Privacy Policy

Pick & Partner (“we”, “us”, “our”) operates the platform at pickandpartner.com. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights in relation to it. By using the Platform you agree to the practices described in this policy.

For any privacy-related questions, contact us at picknpartner@gmail.com.

We process your personal data on the following legal bases:

• Contract performance — processing necessary to provide the Platform service you signed up for (matching, tracking links, transactional emails).
• Legitimate interests — fraud prevention, abuse detection, platform security, and improving the matching algorithm, where our interests do not override your rights.
• Legal obligation — where we are required to retain or disclose data by applicable law or a valid legal process.
• Consent — where we ask for consent (e.g. optional marketing communications). You may withdraw consent at any time by contacting us.

• Platform operation — matching you with partners, generating and serving tracking links, storing your brief and assets, sending transactional emails.
• Niche classification — your newsletter description is sent to a Cloudflare Workers AI model to generate an embedding vector for matching. The raw text is not shared with any external AI training pipeline. The resulting vector is stored in our database.
• Credit scoring — aggregated click data from completed partnerships is used to calculate an internal reliability score. This metric is not currently shown on your dashboard and is not sold or shared externally.
• Transactional communications — account verification, partnership notifications, send-day reminders, and review requests via Resend. We do not send marketing emails without your explicit consent.
• Security & integrity — detecting and preventing fraud, abuse, and violations of our Terms of Service.
• Legal compliance — responding to lawful requests from authorities where required.

We do not sell your personal data. We do not use your data for advertising or share it with data brokers.

We share data with the following sub-processors solely to operate the Platform. Each is bound by their own data processing terms.

These providers may process your data in countries outside your own. Cloudflare and Supabase operate globally distributed infrastructure. By using the Platform you acknowledge and consent to such international transfers, which are carried out under appropriate safeguards as described in each provider’s privacy documentation.

• Raw click events — permanently deleted after 30 days.
• Aggregated click counts — retained indefinitely as part of partnership records.
• Account and profile data — retained for the duration your account is active.
• After account deletion — personally identifiable profile data is removed within 30 days of a confirmed deletion request. Anonymised or aggregated records derived from your activity may be retained for platform analytics.
• Legal holds — we may retain data longer if required by law or in connection with a legal dispute.

Subject to applicable law, you have the right to:

• Access — request a copy of personal data we hold about you.
• Rectification — correct inaccurate or incomplete data (via Profile & Settings in-app).
• Erasure — request deletion of your account and associated personal data.
• Portability — receive your data in a structured, machine-readable format.
• Restriction — request that we limit how we process your data.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is consent-based, you may withdraw at any time.

To exercise any right, email picknpartner@gmail.com. We will respond within 30 days. If you believe we have not handled your data lawfully, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.

We use only strictly necessary cookies required for authentication (Supabase session tokens). We do not use advertising cookies, analytics cookies, or any third-party tracking scripts. You cannot opt out of strictly necessary cookies without losing access to the Platform.

We implement technical and organisational measures to protect your data, including: HTTPS encryption for all data in transit; password hashing via Supabase Auth (passwords are never stored in plain text); non-reversible click de-duplication hashing; row-level security policies in our database; and access-controlled file delivery via Cloudflare.

Beta notice. Pick & Partner is an early-stage product. While we apply security best practices, no system is completely immune to breach. We will notify affected users promptly and transparently if a security incident occurs that is likely to result in risk to your rights or freedoms.

By using the Platform you acknowledge that, despite our measures, we cannot guarantee absolute security and — to the fullest extent permitted by applicable law — we are not liable for damages resulting from unauthorised access caused by circumstances beyond our reasonable control. Our full liability terms are set out in our Terms of Service.

The Platform is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If we become aware that a child has registered, we will delete the account and associated data promptly. If you believe a minor has created an account, please contact us immediately.

We may update this Privacy Policy at any time. We will post the revised policy at this URL and update the “Last updated” date. Where changes are material, we will notify registered users by email. Continued use of the Platform after notification constitutes acceptance of the updated policy. If you do not agree to the updated policy, you must stop using the Platform and may request account deletion.

Pick & Partner — picknpartner@gmail.com