Privacy Policy

WebNutch operates the AI Tools Marketplace at webnutch.com. We are the data controller for personal information collected through the Platform. For privacy enquiries, contact privacy@webnutch.com.

2.1 Information you provide:

• Account registration: email address, username, display name, and password (stored hashed).
• Profile information: bio, avatar image, portfolio URL (optional).
• Seller application: display name, experience description, payout email address, and payout method (PayPal/Skrill/Payoneer).
• Payment information: processed entirely by Stripe. We store only the result (transaction ID, amount, status). We never store raw card numbers.
• Communications: emails, support tickets, or messages you send us.
• Identity verification: government-issued ID documents if requested under our KYC/AML procedures.

2.2 Information collected automatically:

• IP address, browser type, device identifiers, and operating system.
• Pages viewed, time spent, and navigation patterns (via server logs and analytics).
• Session cookies and authentication tokens.
• Product views, purchases, and search queries.

2.3 Information from third parties:

• Google OAuth profile (name, email, avatar) if you sign in with Google.
• Identity verification results from third-party KYC providers.
• Fraud signals from payment processors (Stripe).

• To operate, personalise, and improve the Platform and marketplace.
• To create and manage your account and authenticate your identity.
• To process purchases, payouts, and manage your Credits balance.
• To communicate with you about your account, transactions, and platform updates.
• To enforce our Terms of Service, investigate abuse, and prevent fraud.
• To comply with our Anti-Money Laundering (AML) and Know-Your-Customer (KYC) obligations, including reporting to financial intelligence authorities where required by law.
• To analyse usage trends and improve our product and seller experience.
• To send marketing communications where you have opted in.

Where applicable data protection law requires us to identify a legal basis for processing, we rely on:

• Contract performance: processing necessary to provide our services to you (account management, purchases, payouts).
• Legitimate interests: fraud prevention, platform security, improving our services.
• Legal obligation: AML/KYC compliance, responding to law enforcement requests, tax reporting.
• Consent: marketing emails (you may withdraw consent at any time).

We do not sell your personal information. We share information only as follows:

• Payment processors (Stripe): to handle transactions and detect fraud. Subject to Stripe's Privacy Policy.
• Cloud infrastructure (Google Firebase / Google Cloud): for secure data storage and authentication.
• Image hosting (ImageKit): for serving content images.
• Law enforcement & regulators: when required by law, court order, or to comply with AML/CTF obligations, including proactive reporting of suspicious financial activity.
• Business transfers: in connection with a merger, acquisition, or sale of assets; affected users will be notified.
• Public profile information: your username and display name are visible to other users on the Platform.

We use the following types of cookies:

• Strictly necessary cookies: session authentication, security tokens. Cannot be disabled.
• Analytics cookies: anonymised page view and usage data to improve the Platform.
• Preference cookies: theme preferences, last-visited filters.
• Referral cookies: to track referral links for our affiliate programme.

You can control non-essential cookies in your browser settings. Note that disabling cookies may affect Platform functionality. We do not currently run third-party advertising networks.

We retain personal information for as long as your account is active or as needed to provide our services. Specifically:

• Account data: retained until you delete your account, plus 30 days to allow recovery.
• Transaction records: retained for 7 years to comply with financial record-keeping requirements.
• AML/KYC records: retained for at least 5 years after the end of the business relationship, as required by law.
• Server logs: retained for up to 90 days.
• Terminated accounts (for violations): identifying records may be retained indefinitely to prevent re-registration by banned users.

We implement industry-standard security measures including: HTTPS/TLS encryption in transit, bcrypt password hashing, Firebase security rules, role-based access controls, and regular security reviews. However, no system is 100% secure. You use the Platform at your own risk and are responsible for maintaining the security of your own account credentials.

In the event of a data breach affecting your rights and freedoms, we will notify you and relevant supervisory authorities as required by applicable law.

Your information may be stored and processed in the United States or other countries where our service providers operate. By using the Platform, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws. We take steps to ensure adequate protections are in place for such transfers.

Depending on your jurisdiction, you may have the following rights over your personal data:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Deletion:' request deletion of your personal data, subject to legal retention obligations.
• Restriction: request we limit the processing of your data.
• Portability: request your data in a machine-readable format.
• Objection: object to processing based on legitimate interests.
• Withdraw consent: for marketing communications at any time.

To exercise any right, email privacy@webnutch.com. We will respond within 30 days. Some requests may be limited where we have legal obligations requiring retention (e.g., AML records).

The Platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a minor has provided personal information, we will delete it promptly. If you believe a minor has registered, contact privacy@webnutch.com.

We may update this Privacy Policy from time to time. We will post the updated Policy on this page with a revised effective date. For material changes, we will notify you via email or a prominent in-platform notice. Your continued use of the Platform after a change becomes effective constitutes your acceptance of the revised Policy.

For any privacy-related questions, data access requests, or concerns: