Privacy Policy
Last updated: May 15, 2026
1. Who we are
UpsideShare ("we", "us", "our") operates the website upsideshare.com. This policy explains how we collect, use, store, and protect your personal data when you use our platform.
2. Data we collect
We collect the following categories of personal data:
Account data: name, email address, and profile information provided through Google OAuth when you sign up.
Stripe data: when you connect your Stripe account via OAuth, we receive read-only access to transaction data (charges, customers, coupons) for the purpose of revenue attribution. We do not store full payment card numbers or bank account details.
Usage data: pages visited, actions taken on the platform, browser type, IP address, and device information. Collected via privacy-friendly analytics (Umami, no cookies).
Deal and application data: deal terms you create or apply to, revenue figures attributed to your tracking links, ledger entries, and equity contract details.
Waitlist data: email address and role (brand or creator) submitted through our waitlist form.
3. How we use your data
We use your data to:
Provide the platform: match brands with creators, track revenue attribution via Stripe, calculate commissions, generate equity contract PDFs, and manage the payout ledger.
Communicate with you: send transactional emails (waitlist confirmation, deal notifications, payout alerts) via Resend.
Improve the platform: analyze usage patterns to fix bugs, improve performance, and develop new features.
We do not sell your personal data. We do not use your data for advertising.
4. Legal basis (GDPR)
For users in the European Economic Area (EEA), we process data under the following legal bases: (a) contract performance (providing the platform services you signed up for), (b) legitimate interest (improving security and platform quality), and (c) consent (waitlist signup, optional communications).
5. Data sharing
We share data only with the following third-party processors, each under their own privacy policies:
Supabase (database hosting, EU region): stores account data, deal data, and ledger entries.
Vercel (website hosting): serves web pages, receives IP addresses and request metadata.
Stripe (payment verification): we access your Stripe data via OAuth. Stripe processes payments independently.
Resend (transactional email): receives email addresses to deliver platform notifications.
We may also share data if required by law or to protect our legal rights.
6. Data retention
We retain your data for as long as your account is active. If you request account deletion, we will remove your personal data within 30 days. Anonymized aggregate data (e.g., total platform revenue) may be retained indefinitely. Stripe transaction data is subject to Stripe's own retention policies.
7. Your rights
You have the right to: access your personal data, correct inaccurate data, request deletion of your data, object to processing, request data portability, and withdraw consent at any time. To exercise any of these rights, email hello@upsideshare.com.
For users in the EEA: you may lodge a complaint with your local data protection authority.
For users in California: under the CCPA, you have the right to know what personal information we collect and to request its deletion. We do not sell personal information.
8. Cookies
UpsideShare uses only essential cookies required for authentication (Supabase auth session). We do not use advertising cookies or tracking cookies. Our analytics tool (Umami) is cookie-free and does not track users across sites.
9. Security
We protect your data with: HTTPS encryption in transit, row-level security (RLS) policies on all database tables, OAuth-based authentication (no passwords stored), CORS domain whitelisting, rate limiting on public endpoints, and security headers (HSTS, CSP, X-Content-Type-Options).
10. Children
UpsideShare is not directed at children under 18. We do not knowingly collect data from anyone under 18. If you believe a child has provided us with personal data, contact hello@upsideshare.com.
11. Changes
We may update this policy. We will notify registered users via email of material changes. The "last updated" date at the top reflects the most recent revision.
12. Contact
Questions about this policy? Email hello@upsideshare.com.