Privacy Policy

Effective 2026-04-26

1. Information We Collect

Account data: email address and display name. Transaction data: anonymized transaction events reported by marketplace operators (amounts, timestamps, buyer/seller identifiers). We do not store raw payment card numbers or full bank account details.

2. How We Use It

We use your information to: verify your identity via one-time code, calculate and credit token rewards, attribute referrals, send settlement notifications, prevent fraud, and comply with legal obligations. We do not sell your personal information to third parties.

3. Sharing

Marketplace operators: operators who added you to their program can view your wallet balance and referral status within their tenant. They cannot view your activity on other marketplaces. Service providers: we use Stytch for authentication and Resend for transactional email. Legal: we may disclose data when required by law.

4. Retention

Financial event records (the tamper-evident ledger) are retained for 7 years per regulatory practice. Contact information in queryable tables is retained until you close your account or request deletion, subject to the audit-log carve-out in the Terms of Service.

5. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, or delete your personal data. To exercise these rights, contact privacy@guildapi.dev. Note that entries in the immutable audit log cannot be removed; we can pseudonymise the contact data linked to those entries.

6. Cookies and Local Storage

We use a session cookie to keep you signed in. No third-party advertising cookies are set by Guild. The embedded widget uses localStorage solely to remember your identity on the marketplace where it is installed.

7. Security

All data is transmitted over TLS. Financial event logs are stored in a cryptographically chained, tamper-evident store. We apply rate limiting and API key hashing for all operator-facing endpoints.

8. Network Privacy Policy

Guild participates in the Connection Finder Network. The network-level privacy policy is available at connectionfinder.net/privacy and covers cross-network identity resolution and graph participation.

Privacy inquiries: privacy@guildapi.dev