Privacy Policy
Last updated: March 20261. Introduction
Grade – Privacy PolicyThis Privacy Policy describes how Grade ("we," "us," or "our") collects, uses, stores, and safeguards personal data across our platform. Grade operates as the merchant of record for performance-based creator service transactions, meaning we act as the contractual reseller that purchases creator services and resells them to clients. As the merchant of record, we collect the required tax documentation (W-9 or W-8BEN) from creators and submit 1099 forms on their behalf at year-end. Our mission is to provide a secure, compliant, and transparent platform while ensuring that the personal information of creators, clients, and partners is processed responsibly and lawfully.
By accessing or using Grade, you consent to the practices outlined in this policy. If you are under 18, please review this policy with a parent or guardian before using our services.
2. Scope of This Policy
This Privacy Policy applies to all users of Grade including creators, clients, administrators, financial teams, and any individuals interacting with our systems. It covers data collected through our platform, APIs, integrations, communications, payment workflows, and verification processes. It does not apply to third-party websites or services accessed through Grade.3. Data We Collect
Grade collects data necessary for performance tracking, payment execution, compliance, and account security. This includes:- Identity information: names, email addresses, and addresses
- Account credentials: login information for your Grade account
- Tax documents: W-9, W-8BEN, or equivalent international forms
- Payment identifiers: information needed to process payouts
- Performance metrics: data from integrated platforms
- Device and usage data: browser type, IP address, and interaction logs
- Communications metadata: records of support interactions
4. How Data Is Collected
We collect data through user submissions, secure platform integrations, API connections, automated monitoring tools, identity verification services, and compliance workflows. Performance-related data is retrieved via authenticated platform connections. Financial and tax information is collected during payout onboarding. Diagnostic and device data are collected automatically for security and analytics purposes.5. How We Use Personal Data
As the merchant of record for creator service transactions, Grade uses personal information to:- Process transactions as merchant of record, including purchasing creator services and reselling them to clients
- Facilitate global payouts to creators
- Validate identity and comply with KYC/AML regulations
- Track performance and calculate earnings
- Collect W-9 and W-8BEN forms from creators and submit 1099s on their behalf
- Prevent fraud and abuse
- Generate financial, compliance, and audit reports
- Maintain platform security and reliability
- Communicate important updates or service-related notices
6. Legal Basis for Processing (GDPR Article 6)
Grade processes personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):- Contractual necessity (Art. 6(1)(b)): Processing required to fulfil our role as merchant of record, including executing transactions, processing payouts, collecting W-9/W-8BEN forms, submitting 1099s, and fulfilling our service agreements with clients and creators
- Legitimate interests (Art. 6(1)(f)): Ensuring platform security, preventing fraud, and improving our services
- Legal obligation (Art. 6(1)(c)): Complying with tax, financial, and regulatory requirements
- Consent (Art. 6(1)(a)): Where you have given explicit consent, such as for analytics cookies or marketing communications. You may withdraw consent at any time.
7. Data Sharing & Disclosure
As the merchant of record, Grade is the direct contractual counterparty to both clients and creators. Grade may share personal information with trusted third parties strictly for service delivery and compliance. These include:- Payment processors and banking partners
- Tax authorities (including for 1099 and equivalent filings)
- Identity verification providers
- Security and infrastructure vendors
- Analytics providers (subject to your cookie consent preferences)
8. International Data Transfers
As a global payout platform, Grade processes data across multiple jurisdictions. When transferring data outside the European Economic Area (EEA), United Kingdom, or other regulated regions, we apply GDPR-compliant safeguards including:- Standard Contractual Clauses (SCCs) approved by the European Commission
- Encryption of data in transit and at rest
- Restricted access controls
- Continuous security monitoring
9. Data Storage & Retention
Personal data is retained only as long as necessary to comply with financial regulations, tax requirements, and operational needs. Specific retention periods include:- Account data: Retained for the duration of your account plus 30 days after deletion request
- Financial and tax records: Retained for 7 years as required by law
- Performance data: Retained for 3 years or as required for audit purposes
- Analytics data: Retained for up to 26 months
10. Security Measures
Grade employs enterprise-grade security measures including encryption of data in transit (TLS 1.2+) and at rest (AES-256), network segmentation, role-based access controls, multi-factor authentication, intrusion detection and monitoring, and regular security audits. Our infrastructure follows industry best practices and undergoes continuous security assessments to protect personal data from unauthorised access, alteration, disclosure, or destruction.11. Your Rights Under GDPR and Applicable Law
Depending on your jurisdiction, you have the following rights regarding your personal data:- Right of access (Art. 15): Request a copy of the personal data we hold about you
- Right to rectification (Art. 16): Request correction of inaccurate or incomplete data
- Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
- Right to restrict processing (Art. 18): Request that we limit how we use your data
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
- Right to object (Art. 21): Object to processing based on legitimate interests
- Right to withdraw consent: Where processing is based on consent, withdraw at any time without affecting prior processing
- Right to lodge a complaint: File a complaint with your local Data Protection Authority (DPA)
12. Cookies & Tracking Technologies
Grade uses cookies and similar technologies to ensure platform functionality, improve performance, analyse usage, and enhance security. We categorise cookies as follows:- Strictly necessary cookies: Required for core platform operation. These cannot be disabled.
- Analytics cookies: Help us understand how users interact with our platform. These are only set with your consent.
- Functional cookies: Remember your preferences and settings.
13. Children's Privacy
Grade is committed to protecting children's privacy. Our platform is designed for use by businesses and adult creators. We do not knowingly collect or process personal data from individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction).If you are under 16: Please do not submit any personal information through our platform without the involvement of a parent or guardian. If you believe you have provided us with personal data, please ask your parent or guardian to contact us.
For parents and guardians: If you believe your child has submitted personal data to Grade without your consent, please contact us immediately at lotts@creatorcheck.io. We will take prompt steps to delete such data from our systems and, where applicable, notify relevant data protection authorities in accordance with GDPR Article 8 and applicable local laws.
Accounts identified as belonging to individuals under the minimum age of digital consent will be promptly restricted or removed. We do not serve targeted advertising to any users, including minors.
14. Third-Party Links & Integrations
Grade may integrate with third-party platforms solely for performance tracking or payout execution. These services operate independently and maintain their own privacy policies. We recommend that you review the privacy practices of any third-party platform you connect to Grade. We are not responsible for the data practices of third-party services.15. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):- Right to know: What personal information we collect, use, and disclose
- Right to delete: Request deletion of your personal information
- Right to opt-out: Opt out of the "sale" or "sharing" of personal information. Grade does not sell personal data.
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights
16. Sub-Processors
Grade uses the following categories of third-party sub-processors to deliver our services. Each sub-processor is contractually bound to process data only as instructed and to maintain appropriate security measures:| Category | Purpose | Location |
|---|---|---|
| Cloud Infrastructure | Hosting & data storage | US / EU |
| Payment Processing | Payout execution & transfers | US / Global |
| Identity Verification | KYC/AML compliance checks | US / EU |
| Analytics | Website usage analytics (with consent) | US |
| Email & Communications | Transactional notifications | US |
| Security & Monitoring | Threat detection & logging | US / EU |
17. Updates to This Privacy Policy
Grade may update this policy periodically to reflect regulatory changes, system improvements, or operational updates. Any material changes will be communicated through platform notices or email at least 30 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised. Continued use of the platform after the effective date of changes signifies acceptance of the revised policy.18. Contact Information & Data Protection Officer
For privacy inquiries, data subject access requests, or regulatory questions, please contact Grade's data protection team:Email: lotts@creatorcheck.io
Data Deletion Requests: usegrade.com/data-deletion
Cookie Preferences: usegrade.com/cookie
If you are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority. For EU residents, a list of DPAs can be found at edpb.europa.eu.