Privacy Policy

The data controller responsible for processing your personal data is:

2.1 Account data (creators)

When you register or sign in, we collect your email address and, if you use Google sign-in, your Google profile name and avatar. This is required to operate your account and authenticate you.

2.2 Content data (creators)

We store the content you create: unlocker titles, descriptions, destination URLs, thumbnails, task configurations, and any files you upload to our asset storage.

2.3 Usage & analytics data

We collect anonymized page-view events and unlock interaction events (e.g., how many times a link was viewed or unlocked) to power creator dashboards and improve the platform. IP addresses used for fraud detection are stored in truncated form and are not linked to individual identities.

2.4 Technical data

Standard server logs include IP addresses, browser user-agent strings, and timestamps. These are retained for up to 30 days for security and abuse-prevention purposes and are not used for advertising profiling.

2.5 Earn Program data

If you enroll in the Earn Program, we collect payout information you provide (e.g., Wise account details or bank details) solely to process payments. This data is handled with heightened security controls and is never shared with advertisers.

• Contract performance (Art. 6(1)(b)): Processing your email and account data is necessary to provide the platform services you signed up for.
• Legitimate interests (Art. 6(1)(f)): Security logging, fraud prevention, and aggregated analytics are processed on the basis of our legitimate interest in keeping the platform safe and improving the service.
• Legal obligation (Art. 6(1)(c)): We may retain certain data to comply with applicable tax, accounting, or regulatory requirements.

• Authenticating you and operating your account.
• Displaying your published unlockers to visitors on the platform.
• Providing analytics dashboards showing views, unlocks, and earnings.
• Processing Earn Program payouts.
• Detecting and preventing fraud, abuse, and Terms of Service violations.
• Sending transactional emails (magic link sign-in, payout notifications, policy updates). We do not send unsolicited marketing emails.
• Improving and debugging the platform.

• Google OAuth

  If you choose to sign in with Google, your browser communicates with Google's authentication servers. Google's Privacy Policy applies to that interaction.

• Advertising (Earn Program)

  When the Earn toggle is active on an unlocker, our advertising partner may serve an ad to the visiting user. Standard advertising identifiers (user agent, country inferred from IP) may be shared with the ad network for ad delivery. No account-level personal data is shared with advertisers.

• Hosting & infrastructure

  We use cloud infrastructure providers to host our servers and store uploaded files. All providers are bound by data processing agreements and handle data only on our instructions.

• Account and content data is kept for as long as your account is active.
• After account deletion, your data is removed within 30 days, except where retention is required by law (e.g., tax records may be retained for up to 10 years under German law).
• Server access logs are retained for a maximum of 30 days.
• Aggregated, anonymized analytics are retained indefinitely as they cannot be linked to individuals.

If you are located in the European Economic Area, you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Ask us to correct inaccurate data.
• Erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Restriction: Request that we restrict processing of your data in certain circumstances.

To exercise any of these rights, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.

We use session cookies strictly necessary for authentication (keeping you signed in). We do not use third-party advertising cookies or tracking pixels on our own pages. Analytics data is collected server-side from our own logs rather than via browser-side tracking scripts.

If the Earn Program serves ads, the ad network may set its own cookies subject to its own cookie policy.

We implement industry-standard security measures including HTTPS encryption in transit, hashed authentication tokens, and access controls on our infrastructure. No system is perfectly secure — if you discover a vulnerability, please disclose it responsibly to [email protected].

We are based in Germany. If we transfer your data outside the EEA (e.g., to a cloud provider with servers in the United States), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of the page. Material changes will be communicated to registered creators by email. Continued use of the platform after changes take effect constitutes acceptance of the revised policy.

Privacy questions or requests: [email protected]. See our contact page for response time information.