P3RSON Privacy Policy

1. Introduction & Regulatory Compliance

P3RSON ("Company," "we," "us," "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in accordance with all applicable laws.

Regulatory Compliance Framework

This Privacy Policy implements key regulations including GDPR (EU 2016/679), CCPA (Cal. Civ. Code § 1798.100+), COPPA (15 USC § 6501), GLBA (15 USC § 6801–6809), and IRS Code § 6041. Full details available in Section 1 regulatory table.

2. Information We Collect & Third-Party Sharing

2.1 Information You Provide

2.2 Stripe Data Sharing

Payment data transferred to Stripe under GDPR Article 28 (processor agreement), CCPA § 1798.140(g) (service provider), and GLBA § 6809(a). Stripe is PCI DSS Level 1 certified and bound by DPA with Standard Contractual Clauses.

2.3 Guardian Email Verification

6-digit verification codes sent to guardian emails, expired and deleted after 24 hours. Guardian email visible only to minor and guardian, never to brands/creators.

2.4 Admin Access & Audit Logging

Admins can view team member data with restrictions (no passwords, payment methods, tax data). Booking thread access limited to dispute resolution with immutable append-only audit logs retained 5 years.

2.5 & 2.6 Analytics & Third-Party Services

Analytics collected: impressions, clicks, engagement, session data (30-day retention for raw events). Third-party services: AWS IVS, Google Cloud Vision, SendGrid, Firebase Analytics all with specific data handling and retention policies.

3. How We Use Your Information

4. Data Retention Schedule

Data TypeDurationRationale
Account ProfileUntil deletedCore requirement
Payments/Transactions7 yearsTax reporting (IRS)
Audit Logs5 yearsLegal compliance
Messages1yr (searchable), 7yr (archive)History + legal hold
Analytics IDs30 days (raw), 1 year (hashed)Anonymization
Sessions24 hoursActive only

5. User Rights & Control

6. Security Measures

7. Cookies & Tracking

Essential: Session token, user preferences, CSRF token

Analytics: Firebase Analytics, Google Analytics (users can disable via Settings)

No third-party cookies, ad networks, or data broker sales.

8. International Data Transfers

9. Children's Privacy & Parental Controls (COPPA)

10. Changes to Privacy Policy

Material changes require 30-day notice via email. Continued use constitutes acceptance. Users can request old versions.

11. Contact & Data Privacy Rights

Privacy Inquiries

GDPR Data Subject Requests

California Consumer Rights (CCPA)

↑ Top