Pactly

Privacy Policy

Last updated: April 1, 2026

1. Introduction

Pactly, Inc., a Delaware corporation, with registered address at 131 Continental Dr, Suite 305, Newark, Delaware 19713, United States (hereinafter, "Pactly") is committed to protecting the privacy of its users. This Policy explains what data we collect, how we use it, and what your rights are.

2. Data we collect

From Creators:

  • Name, email, password (hashed)
  • City, country
  • Social media handles and declared follower count
  • Profile photo
  • Account verification information (codes, URLs, screenshots)
  • Transaction information: orders, amounts, dates, evidence
  • Tax and banking information (processed by Stripe, not stored by Pactly)

From Buyers:

  • Name, email
  • Brand/product name
  • Campaign brief (description, hashtags, mentions, attachments)
  • Payment information (processed by Stripe, not stored by Pactly)
  • IP address (for view tracking)

From Buyers with accounts:

  • Name, email, password (hashed)
  • Company/brand name
  • Website
  • Main category
  • Brief preferences (tone, creative freedom, hashtags, mentions, CTA)
  • Purchase and order history

Automatic data:

  • IP address (hashed for privacy)
  • Browser user agent
  • Pages visited
  • Access dates and times

3. How we use the data

  • To operate the Platform: manage accounts, process payments, execute validations.
  • For communication: send transactional emails (confirmations, status notifications, alerts).
  • For security: detect fraud, prevent abuse, rate limiting.
  • To improve the service: aggregated usage analysis (not individually identifiable).
  • For legal compliance: respond to legal requirements when applicable.

4. Payment processing

  • All payments are processed through Stripe.
  • Pactly does NOT store credit card numbers, CVV, or complete banking data.
  • Stripe processes and stores payment data according to its own privacy policy.

5. Data storage

  • Data is stored on Supabase servers (PostgreSQL).
  • Files (photos, screenshots, evidence) are stored in Supabase Storage.
  • The site is hosted on Vercel.
  • We use encryption in transit (HTTPS/TLS) for all communications.

6. Sharing data

We do NOT sell personal data to third parties. We do NOT share data for advertising purposes.

We share data with:

  • Stripe: for payment processing
  • Resend: for sending transactional emails
  • Supabase: for data storage
  • Sentry: for error monitoring (anonymized data)
  • Vercel: for hosting

We may share data if required by law or to protect the rights of Pactly or third parties.

We share with Stripe, Inc. (our payment processor) the data necessary to process transactions and comply with financial regulations, including: full name, email address, IP address, transaction data (amounts, dates, service description) and, for creators receiving payments, identity verification and bank account data. Stripe processes this data in accordance with its Privacy Policy. Pactly does not have access to buyers' full credit card data.

7. Publicly visible data

On Creator public profiles (/c/[handle]):

  • Name, handle, bio, location
  • Social media and followers
  • Services offered and prices
  • Verification status
  • Aggregated compliance metrics (when available)

NOT shown publicly:

  • Creator's email
  • Buyer's email
  • Detailed financial data
  • Specific transaction information

8. Your rights

  • Access: you can request a copy of your personal data.
  • Rectification: you can update your information from your account.
  • Deletion: you can request the deletion of your account and data. Note: data from completed transactions is retained for legal and tax obligations for the period required by law.
  • Portability: you can request your data in a structured format.

To exercise these rights: write to soporte@pactly.io.

9. Data retention

  • Account data: while the account is active.
  • Transaction data: 5 years after completing the transaction (for tax and legal obligations).
  • Verification data: while the verification is current.
  • Access logs: 90 days.

10. Cookies

  • Pactly uses essential cookies for site functionality (authentication session).
  • We do not use marketing or third-party tracking cookies.

11. Minors

  • Pactly is not intended for persons under 18 years of age.
  • We do not knowingly collect data from minors.
  • If we discover that a minor has registered, we will delete their account.

12. Security

  • We use encryption in transit (HTTPS/TLS).
  • Passwords are stored hashed.
  • Tracking IP addresses are hashed for privacy.
  • We implement rate limiting to prevent attacks.
  • Payment data is processed exclusively by Stripe (PCI DSS Level 1 certification).

13. International data transfers

Pactly, Inc. is incorporated in the United States. By using our services, your personal data may be transferred to and processed in the United States, where data protection laws may differ from those of your country of residence.

For users in the European Economic Area (EEA): data transfers are conducted pursuant to Standard Contractual Clauses approved by the European Commission. You have the right to request a copy of these clauses.

For users in Brazil: data processing is carried out in compliance with the Lei Geral de Proteção de Dados (LGPD). You have the rights provided in articles 17 and 18 of the LGPD.

For users in Mexico: data processing is carried out in compliance with the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP).

By registering on Pactly, you consent to the transfer and processing of your data in the United States under the safeguards described herein.

14. Data controller

The data controller for your personal data is Pactly, Inc., located at 131 Continental Dr, Suite 305, Newark, Delaware 19713, United States. For privacy inquiries, you can contact us at privacy@pactly.io.

15. Changes to this policy

  • We may update this Policy at any time.
  • Changes will be communicated by email or through a notice on the Platform.
  • The last update date is shown at the beginning of the document.

16. Governing law

This Privacy Policy shall be governed by the laws of the State of Delaware, United States. Any dispute related to privacy shall be subject to the exclusive jurisdiction of the courts of the State of Delaware or the federal courts located in the District of Delaware.

Multi-brand management data

When a Buyer organizes their collaborations by internal brands, Pactly stores the names and basic data of those brands. This information is visible only to the Buyer. Creators do not see the Buyer's internal brand structure.

Reports between users

When a user reports another user, Pactly stores the reason, details, and evidence of the report. This information is accessible only to Pactly's administration team and is used exclusively for report review and resolution.

17. Contact

For privacy questions: privacy@pactly.io

Back to homeBack to top
·····