EU Platform Workers Directive: Companies must prove creators aren't employees by Dec 2026. Grade protects you →

Privacy Policy

Last updated: March 2026

1. Introduction

Grade – Privacy Policy

This Privacy Policy describes how Grade ("we," "us," or "our") collects, uses, stores, and safeguards personal data across our platform. Grade operates as the merchant of record for performance-based creator service transactions, meaning we act as the contractual reseller that purchases creator services and resells them to clients. As the merchant of record, we collect the required tax documentation (W-9 or W-8BEN) from creators and submit 1099 forms on their behalf at year-end. Our mission is to provide a secure, compliant, and transparent platform while ensuring that the personal information of creators, clients, and partners is processed responsibly and lawfully.

By accessing or using Grade, you consent to the practices outlined in this policy. If you are under 18, please review this policy with a parent or guardian before using our services.

2. Scope of This Policy

This Privacy Policy applies to all users of Grade including creators, clients, administrators, financial teams, and any individuals interacting with our systems. It covers data collected through our platform, APIs, integrations, communications, payment workflows, and verification processes. It does not apply to third-party websites or services accessed through Grade.

3. Data We Collect

Grade collects data necessary for performance tracking, payment execution, compliance, and account security. This includes:
  • Identity information: names, email addresses, and addresses
  • Account credentials: login information for your Grade account
  • Tax documents: W-9, W-8BEN, or equivalent international forms
  • Payment identifiers: information needed to process payouts
  • Performance metrics: data from integrated platforms
  • Device and usage data: browser type, IP address, and interaction logs
  • Communications metadata: records of support interactions
Grade collects only the minimum data required to fulfil regulatory and operational obligations (data minimisation principle).

4. How Data Is Collected

We collect data through user submissions, secure platform integrations, API connections, automated monitoring tools, identity verification services, and compliance workflows. Performance-related data is retrieved via authenticated platform connections. Financial and tax information is collected during payout onboarding. Diagnostic and device data are collected automatically for security and analytics purposes.

5. How We Use Personal Data

As the merchant of record for creator service transactions, Grade uses personal information to:
  1. Process transactions as merchant of record, including purchasing creator services and reselling them to clients
  2. Facilitate global payouts to creators
  3. Validate identity and comply with KYC/AML regulations
  4. Track performance and calculate earnings
  5. Collect W-9 and W-8BEN forms from creators and submit 1099s on their behalf
  6. Prevent fraud and abuse
  7. Generate financial, compliance, and audit reports
  8. Maintain platform security and reliability
  9. Communicate important updates or service-related notices
Personal data is never sold or used for advertising purposes.

6. Legal Basis for Processing (GDPR Article 6)

Grade processes personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):
  • Contractual necessity (Art. 6(1)(b)): Processing required to fulfil our role as merchant of record, including executing transactions, processing payouts, collecting W-9/W-8BEN forms, submitting 1099s, and fulfilling our service agreements with clients and creators
  • Legitimate interests (Art. 6(1)(f)): Ensuring platform security, preventing fraud, and improving our services
  • Legal obligation (Art. 6(1)(c)): Complying with tax, financial, and regulatory requirements
  • Consent (Art. 6(1)(a)): Where you have given explicit consent, such as for analytics cookies or marketing communications. You may withdraw consent at any time.
Grade follows GDPR principles including lawfulness, fairness, transparency, data minimisation, accuracy, storage limitation, and purpose limitation.

7. Data Sharing & Disclosure

As the merchant of record, Grade is the direct contractual counterparty to both clients and creators. Grade may share personal information with trusted third parties strictly for service delivery and compliance. These include:
  • Payment processors and banking partners
  • Tax authorities (including for 1099 and equivalent filings)
  • Identity verification providers
  • Security and infrastructure vendors
  • Analytics providers (subject to your cookie consent preferences)
Data may also be disclosed when required by law, government request, or to prevent fraud, harm, or security threats. Grade does not share personal data with advertisers or unrelated third parties. For a full list of our third-party sub-processors, see Section 16 below.

8. International Data Transfers

As a global payout platform, Grade processes data across multiple jurisdictions. When transferring data outside the European Economic Area (EEA), United Kingdom, or other regulated regions, we apply GDPR-compliant safeguards including:
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Encryption of data in transit and at rest
  • Restricted access controls
  • Continuous security monitoring
You may request a copy of our Standard Contractual Clauses by contacting us at the address in Section 18.

9. Data Storage & Retention

Personal data is retained only as long as necessary to comply with financial regulations, tax requirements, and operational needs. Specific retention periods include:
  • Account data: Retained for the duration of your account plus 30 days after deletion request
  • Financial and tax records: Retained for 7 years as required by law
  • Performance data: Retained for 3 years or as required for audit purposes
  • Analytics data: Retained for up to 26 months
Once retention periods expire, data is securely deleted or anonymised following industry-standard procedures.

10. Security Measures

Grade employs enterprise-grade security measures including encryption of data in transit (TLS 1.2+) and at rest (AES-256), network segmentation, role-based access controls, multi-factor authentication, intrusion detection and monitoring, and regular security audits. Our infrastructure follows industry best practices and undergoes continuous security assessments to protect personal data from unauthorised access, alteration, disclosure, or destruction.

11. Your Rights Under GDPR and Applicable Law

Depending on your jurisdiction, you have the following rights regarding your personal data:
  • Right of access (Art. 15): Request a copy of the personal data we hold about you
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data
  • Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing (Art. 18): Request that we limit how we use your data
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
  • Right to object (Art. 21): Object to processing based on legitimate interests
  • Right to withdraw consent: Where processing is based on consent, withdraw at any time without affecting prior processing
  • Right to lodge a complaint: File a complaint with your local Data Protection Authority (DPA)
To exercise any of these rights, please contact us at lotts@creatorcheck.io. We will respond within 30 days in accordance with GDPR requirements. We may verify your identity before fulfilling any request. Some rights may be limited where we are legally obligated to retain data (e.g., tax compliance).

12. Cookies & Tracking Technologies

Grade uses cookies and similar technologies to ensure platform functionality, improve performance, analyse usage, and enhance security. We categorise cookies as follows:
  • Strictly necessary cookies: Required for core platform operation. These cannot be disabled.
  • Analytics cookies: Help us understand how users interact with our platform. These are only set with your consent.
  • Functional cookies: Remember your preferences and settings.
You can manage your cookie preferences at any time through our cookie consent banner or by visiting our Cookie Policy. We do not use cookies for behavioural advertising. For full details on the cookies we use, their purposes, and retention periods, please see our Cookie Policy.

13. Children's Privacy

Grade is committed to protecting children's privacy. Our platform is designed for use by businesses and adult creators. We do not knowingly collect or process personal data from individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction).

If you are under 16: Please do not submit any personal information through our platform without the involvement of a parent or guardian. If you believe you have provided us with personal data, please ask your parent or guardian to contact us.

For parents and guardians: If you believe your child has submitted personal data to Grade without your consent, please contact us immediately at lotts@creatorcheck.io. We will take prompt steps to delete such data from our systems and, where applicable, notify relevant data protection authorities in accordance with GDPR Article 8 and applicable local laws.

Accounts identified as belonging to individuals under the minimum age of digital consent will be promptly restricted or removed. We do not serve targeted advertising to any users, including minors.

14. Third-Party Links & Integrations

Grade may integrate with third-party platforms solely for performance tracking or payout execution. These services operate independently and maintain their own privacy policies. We recommend that you review the privacy practices of any third-party platform you connect to Grade. We are not responsible for the data practices of third-party services.

15. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
  • Right to know: What personal information we collect, use, and disclose
  • Right to delete: Request deletion of your personal information
  • Right to opt-out: Opt out of the "sale" or "sharing" of personal information. Grade does not sell personal data.
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights
To exercise your CCPA/CPRA rights, contact us at lotts@creatorcheck.io.

16. Sub-Processors

Grade uses the following categories of third-party sub-processors to deliver our services. Each sub-processor is contractually bound to process data only as instructed and to maintain appropriate security measures:
CategoryPurposeLocation
Cloud InfrastructureHosting & data storageUS / EU
Payment ProcessingPayout execution & transfersUS / Global
Identity VerificationKYC/AML compliance checksUS / EU
AnalyticsWebsite usage analytics (with consent)US
Email & CommunicationsTransactional notificationsUS
Security & MonitoringThreat detection & loggingUS / EU
We will update this list when we engage new sub-processors. You may subscribe to sub-processor change notifications by emailing lotts@creatorcheck.io.

17. Updates to This Privacy Policy

Grade may update this policy periodically to reflect regulatory changes, system improvements, or operational updates. Any material changes will be communicated through platform notices or email at least 30 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised. Continued use of the platform after the effective date of changes signifies acceptance of the revised policy.

18. Contact Information & Data Protection Officer

For privacy inquiries, data subject access requests, or regulatory questions, please contact Grade's data protection team:

Email: lotts@creatorcheck.io
Data Deletion Requests: usegrade.com/data-deletion
Cookie Preferences: usegrade.com/cookie

If you are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority. For EU residents, a list of DPAs can be found at edpb.europa.eu.