Tidnum Privacy Policy
1. Introduction
Tidnum, Inc. (“Tidnum,” “we,” “us,” or “our”) operates a creator monetization platform accessible at tidnum.com (the “Platform”). This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and what rights you have over it. By using the Platform, you agree to the practices described in this policy.
2. Information We Collect
2.1 Account Information
When you create an account, we collect your email address and a hashed version of your password. If you sign in with Google, we receive your email address, display name, and profile photo from Google via OAuth. We store an onboarding completion flag and the date your account was created.
2.2 Profile Information
During onboarding, you may provide a display name, a unique handle, a bio, a creator category, and upload an avatar and banner image. These images are stored in Cloudflare R2 object storage.
2.3 Financial and Payment Information
For creators, we collect and store your Stripe Customer ID and Stripe Connect Account ID. If you set up payouts, we store the last four digits of your bank account number, your bank name, and your account holder name via Stripe. We also store W-9 tax verification status and an associated Stripe Identity session ID for creators who meet earnings thresholds. We do not store full bank account numbers or card numbers at any point — these are handled exclusively by Stripe.
We maintain records of all financial transactions on the Platform, including subscription payments, one-time post purchases, tips, gift subscriptions, payout requests, refund requests, and a balance and earnings ledger for each creator. These records are linked to your account and retained for legal and accounting compliance purposes even after account deletion.
2.4 Content You Post
We store all content you create on the Platform, including post titles, body text, subtitles, categories, tags, cover images, excerpts, content warnings, and scheduled publish times. Media files attached to posts — including images, audio, and video — are stored in Cloudflare R2. Video files are also processed and hosted by Mux. We store the original filename of uploaded media files, which may contain your name or other identifying information if not removed before upload.
We also store poll responses, post reactions, bookmarks, and direct messages you send or receive on the Platform.
2.5 Subscription and Follow Data
We store records of which creators you subscribe to or follow, your subscription status and billing history, your notification preferences, and in-app notifications sent to your account.
2.6 Push Notification Data
If you opt into browser push notifications, we store your browser's push endpoint URL and the associated encryption keys required to deliver notifications to your device.
2.7 Technical and Usage Data
We track aggregate post view counts. We do not maintain per-user view histories or behavioral analytics within our application.
Our application code does not collect or log IP addresses, user agent strings, or device identifiers. However, Cloudflare and Vercel, which provide our content delivery and hosting infrastructure respectively, collect this information at the infrastructure level as part of their standard operation.
We use Sentry for error monitoring and performance tracking. Sentry receives information about application errors, slow page loads, and slow API calls, including the URL and response status of affected requests. Sentry also records session replays for approximately 10% of all sessions and 100% of sessions in which an error occurs. Session replays capture mouse movements, clicks, scroll behavior, and form interactions in the browser. Sentry receives your IP address and user agent string as part of standard error reporting. If you have concerns about session replay, you may contact us at legal@tidnum.com.
2.8 Cookies and Local Storage
We do not set cookies manually. Supabase, our authentication provider, sets HTTP-only session cookies automatically to maintain your login session. A temporary state cookie is set during Google OAuth sign-in and discarded after authentication completes. We do not use localStorage or sessionStorage.
2.9 Waitlist Data
If you joined our waitlist before creating an account, we store your email address for that purpose. You may request deletion of your waitlist email at any time by contacting legal@tidnum.com.
2.10 Gift Subscription Recipient Data
If someone purchases a gift subscription for you, we store your email address to deliver the redemption link, even if you do not have an existing Tidnum account.
3. How We Use Your Information
We use the information we collect to operate and provide the Platform, process payments and payouts, send transactional emails and push notifications, display your profile and content to other users, monitor for errors and performance issues, comply with legal and tax obligations, and enforce our Terms of Use and Community Guidelines.
4. How We Share Your Information
We do not sell your personal information. We do not share your information with advertising networks, data brokers, or marketing platforms. We share your information only with the following service providers, and only to the extent necessary for them to perform services on our behalf:
- Stripe — payment processing, payout disbursement, and tax reporting. We transmit your email address, user ID, subscription details, transaction amounts, and bank account information to Stripe. Stripe is PCI-compliant and retains financial records subject to its own data retention policies.
- Mux — video hosting and delivery. We transmit video files and original filenames to Mux. Mux returns asset and playback IDs that we store in our database. Video content is delivered to subscribers via signed playback tokens generated server-side.
- Resend — transactional email delivery. We transmit recipient email addresses and email content, which may include your display name and post titles, to Resend for delivery.
- Cloudflare — object storage (R2) for media files and content delivery infrastructure. Cloudflare processes standard request metadata including IP addresses and user agents at the infrastructure level.
- Sentry — error monitoring and session replay. Sentry receives error data, performance traces, session replay recordings, and associated metadata including IP addresses and user agents.
- Vercel — application hosting. Vercel maintains standard infrastructure logs including IP addresses and request metadata.
We may also disclose your information where required by law, in response to valid legal process, or where we believe disclosure is necessary to protect the rights, property, or safety of Tidnum, our users, or the public.
5. Data Retention
We retain your account and profile information for as long as your account is active. Financial records — including earnings, balance ledgers, payment records, and payout history — are retained after account deletion for legal and accounting compliance purposes. Content you have posted, including posts, media files, and direct messages, may be retained after account deletion; if you require deletion of specific content, please contact us at legal@tidnum.com before deleting your account.
Stripe retains your customer and payment records subject to Stripe's own data retention policies. Sentry retains error events and session replays for up to 90 days. Resend retains email delivery logs subject to Resend's data retention policies.
6. Your Rights and Choices
You may update your account information and profile at any time through your account settings. You may cancel your subscription at any time through your account settings. You may delete your account at any time through your account settings; deletion cancels your active subscriptions and removes your authentication record, though financial records are retained as described above.
If you are a California resident, you may have additional rights under the California Consumer Privacy Act, including the right to know what personal information we have collected about you, the right to request deletion, and the right to opt out of the sale of your personal information. We do not sell personal information. To exercise your rights, contact us at legal@tidnum.com.
If you are located in the European Economic Area or United Kingdom, you may have rights under the General Data Protection Regulation or UK GDPR, including rights of access, rectification, erasure, restriction, and data portability. To exercise these rights, contact us at legal@tidnum.com. Note that our Platform is currently operated from the United States, and your data is stored and processed in the United States.
7. Data Security
We implement reasonable technical and organizational measures to protect your personal information, including encrypted transmission over HTTPS, HTTP-only authentication cookies, server-side generation of signed access tokens for all protected media, and hashed password storage. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
8. Children's Privacy
The Platform is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us at legal@tidnum.com and we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. If we make a material change, we will notify you by email or by posting a notice on the Platform before the change takes effect. Your continued use of the Platform after any change constitutes your acceptance of the updated policy.
10. Contact
If you have any questions about this Privacy Policy or wish to exercise your privacy rights, contact us at legal@tidnum.com.