. We delete your personal data within 30 days, except:

  • Data required for legal compliance (retained per statutory requirements)
  • Glass Ledger data (aggregate, non-personal — the public record of fund movement is not deleted)
  • Anonymized data that cannot be re-identified

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption at rest (AES-256) and in transit (TLS 1.3 minimum)
  • Access controls and audit logging
  • Regular security assessments
  • Payment data handled entirely within PCI-compliant processor infrastructure

No system is impenetrable. If a breach occurs, we will notify affected users within 72 hours and publish a post-mortem.

7. Children's Privacy

CHIP is not directed at children under 18. We do not knowingly collect data from children under 18. If we learn we have collected such data, we delete it.

8. International Users

CHIP is operated in the United States. If you access the Platform from outside the U.S., your data will be transferred to and processed in the United States. We apply the same protections described in this policy regardless of where you are located.

9. California Privacy Rights

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know what personal information we collect and how we use it
  • Right to delete personal information
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of personal information (CHIP does not sell or share personal information, so this right is inherently honored)
  • Right to non-discrimination for exercising these rights

To exercise these rights, contact privacy@chip.discnxt.com. We will verify your identity before processing your request.

10. Changes to This Policy

We will notify registered users of material changes at least 30 days before they take effect, via email and a notice on the Platform. Continued use after the effective date constitutes acceptance.

11. Contact

Data Protection / Privacy Inquiries:
privacy@chip.discnxt.com

CHIP, PBC
[Address TBD]
Pittsburgh, PA

DRAFT

This Privacy Policy requires review by qualified counsel before publication. State-specific privacy law coverage (CCPA/CPRA is included as a starting point; other state laws — Virginia, Colorado, Connecticut, Utah, etc. — may require additional disclosures). GDPR applicability should be assessed if EU users are in scope. Payment processor name and company address must be added.