Privacy Policy

1. Overview

This Privacy Policy describes how Podiumbase (‘we’, ‘us’) collects, uses, and shares information about you when you use podiumbase.io (the ‘Platform’).

2. Information We Collect

Account information: name, email address, password (hashed). For Providers: business name, payout account information (collected and stored by Stripe; we receive only a tokenized reference). Transaction information: purchases, refunds, and license records. Photographs and biometric matching data: Providers upload photographs. The Platform may compute face-recognition embeddings from those photographs to enable Athletes to find photos of themselves. Athletes may consent to face-matching by uploading a reference selfie; biometric embeddings derived from your selfie are stored only while you have an active matching consent and are deleted upon revocation, as described in our consent management system. Usage information: pages visited, features used, device and browser metadata. Communications: email correspondence with our support team.

3. How We Use Information

To provide and operate the Platform (matching, transactions, communications). To process payments via Stripe. To detect and prevent fraud and abuse. To comply with legal obligations.

4. How We Share Information

With Stripe for payment processing. With Resend for transactional email delivery. With Supabase for hosted infrastructure and storage. We do NOT sell personal information.

5. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or export your personal information. To exercise these rights, contact us via /legal/contact. EU/UK residents: you have rights under the GDPR. California residents: you have rights under the CCPA / CPRA.

6. Biometric Consent

Face-recognition embeddings are derived from Athlete-uploaded reference selfies only with explicit consent. You may revoke consent at any time in account settings; revocation triggers deletion of biometric embeddings within 72 hours.

7. Data Retention

Account and transaction records are retained as required for tax and accounting purposes (typically 7 years). Biometric embeddings are deleted upon consent revocation as described in Section 6.

8. Children

The Platform is not directed to children under 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent.

9. International Transfers

Your information may be processed in the United States and other countries where our service providers operate. We rely on appropriate transfer mechanisms (Standard Contractual Clauses where applicable).

10. Changes to This Policy

We may update this Policy from time to time. Material changes will be notified to registered users via email or in-Platform notification.

11. Contact

Privacy questions: contact us via /legal/contact.

Last revised: May 18, 2026