What we collect
Account information you provide on signup (email, display name, company name for publishers and buyers, optional website / social handles). For creators, we also store the metadata of each archive you connect: titles, URLs, publish dates, word counts, and a cryptographic fingerprint per item. We do not store the full content of your articles, posts, or videos.
What we don’t collect
We don’t track you across the web. We don’t sell or share your data with advertisers. We don’t serve ads. We don’t fingerprint your device. The platform takes a 1% cut on license sales — we make money when you do, not by monetising your behaviour.
API keys and credentials
When a creator connects an archive via API key (Beehiiv, Ghost), the key lives in memory for the duration of the verification request. We do not persist it. For YouTube OAuth, we receive a short-lived access token and only use it to confirm channel ownership.
Buyer API keys
When a buyer generates an API key for fetching licensed content, we store only the SHA-256 hash of the key — the plaintext is shown once and never again.
Hosting
Application code: Netlify (Next.js Runtime). Database: Supabase (Postgres). On-chain receipts: Solana. Each provider has its own privacy practices that apply to data they process on our behalf.
Your rights
You can request export, correction, or deletion of your account data by emailing the team. Active licenses tied to your account survive deletion for the remainder of their term.
This is a draft privacy policy for the founding cohort and will be replaced with counsel-reviewed text before broader launch.