Privacy Policy

Last updated: March 2, 2026

1. Overview

FlowBack ("the Platform") is a decentralized creator payment platform. This policy describes how we collect, use, and protect your information when you use our service.

2. Information We Collect

Wallet Address

When you connect your wallet and sign in via SIWE (Sign-In with Ethereum), we store your public wallet address to identify your account. We never access or store your private keys.

Platform Connections

When you connect YouTube or TikTok, we receive and store OAuth tokens to access your public profile information and video metrics (view counts, likes, comments). We use this data solely for verifying campaign eligibility and calculating payouts. Access tokens are encrypted at rest.

World ID Verification

If you verify with World ID, we store a nullifier hash (a privacy-preserving identifier) and verification timestamp. World ID uses zero-knowledge proofs — we never receive your biometric data or real identity.

Submissions

When you submit videos for verification, we store the video URL, video ID, platform, and engagement metric snapshots returned by platform APIs.

3. How We Use Your Information

We use your information to:

• Authenticate your identity via wallet signature
• Fetch and verify video engagement metrics from YouTube and TikTok
• Calculate and process USDC payouts via smart contracts
• Prevent sybil attacks and fraud (World ID verification)
• Display your submissions, earnings, and verification history

4. Data Sharing

We do not sell your personal data. Your wallet address and submission data are shared with the Chainlink CRE workflow for on-chain verification. Payout transactions are recorded on the Base blockchain and are publicly visible.

5. Data Storage & Security

Data is stored in a PostgreSQL database. OAuth tokens are encrypted using AES-256-GCM. Sessions use HTTP-only, secure cookies. We follow security best practices including input validation, rate limiting, and nonce-based replay protection.

6. Your Rights

You can:

• Disconnect your YouTube or TikTok account at any time from your dashboard
• View all data associated with your account on the dashboard and audit pages
• Request deletion of your account data by contacting us

7. Third-Party Services

FlowBack integrates with YouTube (Google), TikTok, World ID, WalletConnect, and the Base blockchain network. Each service has its own privacy policy that governs their handling of your data.

8. Cookies

We use a single session cookie for authentication. We do not use tracking cookies or third-party analytics.

9. Changes

We may update this Privacy Policy at any time. Continued use of the Platform after changes constitutes acceptance.

10. Contact

For privacy-related questions, please open an issue on the project repository.