TipMe
Sign InGet Your Badge

Privacy Policy

Last updated: May 2025

1. Data Controller

TipMe Ltd is the data controller for all personal data collected through this platform. We are registered in England and Wales. For all data-related enquiries, contact: privacy@tipme.co.uk

2. What Data We Collect

Collector accounts: Full name, email address, username, role, venue name, profile photo (optional), bank account details (held securely by Stripe — TipMe does not store bank details). We also collect earnings data, tip history, and QR code usage analytics.

Tippers: We do not require registration. We collect a one-way anonymised device hash for fraud prevention. Payment data is processed entirely by Stripe — TipMe does not store card numbers, bank details, or full payment information.

3. Legal Basis for Processing

  • Performance of a contract (collector accounts, payment processing)
  • Legitimate interests (fraud prevention, platform security)
  • Legal obligation (HMRC transaction records)
  • Consent (optional analytics cookies)

4. Data Retention

Transaction records are retained for 7 years in accordance with UK tax law (HMRC requirements). Account data is retained for the duration of your account plus 90 days following deletion. Anonymous fraud-prevention hashes are retained for 12 months.

5. Third-Party Processors

  • Stripe: Payment processing and bank payouts. Subject to Stripe's own privacy policy.
  • Supabase: Database and authentication. Servers within the EU.
  • Cloudflare: Content delivery and DDoS protection.
  • OpenAI: AI suggestion generation (anonymised, no personal data transmitted).

6. Your Rights Under UK GDPR

You have the right to: access your data, rectify inaccurate data, erase your data (subject to legal retention requirements), restrict processing, data portability, and object to processing. To exercise any right, contact privacy@tipme.co.uk. You may also lodge a complaint with the ICO (ico.org.uk).

7. Cookies

We use strictly necessary cookies for authentication (Supabase session) and fraud prevention (Stripe). Optional analytics cookies require your consent. See our Cookie Policy for full details.

8. International Transfers

All data is processed within the UK and EU. Any transfers outside this area are subject to appropriate safeguards under UK GDPR Chapter V.