Skip to main content
← Back to Cadrely

Privacy Policy

Last updated: 2026-04-29

1. What we collect

When you create an Cadrely account we collect your email address, your display or company name, and the role you choose (creator or brand). When you connect Stripe to receive payouts or fund a bounty, payment details (bank account, card information, tax information) are collected and held by Stripe — Cadrely stores only the Stripe customer or Connect account ID needed to reference your records. You may optionally provide profile information such as a bio, portfolio links, niche tags, and an avatar; that content is voluntary and you control it.

2. Why we collect it

Email and password are used to authenticate your account and to send you transactional notices (verification, password reset, bounty status changes). Payment details are used solely to process funding and payouts through Stripe. Profile information is used to power discovery — brands browsing creators and creators browsing campaigns. We do not sell personal data, and we do not run advertising or behavioral tracking on the platform.

3. How long we keep it

Account data is retained for as long as your account is active. If you delete your account we soft-delete the record and remove personally identifying fields within 30 days, except where retention is required by tax, accounting, or fraud-prevention obligations (typically up to 7 years for payment records). Anonymous aggregate metrics (e.g. total payouts processed) may be retained indefinitely.

4. Third parties

We share data only with the service providers needed to run the platform:

  • Stripe — payment processing and Connect payouts.
  • Resend — transactional email delivery (verification, password reset, notifications).
  • Mapbox — map rendering on discovery pages.
  • Ably — realtime delivery of messages, presence, and typing indicators.

Each provider acts as a data processor under their own published privacy policy.

5. Your rights

You may request a copy of the personal data we hold, correction of inaccurate data, or deletion of your account at any time. Users in the EU/EEA have the rights granted by the GDPR (access, rectification, erasure, restriction, portability, objection); users in California have the rights granted by the CCPA (know, delete, opt-out of sale, non-discrimination). Requests can be sent to the contact address below and we'll respond within 30 days.

6. Cookies

We use a single httpOnly session cookie to keep you signed in. We do not use third-party analytics or advertising cookies, and we do not run any cross-site tracking. If that changes in the future we will update this policy and ask for consent where required.

7. Contact

Questions, requests, or data-protection concerns can be sent to support@hfc.example. We aim to respond within five business days.

This policy is a draft. A lawyer-reviewed version will be in place before live mode.