Privacy Policy

When you create an account, we collect your email address and any optional information you add to your profile (display name, business details, etc.).

When you use Piggybak, we collect:

• Activity data — which offers you've claimed, which referral links you've created and shared, link clicks, transaction history.
• Device and connection data — IP address, browser type, device type. Used for security and abuse prevention.
• Payment data — handled by Stripe; we receive transaction confirmations and amounts but do not store full payment instrument details (card numbers, etc.).

To operate the platform: routing referrals, calculating commissions, processing payments, and sending transactional emails (claim confirmations, receipts, commission notifications).

To improve the platform: aggregated usage analytics, A/B testing of UX changes.

To communicate with you: occasional product updates. You can opt out of non-essential emails.

We don't sell your data. We don't share it with advertisers.

We use these providers to operate Piggybak. Each processes data on our behalf under their own privacy practices:

• Supabase — database and authentication
• Stripe (including Stripe Connect) — payment processing and payouts
• Resend — transactional email delivery
• Vercel — application hosting
• Google Places — business search/discovery (when locals invite businesses)

We use first-party cookies for two purposes:

• Authentication — keeping you signed in across page loads.
• Referral attribution — remembering that a buyer was referred by a specific local, so commissions flow correctly.

We don't use third-party advertising cookies.

• Access — request a copy of data we hold about you.
• Delete — delete your account at any time from your dashboard. This deletes most associated data within 30 days. Some transaction records are retained for legal and tax compliance (see below).
• Export — request a machine-readable copy of your data.

To exercise these rights, email hello@piggybak.com.

• Account and activity data: while your account is active, plus 30 days after deletion.
• Transaction records: 7 years (US tax compliance).
• Email communications: 2 years.

Piggybak isn't intended for users under 18. We don't knowingly collect data from children. If you believe a child has provided us data, please email us and we'll delete it.

Piggybak is operated from the United States. If you're using Piggybak from outside the US, your data is processed and stored in the US under US law.

Material changes to this policy will be emailed to all account holders at least 14 days before taking effect.

Privacy questions? Email hello@piggybak.com.