Privacy Policy

We collect the data needed to verify identity, compute a trust grade, and let you transact with others. We don't sell your data. We don't store BVN, NIN, or full passport numbers — only verification status. You can delete your account at any time by emailing us.

• Profile data: display name, business name, email, phone (optional), Instagram handle, profile photo, role, location.
• Wallet data: your Solana wallet address (if connected), public transaction counts and balances visible on-chain. Never your private keys.
• Identity verification status: a boolean (verified / not verified) plus the verification timestamp. We do not store your BVN, NIN, passport number, or photo of your ID — those are processed by our partners (Stripe Identity, Smile Identity) and only their pass/fail verdict is sent back to us.
• Deal and review data: records of confirmed deals and reviews you give or receive.
• Application data: if you apply via /apply, we keep the form data (motivation text, business info, contact details, hashed IP) until you ask us to delete it.
• Technical data: server logs (IP, user-agent) for security and debugging.

• Compute your trust grade. Score and grade are derived from the data above.
• Let counterparties verify you. Your public profile (grade, verified deals, reviews, identity status) is visible to anyone with the URL.
• Send you transactional emails. Login OTPs, PIN reset codes, deal confirmations, review notifications, dispute alerts. We send these via Resend.
• Detect fraud and abuse. IP hashes and metadata help us spot wash-trading and coordinated fake accounts.
• Improve the product. Aggregate, anonymised metrics about how features are used.

We share specific data only with these third parties, and only as much as needed:

• Stripe Identity — passport / driver's licence verification. Stripe sees your ID document; we don't.
• Smile Identity — BVN / NIN verification (for Nigerian users). Smile sees your BVN/NIN; we don't.
• Resend — transactional email delivery.
• Vercel — hosting and serverless function execution.
• Neon — managed PostgreSQL database.
• Helius — Solana RPC for on-chain reads/writes (your wallet address only).
• CoinGecko — currency conversion display (no personal data shared).

We do not sell your data to advertisers or data brokers. We do not share it for marketing purposes outside Tribe.

By design, your trust profile is public: grade, verification badges, confirmed deal counts, reviews received. Your wallet address is also public (it's an on-chain identifier). Your email, phone, IP, and application form contents are private and only accessible to Tribe staff.

Anything Tribe writes to Solana — stake deposits, payouts, slash events — is permanent and globally readable by anyone with the transaction signature. Don't opt into Insured Deals if you don't want your stake history to be on a public ledger.

• Active accounts: as long as your account exists.
• Deleted accounts: profile content removed within 30 days. Anonymised counts (e.g. "there are N total slashes") may persist in aggregate analytics.
• On-chain stake events: permanent on Solana, outside our control.
• Applications: kept until reviewed; rejected applications are anonymised after 90 days.
• Server logs: rotated every 90 days.

You can, at any time, by emailing hello@usetribe.xyz:

• Request a copy of all data we hold about you
• Correct any data that's wrong
• Delete your account and associated data (subject to Section 5 on-chain caveat)
• Object to or restrict our processing
• File a complaint with the Nigeria Data Protection Bureau (NDPB) or your local DPA

PINs are SHA-256 hashed with a per-user salt. OTPs are short-lived (10–15 minutes). Stake-vault keys are stored in Vercel's encrypted environment variables. All connections use TLS. We use Stripe Identity for ID verification so we never see or store your actual ID document. We don't store credit card data — we don't take card payments.

Tribe is not for anyone under 18. We don't knowingly collect data from minors.

Our infrastructure providers (Vercel, Neon, Resend, Stripe) operate globally. Your data may be processed in the US, EU, or other regions. Where required, these providers have appropriate safeguards (Standard Contractual Clauses or equivalent).

If we materially change how we handle data, we'll email registered users and post the new version here with an updated date.

Privacy questions or data requests: hello@usetribe.xyz.