Privacy Policy

At Stitch Social, your privacy isn't just a policy—it's a promise. We believe you should own your data, understand how it's used, and have full control over your digital presence.

This Privacy Policy explains what information we collect, why we collect it, and how you can manage it. We've written this in plain English because legal jargon benefits no one.

Stitch Social is operated by Cold Harbor Digital. Your use of the Service is also governed by our [Terms of Service](/terms), which includes our Acceptable Use Policy.

Last Updated: May 2026

Information You Provide: • Account details (email, username, profile info) • Date of birth (used to verify you meet age requirements and to gate teen accounts; the precise DOB is stored, the derived age group is used for access decisions) • Content you create (videos, comments, stitches) • Messages you send to other users • Payment information when you purchase Hype Coins — handled directly by Stripe, Inc. (web) or Apple Inc. (iOS in-app purchase). Card numbers and full billing details are never stored on our servers; we receive transaction confirmations, receipt IDs, and last-four digits. • Hype Coin balance, purchase history, and tip activity (sent and received) • For creators receiving payouts: identity-verification information collected by Stripe under our Connect program (legal name, date of birth, tax ID, bank account details). This data is collected and held by Stripe directly under Stripe's [Privacy Policy](https://stripe.com/privacy). We receive verification status and your unique Stripe Connect account ID, not the underlying KYC data itself.

Information We Collect Automatically: • Device information (type, operating system, app version) • Usage data (features used, content viewed, engagement signals) • Log data (IP address, browser type, timestamps) • Crash and performance diagnostics

What We DON'T Collect: • We don't access your contacts without permission • We don't read your private messages for ads • We don't sell your data to third parties. Ever. • We don't store your full card or bank details on our servers — those live with Stripe or Apple.

Why we ask for camera access: Stitch Social uses the camera to let you record video posts, video comments, and live streams, and to apply optional visual face filters (e.g., AR effects that overlay graphics on your face).

TrueDepth API (iOS only): On supported iPhones, the face-filter feature uses Apple's TrueDepth camera and the ARFaceTrackingConfiguration API to anchor visual filters to facial landmarks in real time. This is what makes face filters track your expression and movement.

What we do with face data: • Face landmark tracking is processed entirely on-device in real time using Apple's ARKit framework. • The face mesh, depth map, and facial-feature data are never transmitted off your device, never sent to Stitch Social's servers, never sent to any third party, and never stored. • Only the final rendered video — the visible output, the same as any other recorded video — is uploaded if you choose to publish it. The underlying face data used to render the filter is discarded. • Face data is not used for identification, authentication, advertising, training models, profiling, or any purpose other than rendering the visual filter you selected. • You can disable face filters at any time by simply not using them — camera access can also be revoked entirely in iOS Settings → Privacy → Camera.

We use your information to:

Run the Platform: • Create and manage your account • Display your content to your audience • Enable interactions with other creators

Process Payments and Payouts: • Process Hype Coin purchases via Stripe (web) and Apple IAP (iOS) • Credit Hype Coins to your account and reconcile balances • Process tips between users and accrue creator earnings • Facilitate creator payouts through Stripe Connect, including identity verification • Issue tax forms where required by law (e.g., U.S. Form 1099-K) • Detect and prevent fraudulent transactions

Improve Your Experience: • Personalize your feed based on interests • Recommend creators you might like • Remember your preferences and settings

Keep Everyone Safe: • Detect and prevent fraud or abuse • Enforce our Terms of Service and Acceptable Use Policy • Investigate reports of policy violations • Protect against security threats • Apply age-appropriate access controls (under-13 block, teen gating)

Communicate With You: • Send important account notifications • Share updates about new features • Respond to your support requests

We will NEVER use your data to: • Target you with manipulative advertising • Sell your information to data brokers • Create psychological profiles for exploitation

Public by Default (Your Choice): • Profile information you choose to share • Videos and content you post publicly • Your tier status and engagement

Shared With Service Providers: We share specific data with the following providers as needed to run the Service. Each is bound by data-protection agreements and uses your data only for the purposes we authorize:

• Stripe, Inc. — payment processing for web Hype Coin purchases; identity verification and payout processing for creators via Stripe Connect. See [Stripe's Privacy Policy](https://stripe.com/privacy). • Apple Inc. — in-app purchase processing for iOS Hype Coins. Apple handles billing under its own privacy terms. • Google Firebase (Google LLC) — authentication, database (Firestore), push notifications (FCM), file storage (Cloud Storage), and serverless functions (Cloud Functions). See [Google's Privacy Policy](https://policies.google.com/privacy). • OpenAI, L.L.C. — optional auto-generation of video titles, descriptions, and hashtags from audio. We send the audio track of a video to OpenAI only when the feature is invoked; we do not send your account data, message content, or browsing history. • Email and analytics tools — to send transactional emails and understand aggregate platform usage. We choose vendors that minimize data collection.

We do not share personally identifiable data with advertisers or data brokers.

Creator Payouts and Stripe Connect: Creators who receive earnings on the Service complete Stripe Connect onboarding, during which Stripe collects identity-verification information (KYC) directly. This is required by financial regulations. Each creator is assigned a unique Stripe Connect account ID associated with their Stitch Social profile, and Stripe processes payouts to their connected bank account. We receive only the verification status and the Connect account ID — not the underlying KYC documents.

We May Disclose Data If: • Required by law, subpoena, or valid legal process • Necessary to enforce our Terms of Service or AUP • Necessary to investigate fraud, security incidents, or threats to safety • Required to report child-safety violations to the National Center for Missing & Exploited Children (NCMEC) or law enforcement • You give us explicit permission • In a corporate transaction (merger, acquisition, asset sale), in which case we will provide notice before your data is transferred under different privacy terms

We Will Never: • Sell your personal information • Share your data with advertisers • Give governments backdoor access

You Can Always:

🔒 Adjust Privacy Settings Control who sees your content, who can message you, and who can stitch your videos.

📥 Download Your Data Request a complete copy of all data we have about you.

🗑️ Delete Your Account Remove your account and all associated data permanently.

✏️ Edit Your Information Update your profile, change your email, or modify your preferences anytime.

🚫 Opt Out Disable personalized recommendations or analytics tracking.

To exercise any of these rights, visit your account settings or email privacy@stitchsocial.me

Technical Safeguards: • End-to-end encryption for private messages • Secure HTTPS connections everywhere • Regular security audits and penetration testing • Two-factor authentication available

Organizational Measures: • Strict employee access controls • Regular privacy training for our team • Incident response procedures • Data minimization practices

What You Can Do: • Use a strong, unique password • Enable two-factor authentication • Be cautious about what you share publicly • Report suspicious activity immediately

We keep your data only as long as we need to for the purposes described in this policy.

Active Accounts: • Profile data, content, and engagement history are retained while your account is active.

Deleted Accounts: • When you delete your account, we remove your profile and content from the Service within 30 days. Backups are purged within 90 days. • Direct messages may persist in the recipient's inbox unless the recipient also deletes them. • Stitched/quoted derivatives of your content may remain on the Service, attributed to the original (now-deleted) author as "Deleted user."

Payment and Financial Records: • Transaction records (purchases, tips, payouts) are retained for at least 7 years to comply with tax, accounting, and anti-fraud obligations. This includes records of Hype Coin purchases via Stripe and Apple, and creator payouts via Stripe Connect. • KYC records held by Stripe under Connect are retained by Stripe per their retention schedule.

Safety and Enforcement Records: • Records of policy violations, account suspensions, and abuse reports are retained for up to 2 years after the related account is terminated, to identify repeat offenders and respond to legal requests.

Logs: • Server and access logs are retained for up to 90 days for security and debugging.

Legal Holds: We may retain specific data longer where required by law, subpoena, or active legal claim.

Stitch Social is operated from the United States. Our service providers, including Stripe, Apple, Google Firebase, and OpenAI, may process your data in the United States and other countries.

For EU/EEA, UK, and Swiss residents: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to transfer personal data from the EU/EEA to the United States and other jurisdictions that do not have an adequacy decision. Our service providers are responsible for safeguarding your data in accordance with applicable law.

Your Rights: EU/EEA, UK, Swiss, and California residents have specific rights regarding their personal data, including the right to access, correct, delete, port, and (in certain cases) object to or restrict processing. To exercise these rights, contact privacy@stitchsocial.me.

Essential Cookies: Required for the platform to function. These keep you logged in and remember your preferences.

Analytics Cookies: Help us understand how people use Stitch Social so we can improve. You can opt out in settings.

What We Don't Do: • No third-party advertising cookies • No cross-site tracking • No selling cookie data

You can manage cookie preferences in your browser settings or through our cookie banner.

Stitch Social is not intended for children under 13. We collect date of birth at sign-up and automatically block any account that identifies as under 13 (COPPA compliance). The account is disabled and any associated data is deleted in accordance with this policy.

Teens (13–17): Accounts identified as teens are gated to a limited "kid-safe" experience while we build age-appropriate features. Teens cannot purchase Hype Coins, send or receive tips, or receive creator payouts.

Reporting a Suspected Underage Account: If you believe a child under 13 has provided us with personal information, contact us immediately at privacy@stitchsocial.me. We will investigate and delete the account and associated data.

CSAM and Child Safety: We report child sexual abuse material to the National Center for Missing & Exploited Children (NCMEC) and cooperate with law enforcement.

We may update this Privacy Policy from time to time. When we do:

• We'll post the updated policy on this page • We'll update the "Last Updated" date • For significant changes, we'll notify you via email or in-app notification

We encourage you to review this policy periodically. Your continued use of Stitch Social after changes constitutes acceptance of the updated policy.

Have questions about your privacy or how to exercise your rights? We're here to help.

Privacy & data requests: privacy@stitchsocial.me Billing & payments: billing@stitchsocial.me Abuse reports: abuse@stitchsocial.me Security disclosures: security@stitchsocial.me General inquiries: hello@stitchsocial.me

Stitch Social is operated by Cold Harbor Digital. For terms of use and enforcement information, see our [Terms of Service](/terms).

We aim to respond to privacy-related inquiries within 48 hours.

For EU/EEA, UK, Swiss residents: You have rights under GDPR/UK GDPR/FADP. Contact privacy@stitchsocial.me to exercise your rights or lodge a complaint with your local data protection authority.

For California residents: Under the CCPA/CPRA, you have rights to know, access, delete, correct, and limit certain uses of your personal information. You may also opt out of "sharing" for cross-context behavioral advertising — we do not engage in this practice. Contact privacy@stitchsocial.me to exercise these rights.