Privacy Policy

Last Updated: February 28, 2026

1. Information We Collect

1.1 Account Information

When you create a PaidByAds account, we collect:

• Email address: For account creation and communication
• Phone number: For account verification and security (via Twilio 2FA)
• Name: For payment processing and account identification
• Payment information: Stripe Connect account details for receiving earnings
• Date of birth: To verify age requirements (18+)

1.2 Identity Verification Data

To prevent fraud and ensure fair earning opportunities, we collect:

• Government ID verification: Driver's license or state ID (via KYC integration)
• Facial recognition data: For identity verification and anti-fraud measures
• Device fingerprints: To detect multi-account fraud
• Biometric data: Face detection during ad viewing (processed locally on your device, not stored)

1.3 Ad Viewing Data

To verify genuine engagement and calculate payments, we collect:

• Attention tracking: AI-powered verification that you're watching ads (face detection, eye tracking)
• Session duration: Time spent watching advertisements
• Ad interaction data: Completion rates, skips, and engagement metrics
• Dual-device ad play: Whether you're using two devices for enhanced earning tiers

1.4 Technical Information

• Device information: Device model, operating system, Android version
• App usage data: Features used, crash reports, performance metrics
• IP address and location: General location for fraud prevention (not precise GPS)
• Network information: Connection type, carrier information

1.5 Google Account Data (OAuth)

When you sign in with Google, we receive:

• Basic profile information: Name, email address, profile picture
• OAuth access tokens: Securely stored and used only for authentication

We do NOT access: Your Gmail, Google Drive, Calendar, or any other Google services beyond basic authentication.

2. How We Use Your Information

2.1 Core Platform Operations

• Payment processing: Calculating and distributing earnings (80% revenue share)
• Fraud prevention: Detecting multi-account abuse, bot activity, and fake engagement
• Account management: Authenticating users, password resets, account security
• Platform improvements: Analyzing usage patterns to enhance user experience
• Ad network partners: Ad targeting metrics

2.2 Attention Verification

We use AI-powered attention detection to ensure advertisers receive genuine engagement:

• Face detection confirms you're present during ad viewing (ML Kit, processed locally)
• Gesture verification requires gesture to start ad play.
• External AI witness system detects attempts to fool attention tracking
• Privacy protection: All biometric processing happens on your device; raw biometric data is never uploaded

2.3 Revenue Transparency

• Real-time dashboard showing platform revenue
• Your individual earnings and payment history
• Bonus pool distributions when platform revenue exceeds $10M/month owner cap

3. Data Sharing and Disclosure

3.1 What We Share

We only share your information in these limited circumstances:

• Payment processors: Stripe Connect receives necessary information to process payments
• Identity verification services: KYC providers verify your identity (one-time verification)
• Ad network partners: Aggregated, anonymized engagement metrics
• Ad network partners: targeting Metrics
• Firebase/Google Cloud: Authentication and database services (covered by Google's privacy policies)

3.2 What We NEVER Share

• Your email or phone number with advertisers
• Biometric data (face detection data never leaves your device)

3.3 Legal Requirements

We may disclose information if required by law, including:

• Valid legal process (subpoena, court order)
• Protection of our legal rights
• Investigation of fraud or illegal activity
• Protection of user safety

4. Data Security

4.1 Security Measures

• Encryption: All data in transit uses TLS/SSL encryption
• Firebase Security: Firestore security rules prevent unauthorized data access
• Access controls: Strict internal access policies with audit logging
• Local processing: Biometric data processed on-device, never transmitted

4.2 Data Retention

• Financial records: Payment history retained for 7 years (legal requirement)
• Fraud prevention data: Device fingerprints retained for 2 years

5. Your Rights and Choices

5.1 Access and Control

You have the right to:

• Access your data: Request a copy of all data we hold about you
• Correct inaccuracies: Update incorrect personal information
• Export data: Receive your data in machine-readable format
• Opt-out of data collection: Discontinue using the service (required for app functionality)

5.2 Communication Preferences

• Manage email notification settings in the app
• Opt-out of promotional communications (transactional emails still sent)
• Control push notification preferences

6. Children's Privacy

Age Requirement: PaidByAds is only available to users 18 years or older. We do not knowingly collect information from minors. If we discover a user is under 18, we will immediately terminate their account and delete their data.

7. Third-Party Services

7.1 Advertising Networks

We integrate with third-party ad networks that may collect their own data:

• Google AdMob: Subject to Google's Privacy Policy
• AppLovin: Subject to AppLovin's Privacy Policy
• Unity Ads: Subject to Unity's Privacy Policy
• Vungle: Subject to Vungle's Privacy Policy

These networks may use cookies and tracking technologies. Review their privacy policies for details on their data practices.

7.2 Analytics Services

• Firebase Analytics: App usage and performance monitoring
• Google Analytics: Website traffic analysis (if applicable)

8. International Data Transfers

Your data may be processed in the United States or other countries where our service providers operate. By using PaidByAds, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws.

9. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA:

• Right to know: What personal information we collect and how we use it
• Non-discrimination: We won't discriminate against you for exercising your rights

10. European Privacy Rights (GDPR)

If you're in the European Economic Area, you have rights under GDPR:

• Legal basis for processing: Contractual necessity and legitimate interests
• Right to access: Request a copy of your data
• Right to rectification: Correct inaccurate data
• Right to data portability: Receive your data in structured format
• Right to withdraw consent: Where consent is the legal basis

11. Changes to This Privacy Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. We will:

• Notify you via email of material changes
• Display a prominent notice in the app
• Update the "Last Updated" date
• Provide 30 days notice before changes take effect

12. Contact Information

13. Arkansas-Specific Disclosures

Business Address: PaidByAds operates from Little Rock, Arkansas. Arkansas residents can contact us using the information above for state-specific privacy inquiries.

14. Transparency Dashboard

In keeping with our commitment to radical transparency, all users can view:

• Total platform revenue (real-time)
• Your personal earnings and payment history
• Revenue distribution breakdown (80% to users, 10% monthly bonus pot, 10% Paid By Ads platform)
• Bonus pool status when platform exceeds $10M monthly owner cap
• Number of active users receiving payments