Privacy Policy

1. Introduction

P3RSON™, Inc., a Delaware corporation and subsidiary of P3RSON Investment Trust ("P3RSON," "we," "us," or "our"), operates the P3RSON platform (the "Platform") accessible at p3rson.com and through related mobile applications. This Privacy Policy ("Policy") describes how we collect, use, disclose, and safeguard the personal information of individuals ("User," "you," or "your") who access or use the Platform and our related services (collectively, the "Services").

For purposes of this Policy, the following defined terms shall apply throughout: "Talent" refers to models, actors, UGC creators, brand ambassadors, and other individuals who offer services through the Platform; "Brand" refers to businesses or individuals that book Talent through the Platform; "Fan" refers to individuals who interact with Talent profiles, purchase P3RSON Coins for gifting purposes, or otherwise engage with the Platform; "P3RSON Coins" refers to the virtual currency used within the Platform for gifting, booking, and backing Talent; and "P3RSON Index" refers to the algorithmic score (1–100) assigned to Talent profiles based on performance metrics.

By accessing or using the Services, you acknowledge that you have read, understood, and agree to the collection and use of your information in accordance with this Policy. If you do not agree to this Policy, you must discontinue use of the Services immediately.

2. Information We Collect

2.1 Information You Currently Provide Directly (Pre-Launch)

• Waitlist and founding-tier registration information: email address, first name, last name, selected tier ($49 Founding Talent, $149 Early Access, or $499 Founding Brand Partner), and referral source
• Payment metadata for founding-tier pre-purchases: the transaction identifier, amount, currency, and tier selection returned by Stripe Checkout. P3RSON does not collect, store, or process credit card numbers, CVV codes, bank account numbers, or other sensitive financial instrument data. Full payment details are collected directly by Stripe, Inc. on Stripe-hosted pages
• Customer support correspondence: any email, message, or inquiry you voluntarily send to [email protected], [email protected], or any other P3RSON address, including any personal information you choose to include
• Optional phone number, if you voluntarily provide one to receive SMS updates about the Platform launch

2.2 Information Currently Collected Automatically (Pre-Launch)

• IP address and approximate geolocation (city-level, derived from IP address) as reported by Google Analytics 4 with IP anonymization enabled
• Device and browser information reported by Google Analytics 4 and server logs (device type, operating system, browser type and version, language, and screen resolution)
• Usage data reported by Google Analytics 4 and Plausible Analytics (pages visited, referring URL, session duration, UTM parameters, and engagement events including purchase, lead, and registration conversion events fired on founder, pricing, and checkout pages)
• Cookies and similar technologies (as further described in Section 11), including the GA4 cookies set only after consent where required by applicable law, and the Meta Pixel and TikTok Pixel cookies set only after marketing-cookie consent
• Server log data (access timestamps, request method, response status, and error reports) retained solely for security, abuse detection, and service-reliability purposes

2.3 Additional Information to Be Collected Upon Initial Launch (Forward-Looking)

Once the Platform enters Initial Launch and accounts, profiles, bookings, P3RSON Coins, P3RSON Index, Smart Escrow, and related features become operative, P3RSON expects to additionally collect the following categories of personal information from users who voluntarily create Talent, Brand, or Fan accounts. P3RSON does not collect any of the following categories today:

• Account registration information (full legal name, date of birth, and profile details beyond the waitlist fields described in Section 2.1)
• Profile content (photographs, physical measurements, portfolio items, biographical information, ticker symbol, and social-media statistics) voluntarily uploaded by Talent users
• Platform communications (direct messages between Users, booking inquiries, and in-platform feedback submissions)
• Identity verification documents (government-issued ID, selfie verification, and any additional "know-your-customer" information required for Talent onboarding, Smart Escrow, or payout compliance)
• GPS location data, collected only if and when you explicitly enable location services for Smart Escrow verification, as further described in Section 8
• Biometric identifiers derived from profile photographs or identity verification (as further described in Section 22)
• Transaction records relating to P3RSON Coins, bookings, payouts, and Smart Escrow settlements
• Inferences drawn from the foregoing, including P3RSON Index scores and AI matching preferences
• Stripe recurring billing data for creator platform subscriptions (Pro/Elite) and fan-to-creator subscriptions — stored to manage billing cycles, auto-renewal, and dispute resolution
• Apple App Store receipt metadata for iOS Coin purchases — receipt identifier and verification status only; processed and stored server-side for fraud prevention and idempotency (prevents duplicate coin crediting)
• Subscription billing history — tier, monthly amount, billing date, and Stripe subscription ID stored in Firestore for billing dispute resolution and tax compliance

P3RSON will provide conspicuous notice and, where required, obtain additional consent at the point of collection before any of the categories described in this Section 2.3 are collected from you.

2.3.4 Withdrawal & Banking Information

Upon creator withdrawal enablement, P3RSON collects:

• Bank account holder name and routing number
• Bank account number (encrypted at rest, processed by Stripe, not stored by P3RSON)
• Tax identification information (SSN, ITIN, or business EIN)
• Identity verification documents (government-issued ID, selfie verification)
• Stripe Connect account ID and payout history
• Withdrawal request history and timing

2.3.5 Biometric Identifiers for Security

• Facial recognition data for Face ID/Biometric authentication (withdrawals > $500)
• Fingerprint data for Touch ID/Fingerprint authentication (optional, device-stored only)
• Device-level biometric verification does NOT transmit biometric data to P3RSON servers
• Biometric data is processed entirely on user’s device via iOS/Android native APIs
• P3RSON receives only the result of biometric verification (approved/denied), not the biometric data itself
• Users may opt out of biometric authentication and use PIN-based verification instead

2.4 Information from Third-Party Sources

• Payment and transaction metadata from Stripe, Inc. in connection with founding-tier pre-purchases and, upon Initial Launch, payouts and subsequent transactions
• Upon Initial Launch: social-media profile data, when you voluntarily link a third-party social-media account to your P3RSON profile; and publicly available information used to verify identity or detect fraud

3. Legal Bases for Processing (GDPR)

For Users located in the European Economic Area ("EEA"), the United Kingdom, or Switzerland, P3RSON processes personal data on the following legal bases under the General Data Protection Regulation ("GDPR"):

• Contract Performance (Article 6(1)(b)): Processing necessary to perform our contract with you, including account creation, transaction processing, P3RSON Coin operations, Smart Escrow, booking facilitation, and payout processing.
• Consent (Article 6(1)(a)): Processing based on your freely given, specific, informed, and unambiguous consent, including marketing communications, SMS marketing messages, non-essential cookies (analytics and marketing), GPS location collection, and Meta Pixel / TikTok Pixel tracking. You may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
• Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, provided such interests are not overridden by your fundamental rights and freedoms. This includes fraud detection and prevention, Platform security, service improvement, aggregate analytics (via Google Analytics 4 as the primary analytics platform, and Plausible Analytics for privacy-focused aggregate measurement, in each case where consent is not required under applicable law), enforcement of our Terms of Service, and direct marketing to existing customers (subject to opt-out rights).
• Legal Obligation (Article 6(1)(c)): Processing necessary to comply with applicable legal obligations, including tax reporting, financial recordkeeping, law enforcement requests, and data breach notification requirements.

3.1 Additional Legal Bases (GDPR) for Payment & Security Processing

• Payment Processing (Article 6(1)(b)): Collection of bank account details, tax ID, and identity documents is necessary to perform the contract for creator payouts via Stripe Connect.
• Biometric Processing (Article 9(2)(a)): Collection and processing of facial recognition and fingerprint data for withdrawal security is based on explicit consent provided at the time of enablement. You may withdraw consent at any time by disabling biometric authentication in account settings.
• Fraud Prevention (Article 6(1)(f)): Processing of chargeback data, device fingerprinting, and transaction patterns is necessary for our legitimate interest in preventing payment fraud and protecting creator accounts.
• Legal Obligation (Article 6(1)(c)): Collection of tax identification information is necessary to comply with IRS Form 1099-NEC reporting requirements and applicable anti-money-laundering (AML) and know-your-customer (KYC) regulations.

4. How We Use Your Information

P3RSON uses the information collected for the following purposes:

• To provide, operate, maintain, and improve the Platform and Services
• To process transactions, including P3RSON Coin purchases, gifts, booking payments, and payouts
• To calculate, update, and display your P3RSON Index score
• To match Talent with Brands using our AI-powered matching system
• To verify job completion through GPS-based Smart Escrow
• To send transactional notifications (booking confirmations, payment receipts, account alerts)
• To send marketing communications (with your prior consent; you may opt out at any time)
• To improve our Services, develop new features, and conduct internal research and analytics
• To detect, investigate, and prevent fraud, abuse, and unauthorized access
• To comply with applicable laws, regulations, and legal processes
• To enforce our Terms of Service and protect the rights, property, and safety of P3RSON, our Users, and the public

5. How We Share Your Information

P3RSON does not sell your personal information as defined under the California Consumer Privacy Act ("CCPA") or any applicable state privacy law. We may disclose your information to the following categories of recipients:

• Other Users: Your public profile, P3RSON Index score, tier level, ticker symbol, and portfolio are visible to other Platform Users. Booking details are shared between the Talent and Brand involved in a transaction.
• Payment Processors: Stripe, Inc. processes all payments on behalf of P3RSON. Stripe’s collection and use of payment data is governed by the Stripe Privacy Policy.
• Affiliates: We may share your information with our corporate affiliates, including P3RSON Studios (the marketing and content arm of P3RSON) and other entities under common ownership with P3RSON Investment Trust, for purposes consistent with this Policy, including brand marketing, content production, and audience development. All affiliates are contractually bound to protect your information in accordance with this Policy.
• Service Providers: Third-party vendors and service providers that assist us in operating the Platform (including hosting, cloud storage, analytics, email delivery, form processing, and customer support), subject to contractual obligations to protect your data. A non-exhaustive list of material service providers is set forth in Section 6 below.
• Advertising Partners: Meta Platforms, Inc. (via Meta Pixel) and TikTok, Inc. (via TikTok Pixel) may receive browsing behavior data for advertising measurement and retargeting purposes, subject to your cookie consent preferences.
• Legal Requirements: When required by applicable law, regulation, subpoena, court order, or other legal process, or when we believe in good faith that disclosure is necessary to protect the rights, property, or safety of P3RSON, our Users, or the public.
• Business Transfers: In connection with any merger, acquisition, reorganization, sale of assets, or bankruptcy proceeding involving P3RSON, your information may be transferred to the acquiring entity.
• With Your Consent: We may share your information with third parties when you have provided express consent to such disclosure.

6. Third-Party Services & Data Collected Per Service

We use the following third-party services to operate and improve the Platform. Each service receives only the data necessary for its designated function:

• Stripe, Inc. (REVISED – Payment Processing & Payouts): Upon Initial Launch, P3RSON expands use of Stripe to include:
  • Stripe Checkout: Hosted payment pages for P3RSON Coin purchases
  • Stripe Payments: Card processing for coin purchases and booking payments
  • Stripe Payment Intents: Temporary authorization holds for Smart Escrow
  • Stripe Connect: Marketplace account creation and creator payout processing
  • Stripe Identity: Identity verification for creators (government ID, selfie verification)
  • Stripe Radar: Fraud detection and scoring for chargeback prevention
  • Stripe Tax: Sales tax calculation for multi-state transactions
  • Stripe Webhooks: Real-time notification of payment events, disputes, and payouts

  Stripe receives and processes:

  • Payment card details (full card number, CVC, expiration date)
  • Billing address
  • Tax identification (SSN, ITIN, EIN)
  • Identity verification documents
  • Transaction amounts and currencies
  • Booking and booking location details
  • Creator bank account information (routed through Stripe Connect)

  P3RSON does NOT receive, store, or process raw payment card data. All payment information is collected and stored by Stripe on PCI-compliant servers. Data transfers: Stripe processes data globally and may transfer data to servers outside the EEA or UK, subject to applicable data processing agreements. Governing documents: Stripe Privacy Policy, Stripe Data Processing Agreement, Stripe Connected Account Agreement

• Mailchimp (Intuit Inc.): Email marketing and newsletters. Receives your email address, first and last name, and email engagement data (open rates, click-through rates) when you subscribe to marketing communications.
• Firebase Cloud Functions & Firestore (Google Cloud) (NEW): Firebase Cloud Functions are serverless functions that automate payment processing and user lifecycle events, including:
  • Stripe webhook processing: Real-time capture of payment events, disputes, and payouts
  • Mailchimp email automation: Automated transactional and marketing emails triggered by user actions
  • P3RSON Index recalculation: Nightly updates to scoring based on booking activity
  • Chargeback handling: Automated dispute flagging and account restrictions
  • Creator payout processing: Scheduled batch payouts to creator bank accounts

  Firebase Cloud Functions are invoked by Stripe webhooks, which pass the following data:

  • Payment transaction details (amount, currency, booking ID)
  • Customer email addresses
  • Stripe account IDs
  • Chargeback and dispute information
  • Payout status and settlement data

  Google’s data practices are governed by the Google Cloud Privacy Policy and Data Processing Agreement.

• Google Analytics 4 (Google LLC): Website usage analytics. P3RSON operates a GA4 property with measurement ID G-SFHDK4C63L that collects pseudonymized browsing data including pages visited, session duration, bounce rate, traffic source / medium, UTM parameters, device type, operating system, browser type and version, screen resolution, approximate geographic location (city-level, derived from IP address), and user interaction events. In addition to standard automatic events, P3RSON configures GA4 to record the following custom conversion events: page_view (every page load), scroll and engagement metrics, registration (waitlist sign-ups), lead (founder-form, brand-form, and newsletter submissions), begin_checkout (clicks on Stripe Checkout buttons on the pricing and founder pages, together with the associated tier name and price), and purchase (completed Stripe Checkout sessions confirmed via Stripe’s hosted success page, together with transaction amount and currency). Google Analytics uses cookies (_ga, _gid, _gat, and the GA4 session cookie _ga_G-SFHDK4C63L) with configurable retention periods. IP anonymization is enabled, and analytics cookies are set only after consent where required by applicable law. Google’s data practices are governed by the Google Privacy Policy.
• Google LLC (Apps Script / Workspace): Backend form processing and automation. Receives email address, first name, last name, referral source, and related form data submitted through the Platform (including waitlist and founding-tier registrations) for the purpose of routing submissions to downstream services such as Mailchimp. Form submissions may be transiently logged in Google Apps Script execution logs and, where applicable, a Google Sheet serving as an intake log, in each case retained on Google infrastructure subject to Google’s default retention policies and P3RSON’s internal retention schedule described in Section 9. Google’s data practices are governed by the Google Privacy Policy.
• Microsoft Corporation (Microsoft 365): Hosted corporate email for the p3rson.com domain, including customer support, legal, and privacy inboxes (e.g., [email protected], [email protected]). Microsoft processes incoming and outgoing correspondence, including privacy rights requests, customer support inquiries, and DMCA notices. Microsoft’s data practices are governed by the Microsoft Privacy Statement.
• Firefall, Inc. (Platform Development Partner): Engineering, infrastructure, and product development services engaged to build, test, and deploy the P3RSON Platform. As of the Last Updated date of this Policy, Firefall has not yet commenced processing of end-user personal information on behalf of P3RSON; Platform development is in a pre-launch phase and Firefall’s engagement covers codebase, infrastructure configuration, and internal staging data only. Upon Initial Launch, and prior to Firefall’s first processing of any personal information of Platform end users, P3RSON and Firefall shall enter into a written data processing agreement compliant with GDPR Article 28 and applicable U.S. state privacy laws that restricts Firefall’s use of personal information to the purposes of providing development, hosting, and maintenance services to P3RSON. P3RSON will update this Section 6 to reflect the scope of Firefall’s processing activities at that time.
• Plausible Analytics (Plausible Insights OÜ): Privacy-focused, cookieless website analytics used as a secondary aggregate measurement tool alongside Google Analytics 4 (which is the primary analytics platform described above). Collects aggregate page view counts, referral sources, browser type, operating system, and device type without setting cookies and without collecting personal identifiers or full IP addresses. Plausible does not track individual Users across sessions. Plausible’s data practices are governed by the Plausible Privacy Policy.
• Meta Pixel (Meta Platforms, Inc.): Advertising measurement and retargeting. May collect browsing behavior, page URLs visited, button click events, purchase conversion data, device information, and IP address for the purpose of ad delivery, measurement, and optimization on Meta platforms (Facebook, Instagram). Sets the _fbp cookie. Data is subject to Meta’s Data Policy.
• TikTok Pixel (TikTok Inc.): Advertising measurement and retargeting. May collect browsing behavior, page URLs visited, conversion events, device information, and IP address for the purpose of ad delivery and optimization on TikTok. Sets the _ttp cookie. Data is subject to TikTok’s Privacy Policy.
• Mailchimp SMS (Intuit Inc.): We use Mailchimp's SMS capabilities for transactional and marketing text messages. Your phone number and message content are shared with Mailchimp solely to facilitate message delivery. Mailchimp's data practices are governed by the Intuit Privacy Statement.

7. AI & Automated Decision-Making

P3RSON uses artificial intelligence and algorithmic systems in the following ways:

• P3RSON Index: Your score (1–100) is calculated automatically based on Reliability (30%), Market Activity (25%), Demand Signal (20%), Profile Readiness (15%), and Community Engagement (10%). This score affects your visibility, search ranking, and matching priority with Brands.
• AI Matching: Our algorithm matches Talent with Brand opportunities based on availability, location, style, P3RSON Index score, and other profile attributes.
• Recommendations: We may use automated systems to surface relevant Talent, bookings, or content to Users.

Right to Explanation: You have the right to request a meaningful explanation of how automated decisions affect you, including the factors that contributed to your P3RSON Index score. To request an explanation, contact [email protected].

Right to Contest: If you believe an automated decision has adversely affected you, you may request human review by contacting us at [email protected]. We shall acknowledge your request within five (5) business days and provide a substantive response within thirty (30) days.

Synthetic Media in Marketing

P3RSON (including through its marketing arm, P3RSON Studios) uses AI-generated personas, voices, likenesses, imagery, and video in its own marketing, advertising, and brand communications distributed on third-party platforms such as Meta (Facebook, Instagram) and TikTok. These personas are fictional and do not represent real individuals. Where such content features a persona that a reasonable consumer might believe to be a real person, P3RSON shall disclose, clearly and conspicuously within the content or accompanying caption, that the persona is AI-generated, in accordance with the U.S. Federal Trade Commission’s Guides Concerning the Use of Endorsements and Testimonials in Advertising (16 C.F.R. Part 255) and applicable state synthetic-media disclosure laws. P3RSON does not use the personal information of Platform Users to train, fine-tune, or personalize the generative models that produce this marketing content without separate, explicit consent.

8. GPS & Location Data

P3RSON uses GPS location data solely for Smart Escrow verification—confirming that Talent has arrived at a booking location to trigger payment release. Location data is:

• Collected only when you explicitly grant permission and have an active booking requiring check-in verification
• Used only at the moment of check-in verification during active bookings
• Not continuously tracked, monitored, or stored beyond the verification event
• Deleted from our systems promptly upon completion of the booking verification
• Never sold, licensed, or disclosed to third parties for advertising or marketing purposes

Opting Out: You may revoke location permissions at any time through your device settings or by contacting us at [email protected]. Please note that disabling location services shall prevent you from using the Smart Escrow check-in feature, and alternative verification methods may be required to complete bookings.

9. P3RSON Index & Public Data

Your P3RSON Index score (1–100), tier level, and ticker symbol are public by design. These are core features of the Platform that enable Talent discovery, booking, and marketplace transparency. By creating a profile, you consent to the public display of this information.

Gifting activity, booking history details, and earnings are private and visible only to you unless you affirmatively choose to share them.

10. Virtual Currency (P3RSON Coins)

When you use P3RSON Coins, we collect and store the following data:

• Coin balance and transaction history (purchases, gifts sent and received, booking payments)
• Payout history and amounts
• Transaction timestamps and associated User interactions

P3RSON Coins constitute a limited license, not a property right. Coins hold no monetary value outside the Platform, are not legal tender, are not a stored-value instrument under applicable state or federal money transmitter laws, and may not be redeemed for cash or any other form of compensation except as expressly provided in the Terms of Service. Coin transaction data is retained for as long as your account is active and for a minimum of seven (7) years thereafter as required for legal, tax, and regulatory compliance purposes.

11. Payment Card Data & PCI Compliance (NEW)

8.1 P3RSON's Non-Storage of Payment Card Data

P3RSON does NOT collect, store, or process credit card numbers, security codes (CVC), or expiration dates. All payment card data is:

• Collected directly by Stripe on Stripe-hosted checkout pages
• Encrypted and stored by Stripe on PCI-compliant servers
• Never transmitted to or stored on P3RSON’s infrastructure
• Processed exclusively by Stripe’s Payment Intents and Connect APIs

8.2 PCI Compliance

Because P3RSON does not directly process or store payment card data, P3RSON is NOT subject to PCI DSS (Payment Card Industry Data Security Standard) compliance. Stripe is PCI DSS Level 1 certified (the highest level).

8.3 Payment Information You Provide

When you make a purchase or set up a creator payout:

• You provide payment card information directly to Stripe
• You authorize Stripe to charge your card on behalf of P3RSON
• You authorize Stripe to transfer funds to your bank account (for creators)

Your payment card data is governed by Stripe’s Privacy Policy and is separate from P3RSON’s Privacy Policy.

8.4 Data Breach Notification

If P3RSON experiences a data breach affecting personal information (but not payment card data), P3RSON shall:

• Notify affected users within 72 hours (as required by GDPR)
• Notify regulators within applicable timeframes
• Provide credit monitoring services if sensitive personal information is compromised

Payment card breaches are handled by Stripe and are subject to Stripe’s data breach notification obligations.

12. Creator Withdrawal Data & Bank Account Information (NEW)

9.1 Bank Account Information

When creators set up payouts via Stripe Connect, we collect:

• Bank account holder name
• Routing number
• Account number (encrypted)
• Account type (checking, savings)

This information is:

• Collected by Stripe, not P3RSON
• Used exclusively for payout processing
• Encrypted in transit and at rest
• Retained only as long as the creator account is active
• Deleted upon account termination (30-day retention thereafter for records)

9.2 Tax Identification & Compliance Data

Creators in the United States provide:

• Full Legal Name
• Social Security Number (SSN) or Individual Taxpayer Identification Number (ITIN)
• Date of Birth
• Address

This information is:

• Required for IRS Form 1099-NEC reporting
• Collected and retained by Stripe
• Used to verify identity and screen against government sanctions lists
• Retained for 7 years (IRS retention requirement)
• Never shared with third parties except as required by law

9.3 Identity Verification Documents

Stripe may require:

• Copy of government-issued ID (passport, driver’s license)
• Selfie verification photo
• Proof of address (utility bill, bank statement)

These documents are:

• Collected and stored by Stripe
• Scanned and verified automatically
• Deleted by Stripe after verification (typically 30 days)
• Retained longer if disputes or chargebacks occur

9.4 Withdrawal History & Transaction Records

P3RSON retains records of:

• Withdrawal requests and approval timestamps
• Payout amounts and processing status
• Bank account last 4 digits (for identification purposes)
• Failed withdrawal attempts and retry attempts

This data is:

• Used for dispute resolution and fraud detection
• Retained for 3 years for accounting and legal compliance
• Accessible to creators via their account history
• Never shared with third parties except as required by law or upon creator’s request

9.5 Biometric Data for Withdrawal Security

When creators authenticate withdrawals using biometric data:

• Facial recognition (Face ID): Processed locally on iOS device via SecureEnclave
• Fingerprint (Touch ID): Processed locally on iOS/Android via Biometric Framework
• Device PIN: Stored on device via OS keychain/keystore

Biometric data is:

• NEVER transmitted to P3RSON servers
• NEVER stored by P3RSON
• NEVER used for facial recognition beyond withdrawal authentication
• Controlled entirely by the user’s device operating system
• Subject to iOS/Android biometric privacy policies

P3RSON receives only a boolean result (authentication succeeded/failed), not the biometric template or raw biometric data itself.

9.6 Retention & Deletion of Withdrawal Data

Upon account termination:

• P3RSON retains transaction records for 3 years (tax/legal compliance)
• Bank account information is deleted from Stripe after 30 days
• Tax ID information is retained for 7 years (IRS requirement)
• Biometric data is never stored by P3RSON; it remains on user’s device only
• Creators may request deletion of personal information subject to legal hold requirements

13. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate the Platform, analyze usage, and deliver targeted advertising. You may disable non-essential cookies through our consent banner or your browser settings, though some features may not function properly without them.

Cookie Categories

• Strictly Necessary Cookies: Required for login, session management, cookie consent preferences, security (CSRF protection), and load balancing. These cookies are essential for the Platform to function and cannot be disabled. Legal basis: legitimate interest / contract performance.
• Functional Cookies: Enable enhanced functionality and personalization, such as remembering your language preference, display settings, and recently viewed profiles. These cookies are not strictly necessary but improve your experience. You may opt out of functional cookies.
• Analytics Cookies: Help us understand how visitors interact with the Platform. This includes cookies set by Google Analytics 4, specifically: _ga (expires: twenty-four (24) months), _gid (expires: twenty-four (24) hours), and _gat (expires: one (1) minute); and a session-level persistence identifier (_ga_*) scoped to our configured GA4 property (expires: twenty-four (24) months). Plausible Analytics does not set cookies. We shall request your consent before setting analytics cookies where required by applicable law.
• Marketing / Advertising Cookies: Used to deliver relevant advertising and measure ad effectiveness. This includes cookies set by the Meta Pixel (_fbp, expires: ninety (90) days) and TikTok Pixel (_ttp, expires: thirteen (13) months) for retargeting purposes. We shall request your consent before setting marketing cookies.

Managing Cookies

When you first visit P3RSON, you shall be presented with a cookie consent banner allowing you to accept or decline non-essential cookies by category. You may update your preferences at any time through the cookie settings link in our footer. You may also control cookies through your browser settings, install browser extensions that block tracking, or use Google’s opt-out tools for Analytics.

14. SMS Communications

If you provide your phone number and consent to receive SMS messages, we may send you:

• Transactional messages: Booking confirmations, payment notifications, account verification codes, and Smart Escrow alerts
• Marketing messages: Promotions, new features, and Platform updates (only with your explicit opt-in consent)

Frequency: Message frequency varies based on your activity. Transactional messages are sent as needed; marketing messages shall not exceed four (4) per month.

Opt-Out: You may opt out of SMS messages at any time by replying STOP to any message. You may also manage your SMS preferences in your account settings or by contacting [email protected].

Rates: Message and data rates may apply. Consult your wireless carrier for details.

SMS Provider & Number: SMS messages are delivered through Mailchimp (Intuit Inc.) from +1 (917) 947-3315. Your phone number is shared with Mailchimp solely for message delivery purposes.

15. Data Security

We implement reasonable administrative, technical, and physical security measures appropriate to the nature and sensitivity of the personal information actually collected at each stage of the Platform’s development. As of the Last Updated date of this Policy, and consistent with the Pre-Launch Scope Notice in Section 2, such measures include encryption in transit (TLS 1.2 or higher) for all data submitted through p3rson.com; secure payment processing through Stripe, Inc. (which is certified as PCI DSS Level 1 compliant); access controls inherited from our hosting and productivity sub-processors, including Microsoft 365 and Google Workspace administrative role-based access controls; and vendor-managed encryption at rest for data stored within Stripe, Mailchimp, Google Workspace, and Microsoft 365. Prior to Initial Launch and the collection of the additional categories of personal information described in Section 2.3, P3RSON shall implement additional technical and organizational security measures appropriate to those categories, including, as applicable, encryption at rest for biometric and identity-verification data, periodic security assessments (including a formal third-party security review prior to Initial Launch), and documented incident-response procedures. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

16. Data Breach Notification

In the event of a data breach involving your personal information that is reasonably likely to result in a risk to your rights and freedoms, P3RSON shall:

• Notify affected Users without undue delay, and in any event within seventy-two (72) hours of becoming aware of the breach (as required under GDPR Article 33), or within the timeframe required by applicable state law (e.g., sixty (60) days under CCPA, as applicable)
• Notify the relevant supervisory authority (for EEA Users) within seventy-two (72) hours of becoming aware of the breach
• Provide a description of the nature of the breach, the categories and approximate number of individuals affected, the likely consequences of the breach, and the measures taken or proposed to address the breach
• Deliver notification via email to the address associated with your account, and where required by law, through additional means such as postal mail or conspicuous posting on the Platform

17. Data Retention

We retain your account data for as long as your account remains active or as necessary to provide the Services. If you delete your account, we shall remove your personal information within thirty (30) days, except where we are required to retain it for legal, tax, or compliance purposes. Specifically:

• Profile data and User content are deleted within thirty (30) days of account closure
• Transaction and payment records are retained for seven (7) years for tax and legal compliance
• GPS verification data is deleted promptly after booking completion
• Communication logs may be retained for up to one (1) year for dispute resolution
• Anonymized and aggregated data (which does not constitute personal information) may be retained indefinitely for analytics and service improvement

18. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold regarding you
• Request correction of inaccurate or incomplete information
• Request deletion of your information (subject to legal retention requirements)
• Object to or restrict processing of your information
• Data portability (receive your data in a structured, commonly used, machine-readable format such as JSON or CSV)
• Withdraw consent for marketing communications at any time
• Lodge a complaint with your applicable data protection authority

To exercise any of these rights, contact us at [email protected]. We shall verify your identity before processing your request and respond within the timeframe required by applicable law.

19. GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and applicable local implementing legislation. Data Protection Officer: P3RSON has conducted a formal assessment of its obligation to appoint a Data Protection Officer (“DPO”) pursuant to Article 37 of the GDPR. Based on P3RSON’s current scale and nature of processing activities, P3RSON has determined that mandatory DPO appointment is not required at this time. P3RSON will reassess this determination upon any material change in processing activities, including any large-scale processing of special categories of personal data or systematic monitoring of data subjects at scale. Data protection inquiries may be directed to [email protected] with the subject line “Data Protection Inquiry.”

• Right of Access (Article 15): You may request a copy of the personal data we hold regarding you.
• Right to Rectification (Article 16): You may request that we correct any inaccurate or incomplete personal data.
• Right to Erasure (Article 17): You may request that we delete your personal data, subject to certain legal exceptions (e.g., compliance with legal obligations, establishment or defense of legal claims).
• Right to Restrict Processing (Article 18): You may request that we limit how we use your data in certain circumstances.
• Right to Data Portability (Article 20): You may request your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Right to Object (Article 21): You may object to processing based on legitimate interests, including profiling and automated decision-making (such as the P3RSON Index).
• Right Not to Be Subject to Automated Decision-Making (Article 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where such processing is necessary for contract performance, authorized by law, or based on your explicit consent.
• Right to Withdraw Consent (Article 7): Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any GDPR right, contact us at [email protected] with the subject line “GDPR Request.” We shall respond within thirty (30) days. You also have the right to lodge a complaint with your local data protection supervisory authority. EU/UK Representative: As of the Last Updated date of this Policy, P3RSON operates a public pre-launch marketing website and waitlist, does not offer the Platform’s paid services to data subjects in the European Economic Area or the United Kingdom, and does not monitor the behavior of EEA or UK data subjects within the meaning of Article 3(2) of the GDPR or the equivalent provision of the UK GDPR, and therefore takes the position that the representative-appointment obligation under Article 27 of the GDPR and Article 27 of the UK GDPR is not currently triggered. If and when P3RSON offers the Platform’s paid services to, or intentionally monitors the behavior of, data subjects in the EEA or the United Kingdom on a scale that triggers Article 27, P3RSON shall, prior to such activities, designate in writing a representative established in the European Union and a representative established in the United Kingdom, and shall update this Policy to identify each such representative and provide contact information. In the interim, EEA and UK data protection inquiries may be directed to P3RSON, Inc. at [email protected] with the subject line “EU/UK Data Protection Inquiry.”

20. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA") provide you with additional rights regarding your personal information:

Categories of Personal Information Collected

Currently Collected (Pre-Launch). As of the Last Updated date of this Policy, and consistent with the Pre-Launch Scope Notice in Section 2, in the preceding twelve (12) months P3RSON has collected only the following categories of personal information from California residents who have visited the public marketing website, subscribed to the waitlist, or pre-purchased a founding tier: (i) identifiers, consisting of email address, first name, last name, referral source, optional phone number, IP address, and pseudonymous online identifiers associated with cookies and pixels; (ii) commercial information, consisting of the transaction identifier, amount, currency, and tier selection returned by Stripe Checkout for founding-tier pre-purchases; and (iii) internet or electronic network activity information, consisting of Google Analytics 4 and Plausible Analytics event data, server logs, and Meta Pixel / TikTok Pixel events set only after marketing-cookie consent. P3RSON has not, in the preceding twelve (12) months, collected any biometric information, precise geolocation, professional information, education information, or sensitive personal information from California residents through the Platform.

To Be Collected Upon Initial Launch (Forward-Looking). Once the Platform enters Initial Launch and the features described in Section 2.3 become operative, P3RSON expects to additionally collect the following categories of personal information from California residents who voluntarily create Talent, Brand, or Fan accounts: identifiers (full legal name, date of birth, phone number, and account credentials); additional commercial information (P3RSON Coin balances, booking history, payout history, and Smart Escrow transaction records); additional internet or electronic network activity information (in-platform browsing and engagement data); precise geolocation (GPS data, only where explicitly enabled for Smart Escrow verification); biometric information (facial geometry derived from profile photographs and identity verification, as further described in Section 22); professional or employment-related information (portfolio items, physical measurements, and Talent profile content voluntarily submitted by Users); and inferences drawn from the foregoing (P3RSON Index scores and AI matching preferences). P3RSON will update this Section 18 and provide conspicuous notice upon commencing collection of any of the foregoing categories.

Your CCPA/CPRA Rights

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected regarding you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share your information.
• Right to Delete: You may request that we delete your personal information, subject to certain exceptions permitted by law.
• Right to Correct: You may request that we correct inaccurate personal information.
• Right to Opt Out of Sale/Sharing ("Do Not Sell or Share My Personal Information"): P3RSON does not sell your personal information as defined by the CCPA. P3RSON does not share your personal information for cross-context behavioral advertising as defined by the CPRA. If our practices change, we shall provide a conspicuous “Do Not Sell or Share My Personal Information” link on our homepage and honor all opt-out requests.
• Right to Non-Discrimination: We shall not discriminate against you for exercising any of your CCPA/CPRA rights, including by denying goods or services, charging different prices, or providing a different level of quality.
• Right to Limit Use of Sensitive Personal Information: P3RSON collects certain categories of sensitive personal information (“SPI”) as defined under the CPRA, including without limitation: precise geolocation data (collected for Smart Escrow verification); biometric identifiers (profile photographs and identity verification data); and physical characteristics (as voluntarily provided in Talent profiles). You have the right to direct P3RSON to limit its use and disclosure of your SPI to that which is necessary to perform the Services, or as otherwise permitted under Cal. Civ. Code § 1798.121. To exercise this right, you may: (i) submit a written request to [email protected] with the subject line “Limit Sensitive PI Request”; or (ii) use the “Limit the Use of My Sensitive Personal Information” link located in the footer of our website. P3RSON will honor all verified requests within forty-five (45) days of receipt, with a single forty-five (45)-day extension available where reasonably necessary upon prior notice to you.

To exercise any of these rights, contact us at [email protected] with the subject line “California Privacy Request.” We shall verify your identity before processing your request and respond within forty-five (45) days. This period may be extended by an additional forty-five (45) days where reasonably necessary, with prior notice to you.

You may also designate an authorized agent to submit requests on your behalf. We may require proof of written authorization and identity verification before processing an agent-submitted request.

California “Shine the Light” (Civil Code § 1798.83)

California residents may request information regarding the disclosure of personal information to third parties for their direct marketing purposes. As stated above, P3RSON does not disclose personal information to third parties for their direct marketing purposes.

21. Additional U.S. State Privacy Rights

If you are a resident of Virginia, Colorado, or Connecticut, you may have additional rights under applicable state privacy legislation:

Virginia Consumer Data Protection Act (VCDPA)

Virginia residents have the right to: access their personal data; correct inaccuracies; delete personal data; obtain a portable copy of personal data; and opt out of the processing of personal data for targeted advertising, sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects. To exercise these rights, contact [email protected] with the subject line “Virginia Privacy Request.” We shall respond within forty-five (45) days. You may appeal a denial of your request by contacting us, and we shall respond to the appeal within sixty (60) days.

Colorado Privacy Act (CPA)

Colorado residents have the right to: access their personal data; correct inaccuracies; delete personal data; obtain a portable copy of personal data; and opt out of the processing of personal data for targeted advertising, sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects. To exercise these rights, contact [email protected] with the subject line “Colorado Privacy Request.” We shall respond within forty-five (45) days. You may appeal a denial of your request, and we shall respond to the appeal within forty-five (45) days.

Connecticut Data Privacy Act (CTDPA)

Connecticut residents have the right to: access their personal data; correct inaccuracies; delete personal data; obtain a portable copy of personal data; and opt out of the processing of personal data for targeted advertising, sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects. To exercise these rights, contact [email protected] with the subject line “Connecticut Privacy Request.” We shall respond within forty-five (45) days. You may appeal a denial of your request, and we shall respond to the appeal within sixty (60) days.

22. International Data Transfers

P3RSON is headquartered in the United States. If you access the Platform from outside the United States, your personal information may be transferred to, stored, and processed in the United States and other countries that may not provide the same level of data protection as your home jurisdiction.

For transfers of personal data from the EEA, United Kingdom, or Switzerland to the United States, P3RSON relies on the following data transfer mechanisms:

• EU-U.S. Data Privacy Framework: P3RSON is actively evaluating certification under the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework as administered by the U.S. Department of Commerce. Until such certification is obtained and verified, P3RSON does not rely on the Data Privacy Framework as a transfer mechanism and will update this Policy upon completion of formal certification. In the interim, international data transfers are governed exclusively by the Standard Contractual Clauses and supplementary measures described below.
• Standard Contractual Clauses (SCCs): P3RSON relies on the European Commission’s Standard Contractual Clauses (as adopted under Commission Implementing Decision (EU) 2021/914) as its primary cross-border transfer mechanism for personal data originating in the EEA, United Kingdom, and Switzerland. Such Standard Contractual Clauses are, as applicable, incorporated by reference into, and form part of, the Data Processing Agreements published by P3RSON’s sub-processors, including without limitation Stripe, Inc. (Stripe DPA), Google LLC (Google Cloud and Workspace Processor Terms), Microsoft Corporation (Microsoft Products and Services DPA), Intuit Inc. (Mailchimp), Meta Platforms, Inc., and TikTok Inc., in each case as accepted by P3RSON as part of its engagement with such sub-processor. Upon Initial Launch and at any time a new sub-processor that transfers personal data outside the EEA is engaged, P3RSON shall ensure that an appropriate SCC-based or other Chapter V-compliant transfer mechanism is in place prior to commencing such transfers.
• Supplementary Measures: Where necessary, we implement additional technical and organizational measures (including encryption, pseudonymization, and access controls) to ensure an essentially equivalent level of protection for transferred data.

By using the Platform, you acknowledge and consent to the transfer of your information to the United States and other jurisdictions as described in this Section. You may contact [email protected] to request a copy of the applicable Standard Contractual Clauses.

23. Data Processing Agreements

Where P3RSON processes personal data on behalf of Brand Users (i.e., as a data processor), or where Brands process personal data obtained through the Platform, P3RSON shall enter into a Data Processing Agreement ("DPA") that complies with applicable data protection laws, including GDPR Article 28. The DPA shall set forth the subject matter and duration of processing, the nature and purpose of processing, the types of personal data processed, the categories of data subjects, and the obligations and rights of the controller.

Brand Users that require a DPA may request one by contacting [email protected] with the subject line “DPA Request.”

24. Biometric Data

Certain features of the Platform may involve the collection, storage, or processing of biometric identifiers or biometric information as defined under applicable state law, including the Illinois Biometric Information Privacy Act ("BIPA"), the Texas Capture or Use of Biometric Identifier Act ("CUBI"), and the Washington My Health My Data Act, as well as similar laws in other jurisdictions.

For purposes of this Section, "Biometric Data" includes photographs, facial geometry extracted from photographs or videos, and other biometric identifiers or information submitted by you when creating or verifying your profile, uploading portfolio content, or using identity verification features on the Platform.

Collection Notice and Consent

Illinois Residents — Pre-Collection Notice (BIPA): Prior to the collection of Biometric Data from Illinois residents, P3RSON shall present a separate, standalone written disclosure at the point of collection (i.e., prior to and separate from the profile photograph upload interface) that satisfies the written notice requirements of 740 ILCS 14/15(b), including the specific purpose for which Biometric Data is being collected, stored, and used, and the specific length of term for which such data will be retained. P3RSON shall obtain a separate written release, executed by the individual (or their legally authorized representative) whose Biometric Data is to be collected, prior to any collection. The following provisions apply to all Users regardless of jurisdiction: By uploading a profile photograph or video or otherwise submitting Biometric Data to the Platform, you:

• Acknowledge that you have read this Biometric Data Section and understand that P3RSON may collect, store, use, and/or transmit your Biometric Data solely for the purposes described herein
• Affirmatively and voluntarily consent to P3RSON’s collection, storage, and use of your Biometric Data as described in this Policy
• Represent and warrant that you are the individual depicted in any photographs or videos you submit, or that you have obtained all necessary consents from the depicted individual(s)

Purpose and Use

P3RSON uses Biometric Data solely for the following purposes: profile creation and identity verification; fraud detection and prevention; ensuring that profile photographs accurately represent the Talent; and as required to provide the Services. P3RSON does not use Biometric Data for advertising, marketing, or any purpose beyond operating and securing the Platform.

Retention and Destruction

Biometric Data is retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law, whichever is shorter. Specifically:

• Biometric Data is retained no longer than three (3) years from the date of collection, or until the applicable user’s account is closed, whichever is earlier, unless otherwise required by law
• Upon the occurrence of the applicable retention trigger, Biometric Data is permanently destroyed using commercially reasonable methods
• Third-party service providers that process Biometric Data on our behalf are subject to written agreements requiring equivalent retention and destruction standards

Disclosure and Transfer

P3RSON does not sell, lease, trade, or otherwise profit from Biometric Data. P3RSON does not disclose Biometric Data to third parties except: (a) to service providers acting as data processors under contractual obligations of confidentiality, solely to facilitate the Services; (b) as required by applicable law, legal process, or government order; or (c) with your explicit, informed written consent.

Illinois Residents (BIPA)

If you are an Illinois resident, you have the right to know whether P3RSON has collected, captured, purchased, received through trade, or otherwise obtained your biometric identifier or biometric information. You have the right to request deletion of your Biometric Data, subject to applicable retention requirements. To exercise these rights, contact [email protected] with the subject line “BIPA Request.”

25. Do Not Track

Some browsers include a “Do Not Track” (“DNT”) feature that signals to websites that a user does not wish to have their browsing activity tracked. The Platform does not currently respond to DNT browser signals or similar mechanisms because there is no industry-standard framework for how such signals should be interpreted. We will revisit this policy if a standard for DNT signals is adopted in the future.

Regardless of DNT signals, you may manage your tracking preferences by: (a) adjusting your cookie consent preferences through our cookie consent banner; (b) opting out of Google Analytics using the Google Analytics Opt-Out Browser Add-on; (c) opting out of Meta advertising via your Meta Ad Preferences; or (d) adjusting your browser privacy settings. Plausible Analytics (our primary analytics tool) does not track individual users across sessions and does not use cookies, regardless of DNT settings.

26. Live Streaming Data & Real-Time Processing

24.1 Live Stream Data Collection

When Talent Users broadcast live streams on the Platform, we collect and process the following categories of data in real time:

• Video & Audio: The raw video and audio streams broadcasted during the live session
• Viewer Metadata: List of viewers currently watching, viewer count, viewer locations (approximate, derived from IP geolocation), and viewer identities (Usernames) if account-linked
• Interaction Data: Chat messages, emojis, reactions, and comments posted during the stream by viewers
• Gift & Payment Data: Gift transactions sent during the stream, including gift type, quantity, sender identity, timestamp, and monetary value converted to diamonds
• Stream Metadata: Stream start time, end time, stream title, description, thumbnail, duration, geographic location (if shared by Talent), and stream performance metrics (peak concurrent viewers, average viewers, engagement rate)
• Technical Data: IP address of the broadcaster, device type, operating system, app version, internet connection quality, stream quality parameters (resolution, bitrate, framerate), and streaming errors or disruptions
• Compliance Data: Whether eligibility guardrails were verified (account age, identity verification status, P3RSON Index score at time of broadcast) and any policy violations detected

24.2 Real-Time Processing & Moderation

Live stream content is processed in real time through the following mechanisms:

• AWS Interactive Video Service (IVS): Raw video and audio are transmitted to AWS IVS for real-time encoding, transcoding, and distribution to viewers. AWS processes the stream according to their Privacy Notice and serves as a data processor on our behalf
• AI-Powered Content Moderation: Live stream video and audio are analyzed in real time by automated AI systems to detect prohibited content, including nudity, violence, hate speech, and other policy violations. These AI systems operate continuously during broadcast and may terminate streams automatically if violations are detected
• Chat Moderation: Chat messages and comments are scanned in real time for spam, hate speech, harassment, and other prohibited conduct. Messages may be filtered, hidden, or deleted automatically
• Analytics Processing: Viewer count, engagement metrics, and gifting data are aggregated and transmitted to our analytics and financial reporting systems in real time

24.3 Live Stream Data Retention

• Raw Broadcasts (Non-VOD): Live stream video and audio that are not saved as Video-on-Demand (VOD) are automatically deleted from AWS IVS within thirty (30) days of the broadcast end time. These broadcasts are not retrievable by P3RSON or Users after deletion
• Video-on-Demand (VOD) Recordings: If a Talent User elects to save their stream as a VOD recording, the video file is retained in P3RSON’s storage. Talent Users may delete their VOD recordings at any time through their account settings. VOD recordings not manually deleted by the User are retained for the lifetime of the User’s account, unless P3RSON removes the recording due to policy violations or legal requirements
• Chat Logs & Interaction Data: Chat messages, comments, and viewer reaction data are retained for ninety (90) days after the stream ends, then deleted. Chats may be retained longer if they are involved in a dispute, investigation, or legal matter
• Stream Metadata & Analytics: Aggregated viewer counts, engagement metrics, gifting data, and performance analytics are retained for twelve (12) months for Talent analytics and revenue reporting purposes
• Compliance & Moderation Records: Records of policy violations, content moderation actions, and eligibility verifications are retained for as long as necessary for legal compliance, dispute resolution, and law enforcement cooperation

24.4 Third-Party Service Providers

Live stream data is shared with the following third-party service providers who process data on our behalf:

• Amazon Web Services (AWS Interactive Video Service): Processes real-time video/audio encoding, storage, and distribution. AWS is located in the United States. For AWS data processing terms, see aws.amazon.com/privacy
• AI Content Moderation Services: Third-party AI moderation APIs analyze video and audio for prohibited content. These services may process video frames and audio samples as part of moderation analysis
• Payment Processors (Stripe): Gift and payment transaction data is shared with Stripe for payment processing and anti-fraud analysis
• Analytics Platforms (Google Analytics, Plausible Analytics): Aggregated, non-personally-identifiable stream metrics are shared with analytics services to measure Platform performance

24.5 Law Enforcement & Legal Preservation

P3RSON retains the right to preserve and disclose live stream data (including raw video, chat logs, and metadata) in response to valid legal process, including subpoenas, court orders, warrants, and legal holds. P3RSON shall provide law enforcement with requested data in a timely manner to the extent required by applicable law. In some circumstances, we may be required to preserve data related to live streams before receiving formal legal process. If you believe your live stream data has been disclosed improperly, you may contest the disclosure through the procedures outlined in our Data Request Guidelines.

24.6 User Rights & Control

• Talent Users may access their own stream metadata, viewer analytics, and gifting reports through their Dashboard
• Talent Users may delete VOD recordings at any time, which removes the video from the Platform
• Talent Users may request deletion of associated data (chat logs, metadata) by contacting [email protected] with the subject line "Stream Data Deletion Request"
• Viewers may request deletion of their personal data (username, watch history, gift history) in accordance with Section 16 (Your Rights) of this Privacy Policy
• Data deletion requests may be delayed or denied if the data is necessary for dispute resolution, law enforcement cooperation, or legal compliance

27. Children’s Privacy

The Platform and Services are not intended for, and shall not be used by, individuals under eighteen (18) years of age in the United States, or under sixteen (16) years of age in the European Economic Area. P3RSON does not knowingly collect personal information from individuals below the applicable age threshold. If we become aware that we have collected personal information from a minor below the applicable age threshold, we shall delete such information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected].

28. Accessibility

P3RSON is committed to ensuring digital accessibility for individuals with disabilities. We endeavor to comply with the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA and applicable provisions of the Americans with Disabilities Act (ADA). If you experience any difficulty accessing any part of the Platform, including this Privacy Policy, please contact us at [email protected] and we shall make reasonable efforts to provide the information in an accessible format.

29. Changes to This Policy

We may update this Privacy Policy from time to time. We shall notify you of material changes by posting the revised Policy on this page, updating the “Last updated” date, and, where required by applicable law, providing notice via email or in-app notification at least thirty (30) days prior to the effective date of material changes. Your continued use of the Platform after the effective date of the revised Policy constitutes your acceptance of the updated terms. If you do not agree with the changes, you must discontinue use of the Services.

30. Contact Us

If you have questions regarding this Privacy Policy, wish to exercise your privacy rights, or need to report a data protection concern, contact us at:

31. Location Data & Geolocation Services

The P3RSON mobile application collects GPS location data only when you explicitly enable location services for specific features, as described below. We use the expo-location library, a privacy-respecting geolocation service available on iOS and Android via Expo framework.

29.1 When We Collect Location Data

• Location Tagging on Posts (Optional): When creating a post, you may tap the location button to tag your current city. This triggers a one-time request for your GPS coordinates using expo-location's getCurrentPositionAsync() method.
• Smart Escrow Verification (Booking Completion): Upon completing a booking, if location verification is enabled for the engagement, your GPS coordinates are collected once to confirm job completion at the designated location.
• Analytics Geolocation (City-Level Only): Your city-level location (derived from your IP address) is collected via Google Analytics 4 with IP anonymization enabled, for aggregate analytics and regional performance insights.

29.2 Reverse Geocoding Service

When you enable location for post tagging or Smart Escrow, your GPS coordinates are passed to expo-location's reverse geocoding service, which converts raw latitude/longitude into a human-readable address (city, state). This data is processed as follows:

• Coordinates are sent to Apple Maps (iOS) or Google Maps API (Android) via Expo's managed service
• The API returns street address, city, state, postal code, and country information
• P3RSON stores only the city and state as the location tag on the post; raw GPS coordinates are discarded immediately after reverse geocoding completes
• Apple and Google have their own privacy policies governing location data. See apple.com/privacy and google.com/privacy

29.3 Location Data Storage & Retention

• Post Location Tags: City-level location tags are stored on posts within P3RSON's Firestore database. These tags are retained as long as the post exists, and are deleted when the post is removed by the user or P3RSON.
• Smart Escrow Verification Records: GPS coordinates used for job completion verification are hashed and stored in encrypted form in P3RSON's Firestore only for audit and dispute resolution purposes. These records are retained for twelve (12) months, then deleted.
• Raw GPS Coordinates: Raw latitude/longitude data from your device is never stored by P3RSON. It is used only transiently during reverse geocoding and then immediately discarded.
• City-Level Analytics: Your city (from IP address) is stored in Google Analytics 4 and is subject to Google's data retention policies (see Google Analytics Data Retention).

29.4 Permissions & Opt-Out

• On iOS and Android, you will be prompted with a system permission dialog the first time location access is requested. You may grant "Allow Once," "Allow While Using App," or "Deny."
• You can revoke location permissions at any time through your device's Settings (Settings > P3RSON > Location).
• If you revoke location permissions, P3RSON will not collect GPS data, and location-based features (post location tagging, Smart Escrow verification) will be unavailable.
• City-level analytics cannot be disabled without disabling Google Analytics entirely via your device's Do Not Track setting or your CCPA opt-out.

29.5 User Rights

• You may request deletion of location tags from your posts by contacting [email protected]
• You may request deletion of Smart Escrow location verification records by contacting [email protected]
• Under GDPR Article 17 (Right to be Forgotten), EU Users may request complete deletion of location data (see Section 36)
• Under CCPA § 1000 et seq., California Users may request deletion of personal information including location data (see Section 20)

32. Content Metadata & User-Generated Content Features

The P3RSON mobile app allows you to create posts with rich metadata: visibility controls, location tags, and @mentions of other Talent. This metadata is stored and used to personalize your experience and feed others.

30.1 Post Visibility Controls

When creating a post, you may select the audience:

• Public: Post is visible to all Platform users and anyone who discovers your profile
• Followers Only: Post is visible only to users who follow your profile
• Fans Only: Post is visible only to users who have sent you P3RSON Coins (supporters)

The visibility setting is stored on the post metadata in Firestore. P3RSON uses this data to enforce feed access controls (i.e., hiding followers-only posts from non-followers) and for analytics to measure visibility-preference distribution across Talent.

30.2 Location Tagging & Metadata

When you tag a location on a post, the city name (derived from reverse geocoding; see Section 29) is stored as post metadata. This data is used for:

• Displaying the location tag on your post for viewers
• Enabling Brands to filter Talent by geographic location when searching for bookings
• Aggregate analytics on location-based content creation (city-level heatmaps of Talent activity)

Location metadata is retained as long as the post exists. When you delete the post, the location tag is permanently removed.

30.3 @Mention Features

You may mention other Talent users by typing "@" followed by their name. When you mention a user, the following data is processed:

• Mention Data: The mentioned user's name and user ID are stored as metadata on the post
• Notifications: The mentioned user is sent an in-app notification that they were tagged in your post
• Attribution: Mentions are used in analytics to track collaboration and cross-promotion between Talent

If you remove a @mention by editing your post, the notification remains in the mentioned user's notification history but the mention tag is removed from the post metadata. Mentioned users cannot opt out of being mentioned, but they can filter or mute notification types in their account settings.

30.4 Content Metadata & Analytics

P3RSON tracks the following content metadata for analytics and service improvement:

• Post creation timestamp and content type (photo, video, carousel)
• Visibility setting (public, followers, fans) for engagement analysis
• Number of likes, comments, saves, and shares for performance metrics
• Location tag frequency and geographic distribution of Talent
• @Mention co-occurrence patterns for collaboration graph analysis
• Hashtag usage and trending topics

This metadata is aggregated and anonymized before being used in internal analytics and machine-learning models. Individual user activity is not disclosed to third parties unless required by law or expressly consented to.

31. "Not Interested" Feature & Feed Filtering

The P3RSON mobile app includes a "Not Interested" option in the post context menu, allowing you to hide specific posts from your feed. This feature is designed to improve your feed experience by filtering out content you don't want to see.

31.1 How "Not Interested" Works

• When you tap "Not Interested" on a post, the post is immediately hidden from your personal feed view
• This is a client-side-only operation — the action is stored in your local device cache and in your account's hidden-post list in Firestore
• The post creator is never notified that you selected "Not Interested"
• P3RSON does not report the specific post or creator as "low-quality" or "disliked" to other users

31.2 Data Collection & Retention

• When you select "Not Interested," P3RSON stores the post ID in your account's hidden-post list (a Set of post IDs in Firestore)
• This data is retained for as long as your account is active, allowing P3RSON to remember your preferences across sessions
• You may undo a "Not Interested" action by scrolling back and re-opening the hidden post (if you remember its content)

31.3 Aggregate Pattern Analysis

While individual "Not Interested" actions are not reported to creators, P3RSON may analyze aggregate patterns of hidden posts across all users to identify:

• Posts that are frequently hidden (potential quality or policy issues)
• Content categories that users are hiding more frequently (category preferences)
• Creator content quality trends (if a creator's posts are hidden at high rates)

This aggregate data is used only to improve the Platform (e.g., adjusting feed algorithms, recommending feature improvements to creators). Individual users are not identified in this analysis.

31.4 Deletion & User Control

• You may request deletion of your "Not Interested" history by contacting [email protected]
• If a creator deletes their post, the post ID is automatically removed from all users' hidden-post lists
• Under GDPR/CCPA, you may request deletion of your entire hidden-post history as part of your personal data deletion request (see Section 36)

34. Sponsored Posts & Brand Advertising

P3RSON displays sponsored (promoted) posts in users' feeds as a revenue model. Sponsored posts are marked with a "Sponsored" label and include brand information, call-to-action buttons, and tracking data.

32.1 Sponsored Post Identification

• Sponsored posts display a "Sponsored" label (gray text, top-left) clearly indicating they are promotional content
• A brand logo and name appear in a bar at the bottom of the sponsored post overlay
• A call-to-action button (e.g., "Shop Now," "Learn More," "Book a Creator") replaces the standard Follow button
• Sponsored posts are subject to the same content moderation policies as organic posts

32.2 Click Tracking & Analytics

When you click on a sponsored post's call-to-action button, P3RSON collects and stores the following data:

• Timestamp of the click
• Your user ID and profile tier (Talent, Brand, or Fan)
• The sponsored post ID and brand ID
• The CTA text and destination URL
• Your device type and IP address (anonymized)

This data is stored in P3RSON's analytics database for the following purposes:

• Measuring click-through rates (CTR) and engagement metrics for sponsors
• Calculating campaign ROI and billing for sponsors
• Improving sponsored post targeting and placement
• Fraud detection (identifying fake clicks or suspicious patterns)

32.3 Data Sharing with Brands & Sponsors

• Aggregate Metrics: P3RSON provides sponsors with aggregate click-through rate, impressions, and engagement data (non-personally-identifiable)
• User Segment Data: Sponsors may receive demographic breakdowns (e.g., "45% Talent, 55% Fan; 60% iOS, 40% Android") without individual identifiers
• No Personal Information: P3RSON does not disclose your name, email, location, or other personal information to sponsors

32.4 Third-Party Tracking & Pixels

Sponsors may include tracking pixels or conversion-tracking code in their landing pages or external websites. P3RSON does not control these third-party trackers. When you click on a sponsored post and visit the sponsor's website, you become subject to the sponsor's privacy policy and tracking practices. See the privacy policy of the sponsor for more information.

32.5 Data Retention

• Click and impression data for sponsored posts is retained for twelve (12) months for billing and analytics purposes
• Older data is aggregated and archived, then deleted after three (3) years
• You may request deletion of your sponsored-post interaction history by contacting [email protected]

32.6 FTC Compliance & Endorsement Disclosures

When Talent users participate in brand campaigns or receive compensation for sponsored content featuring their profile, such content must comply with FTC Endorsement Guides. Talent users are responsible for clearly disclosing their financial relationships with brands. P3RSON does not automatically add FTC-compliant disclosures to posts, and Talent users must manually include disclosures (e.g., "#ad", "#sponsored") in their captions. P3RSON reserves the right to remove content that violates FTC requirements.

35. Exclusive Content & Paid Unlocks

Talent users may gate certain posts as "exclusive content," requiring Fans to purchase P3RSON Coins to unlock and view the post. This feature enables creators to monetize premium content.

33.1 How Exclusive Content Works

• When a post is marked as exclusive, the media (photo/video) is displayed with a blurred overlay and a lock icon
• Fans see a button stating "Unlock for X Coins 💎" (where X is the price set by the Talent)
• When a Fan clicks "Unlock," P3RSON debits their Coin wallet and grants access to the exclusive post
• Once unlocked, the Fan may view the post unlimited times in the future

33.2 Coin Purchases & Payment Processing

Fans purchase P3RSON Coins through the in-app payment system. See Section 34 (Payment Processing & PCI Compliance) for details on how coin purchases are processed and secured.

33.3 Revenue Sharing & Creator Payouts

• P3RSON retains 50% of Coin revenue from exclusive unlocks; the Talent creator receives 50%
• Creator earnings are calculated daily and made available for withdrawal via the Withdrawal screen (see Smart Escrow section in Terms of Service)
• Payout data (amount, date, recipient bank account) is retained indefinitely for financial recordkeeping and tax reporting

33.4 Unlock History & User Data

• Your unlock history (which exclusive posts you've accessed and when) is stored in your account and visible only to you and P3RSON
• Creators can see aggregate unlock counts and total revenue from exclusive posts, but cannot see individual fan names or unlock timestamps (to protect fan privacy)
• P3RSON uses unlock data to calculate creator earnings and detect fraud (unusual unlock patterns suggesting abuse)

33.5 Refunds & Disputes

If you believe you were charged for an exclusive unlock in error, or the content is not as described, you may file a dispute within seven (7) days of the unlock. P3RSON will review the dispute and may issue a Coin credit to your wallet. See Section 10.4 of the Terms of Service for the full refund and chargeback policy.

33.6 Data Retention & User Rights

• Exclusive unlock records are retained for twelve (12) months for accounting and dispute resolution
• You may request deletion of your unlock history by contacting [email protected]
• Deletion of unlock history does not affect your payment records or creator earnings (which are retained per tax law)

36. Payment Processing & PCI Compliance

P3RSON processes payments for P3RSON Coin purchases, bookings, and other transactions through Stripe, Inc., a PCI Level 1 service provider. P3RSON does not directly handle, store, or process credit card data, bank account numbers, or other sensitive payment information.

34.1 Payment Processing & Stripe Integration

• Stripe Checkout Sessions: For Coin purchases and one-time transactions, you are redirected to Stripe-hosted checkout pages. Your payment information is collected directly by Stripe, not by P3RSON.
• Stripe Connect: For Talent payouts and creator earnings withdrawals, Stripe Connect is used to transfer funds to creator bank accounts. See Section 10 (Smart Escrow & Creator Payouts) of the Terms of Service for payout details.
• Tokenization: Stripe returns a token (a non-sensitive identifier) to P3RSON after payment is authorized. P3RSON stores only this token, not the actual payment method data.

34.2 Payment Metadata Collected by P3RSON

After payment processing, P3RSON stores the following non-sensitive metadata in Firestore:

• Transaction ID (generated by Stripe)
• Amount and currency (e.g., $9.99 USD)
• Timestamp of transaction
• Payment method type (e.g., "credit_card", "apple_pay", "google_pay") — no card number, CVV, or expiration date
• Stripe customer ID (a tokenized identifier, not PII)
• Purpose of transaction (e.g., "Coin Purchase", "Booking Payment", "Subscription Renewal")
• Your user ID (linked to your P3RSON account)

34.3 PCI Compliance & Security

• PCI DSS: P3RSON is compliant with the Payment Card Industry Data Security Standard (PCI DSS) by outsourcing payment processing to Stripe. P3RSON does not store, process, or transmit card-present or card-not-present transaction data.
• Encryption: All payment data in transit between your device, P3RSON's servers, and Stripe's servers is encrypted using TLS 1.2 or higher.
• Tokenization: Only Stripe-generated payment method tokens are stored by P3RSON, never actual card numbers or sensitive bank information.
• Stripe's Security: Stripe holds PCI Level 1 certification. See Stripe Security and Stripe Privacy Policy for more information.

34.4 Failed & Disputed Transactions

• Failed Payments: If a payment fails (e.g., card declined), Stripe returns an error code. P3RSON logs this (without storing payment details) for debugging and user support.
• Disputes & Chargebacks: If you dispute a charge with your bank or card issuer, Stripe handles the chargeback dispute process. See Section 10 (Smart Escrow) of the Terms of Service for chargeback liability and protection.
• Refunds: Refunds are processed through Stripe and credited back to your original payment method within 5–10 business days.

34.5 Data Retention

• Transaction metadata (ID, amount, timestamp) is retained indefinitely for accounting, tax reporting, and audit purposes
• Stripe payment tokens are retained as long as your account is active, to enable future transactions and refunds
• Stripe's own data retention policies apply to payment method data stored on their servers. See Stripe Privacy Policy for details.

36A. Subscription & Recurring Billing Data

P3RSON stores billing history for creator platform subscriptions (Pro/Elite) and fan-to-creator subscriptions in Firestore. This data includes tier, monthly amount, billing date, Stripe subscription ID, and status. It is used to manage auto-renewal cycles, process cancellations, resolve billing disputes, and satisfy tax reporting obligations.

Stripe manages payment method storage and recurring charge execution for all subscription products — P3RSON does not store raw card numbers or CVV codes. Apple independently manages payment method data for all iOS StoreKit Coin purchases; P3RSON receives only a receipt identifier and verification status from Apple.

Subscription billing history is retained for 7 years for tax compliance and 3 years for dispute resolution, consistent with the general transaction retention schedule in §17.

37. Biometric Authentication & Secure Storage

The P3RSON mobile app supports biometric authentication (fingerprint and face recognition) as a convenience and security feature. Biometric data is never transmitted to P3RSON's servers; it is processed and stored only on your device's secure enclave.

35.1 How Biometric Authentication Works

• iOS: Biometric authentication uses Apple's Face ID (facial recognition) or Touch ID (fingerprint) through the LocalAuthentication framework. Biometric data is processed by the secure enclave (a dedicated processor isolated from the main CPU).
• Android: Biometric authentication uses Android's BiometricPrompt API, which supports fingerprint and face recognition depending on device hardware. Biometric data is processed by the device's secure TEE (Trusted Execution Environment).
• When you enable biometric login, P3RSON stores only a locally-generated encryption key (not the biometric data itself) on your device. The key is used to unlock your session without requiring a password.

35.2 Data Stored Locally, Not Transmitted

• Your fingerprint, facial features, or other biometric data are never sent to P3RSON's servers
• Biometric data remains entirely on your device, managed by Apple's Secure Enclave (iOS) or Android's TEE (Android)
• P3RSON cannot access, view, or store your biometric data
• If you disable biometric login or delete the P3RSON app, the locally-stored encryption key is removed, and biometric data on your device remains under the control of your device OS

35.3 Opt-In & Opt-Out

• Biometric login is entirely optional. You may sign in with your email and password instead.
• If you enable biometric login and later wish to disable it, go to Settings > Security > Biometric Login and toggle it off.
• Disabling biometric login does not affect your ability to use the app; you will simply sign in with your password each time.

35.4 Security & Limitations

• Biometric authentication relies on your device's security hardware and OS. The strength of biometric security depends on your device's implementation and your device's physical security.
• If someone gains physical access to your unlocked device, they may be able to access your P3RSON account. Always lock your device.
• If your device is stolen or compromised, contact [email protected] immediately to deactivate your account.

38. Your Privacy Rights (GDPR, CCPA, & Other Jurisdictions)

Depending on your location, you have certain legal rights regarding your personal information. This section summarizes your rights under the GDPR (EEA, UK, Switzerland), CCPA (California), and similar privacy laws in other jurisdictions.

36.1 GDPR Rights (European Economic Area, UK, Switzerland)

If you are located in the EEA, UK, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of Access (Article 15): You may request a copy of all personal information P3RSON holds about you, including the categories of data, purposes, and recipients. P3RSON will provide this information within 30 days of your request, free of charge (except for manifestly unfounded or excessive requests).
• Right to Rectification (Article 16): If your personal information is inaccurate or incomplete, you may request that P3RSON correct or supplement it. Examples: updating your name, email address, profile information, or account details.
• Right to Erasure (Article 17): You may request deletion of your personal information in certain circumstances, such as if the data is no longer necessary, if you withdraw consent, or if the processing is unlawful. P3RSON will delete your data within 30 days unless a legal basis (e.g., tax law, fraud prevention) requires retention. Note: Some data may be retained for legal, financial, or security reasons.
• Right to Restrict Processing (Article 18): You may request that P3RSON limit the use of your personal information (e.g., restricting automated profiling) while you contest its accuracy or investigate a violation.
• Right to Data Portability (Article 20): You may request that P3RSON provide your personal information in a structured, commonly-used, machine-readable format (e.g., CSV, JSON) so you can port it to another service.
• Right to Object (Article 21): You may object to processing based on legitimate interests or direct marketing. You may also object to automated decision-making and profiling. P3RSON will cease processing unless we have a compelling legal basis.
• Right to Withdraw Consent (Article 7(3)): If P3RSON processes your data based on your consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint (Article 77): You may file a complaint with your local data protection authority (e.g., the ICO in the UK, CNIL in France) if you believe your rights have been violated.

36.2 CCPA Rights (California Residents)

If you are a resident of California, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know (CCPA § 1798.100): You may request the categories and specific pieces of personal information P3RSON collects about you, the sources, and the purposes. P3RSON will provide this within 45 days, free of charge.
• Right to Delete (CCPA § 1798.105): You may request deletion of personal information collected from you, subject to exceptions for legal compliance, fraud prevention, and security. P3RSON will delete your data within 45 days (unless an exception applies).
• Right to Correct (CPRA § 1798.100(e)): You may request correction of inaccurate personal information. P3RSON will correct the information within 45 days.
• Right to Opt-Out of Sales (CCPA § 1798.100(d)): P3RSON does not "sell" personal information as defined by the CCPA. However, you may opt out via the "Do Not Sell My Personal Information" link in the footer of this Privacy Policy or by clicking your CCPA Opt-Out link.
• Right to Limit Use (CPRA § 1798.120): You may request that P3RSON limit the use of your personal information to purposes necessary to provide the services or complete transactions. Click Limit Use of My Information to exercise this right.
• Non-Discrimination (CCPA § 1798.125): P3RSON will not discriminate against you for exercising your CCPA/CPRA rights. You will not be denied service, charged different prices, or provided different quality of service for exercising your privacy rights.

36.3 How to Exercise Your Rights

To exercise any of the rights above, send a request to:

P3RSON will respond to your request within the timeframe required by applicable law (typically 30–45 days). If your request is complex, we may extend the deadline by an additional 30 days with notice to you.

36.4 Authorized Agent

If you wish to authorize a representative (agent) to submit a privacy request on your behalf, your agent may submit the request with a signed power of attorney or other legally-sufficient authorization. P3RSON will verify the agent's authority before processing the request.

36.5 Opt-Out of Marketing Communications

You may opt out of marketing emails and SMS messages at any time by:

• Clicking the "Unsubscribe" link at the bottom of any marketing email
• Replying "STOP" to any marketing SMS message
• Contacting [email protected] with the subject line "Unsubscribe from Marketing"

P3RSON will honor your opt-out request within ten (10) business days. Note: Transactional emails (order confirmations, password resets, account alerts) cannot be opted out of, as they are necessary to operate your account.