Privacy Policy

Last updated: 2026-04-19 · Version 2026-04-19

iTribe Project ("iTribe", "we", "our", or "us") operates https://www.itribe.us and the iTribe mobile application (collectively, the "Platform"). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use the Platform.

By using the Platform, you agree to the collection and use of information as described in this Policy. If you do not agree, please do not use the Platform.

1. Information We Collect

1.1 Information you provide

  • Account information: name, username, email address, password (stored as a one-way bcrypt hash), date of birth, selected role, and profile photo.
  • Profile content: bio, skills, interests, language preference, crypto wallet addresses you choose to add.
  • User-generated content: posts, comments, reactions, stories, messages, campaigns you create, tribes you create or join.
  • Payment information: when you donate or purchase, payment details are collected and processed directly by Banquest; iTribe never sees or stores your card number or CVV. Card data is entered into Banquest's hosted iframe — it never transits the iTribe servers. We receive only a transaction reference, the amount, and the last four digits of the card.
  • Communications: support tickets, feedback submissions, DMCA notices.

1.2 Information collected automatically

  • Device & technical data: IP address, user-agent, device type, operating system, referring URL.
  • Usage data: pages viewed, features used, session duration, timestamps, interactions.
  • Cookies & local storage: see our Cookie Policy for the full list.
  • Location (approximate): derived from IP for map features and nearby-tribe discovery. We do not collect precise GPS unless you explicitly grant the permission on mobile.
  • Push-notification tokens: FCM (Android) / APNs (iOS) tokens if you enable push.

1.3 Information from third parties

  • Google Sign-In: if you sign in with Google, we receive your name, email, and profile photo from Google. Your Google password is never shared with iTribe.

2. How We Use Your Information

  • Create and manage your account; authenticate you across sessions.
  • Operate the Platform's features (feeds, tribes, messaging, donations, learning, tasks).
  • Send transactional emails: verification, password reset, notifications, receipts.
  • Send marketing emails, only if you have opted in (you can unsubscribe at any time).
  • Detect, prevent, and respond to fraud, abuse, and security incidents.
  • Comply with legal obligations, court orders, and lawful requests.
  • Analyze aggregated usage to improve the Platform — we do not sell individual-level usage data.

3. Legal Bases for Processing (EU/UK Residents)

If you are in the European Economic Area, United Kingdom, or Switzerland, we rely on the following legal bases under GDPR / UK GDPR:

  • Contract: to provide the Platform you asked to use.
  • Consent: for marketing emails, optional cookies, push notifications, and precise location.
  • Legitimate interests: fraud prevention, abuse detection, securing the Platform.
  • Legal obligation: tax records, court-ordered disclosure.

4. How We Share Information

We do not sell your personal information. We share it only in these cases:

  • Within the Platform: your public profile, posts, tribe memberships, and activity are visible per the privacy settings you choose.
  • Service providers (processors): hosting (Heroku / AWS), payments (Banquest), email delivery (Mailgun / Postmark / SendGrid), error monitoring (Sentry), push notifications (Firebase Cloud Messaging), analytics (aggregate). Each processor is contractually bound to handle data only per our instructions.
  • Legal & safety: to comply with a subpoena, court order, or valid legal request; to protect our rights; to prevent imminent harm.
  • Business transfers: if iTribe is merged, acquired, or dissolved, your information may transfer as part of the transaction. We will notify you if this happens.
  • With your consent: for anything else not listed here.

5. International Transfers

iTribe is operated from the United States. If you are outside the US, your information is transferred to and processed in the US (and in any country where our service providers operate). We use Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms where required.

6. Data Retention

We keep personal information only as long as we need it:

  • Account data: while your account is active. If you delete your account, we anonymize your profile within 30 days and remove your comments/reactions from other users' posts.
  • Posts & content: kept as long as you keep them; content you delete is removed from the live Platform within 30 days.
  • Payments & donations: retained for up to 7 years to comply with tax and accounting obligations.
  • Security & audit logs: retained for up to 12 months.
  • Backups: encrypted and rotated on a 30-day cycle.

7. Your Rights

Depending on where you live, you may have the following rights. To exercise any of them, email tech@itribe.us:

  • Access: request a copy of the personal information we hold about you.
  • Correction: ask us to correct inaccurate information.
  • Deletion (right to erasure): delete your account yourself at Settings → Personal Settings, or email us.
  • Portability: receive your information in a machine-readable format.
  • Restriction / objection: limit or object to our processing.
  • Withdraw consent: at any time, without affecting prior lawful processing.
  • Complain to a supervisory authority (EU/UK) or your Attorney General (US).

California Residents (CCPA / CPRA)

California residents have the right to know what categories of personal information we collect, the sources, and the business purposes; to request deletion; to correct; to opt out of sale/sharing (we do not sell); and to be free from discrimination for exercising these rights. To submit a request, email tech@itribe.us.

8. Children's Privacy (COPPA)

The Platform is not directed to children under 14. We do not knowingly collect personal information from anyone under 14. If you believe a child under 14 has created an account, please email tech@itribe.us and we will delete the account within 72 hours.

9. Security

We protect personal information with administrative, technical, and physical safeguards: bcrypt password hashing, TLS in transit, encryption at rest for sensitive fields, per-user rate limiting, two-factor authentication (optional), signed & verified webhooks, audited session management, and secrets scrubbed from logs. No Internet-facing system is 100% secure; we cannot guarantee absolute security.

10. Cookies & Similar Technologies

We use cookies and local storage for session authentication, security (CSRF), preferences, and analytics. See our Cookie Policy for the full list and how to opt out.

11. Third-Party Links

The Platform may link to third-party sites (donation processors, learning resources, external tribe pages). We are not responsible for their privacy practices. Review their policies before sharing information.

12. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will notify you by email and/or a prominent in-app notice before the change takes effect. The version date above identifies the current revision.

13. Contact Us

If you have questions, concerns, or want to exercise your rights, email tech@itribe.us.