Privacy Policy for Commish

Last updated: 1 November 2025

Introduction

Commish ("we," "our," or "us") operates the Commish mobile application and website (the "Service"). This Privacy Policy explains how we collect, use, and protect your information when you use our affiliate marketing platform.

Information We Collect

Personal Information

• Account Information: Name, email address, phone number, profile picture
• Authentication Data: Login credentials, social media authentication tokens (Google, Apple)
• Payment Information: Bank account details, payment method information (processed securely through Stripe)
• Identity Verification: Government-issued ID for vendor/affiliate verification (encrypted and stored securely)

Usage Data

• Device Information: Device type, operating system, app version
• Location Data: Country and region only (not GPS coordinates) for currency localization and content delivery
• Analytics Data: App usage patterns, feature interactions, performance metrics
• Communication Data: Messages, support tickets, feedback submitted through the app

Automatically Collected Data

• Log Data: IP address, browser type, access times, pages viewed
• Cookies and Tracking: Session cookies, analytics cookies (can be disabled in settings)
• Performance Data: Crash reports, error logs (anonymized)

How We Use Your Information

Core Services

• Account Management: Creating and maintaining your account
• Transaction Processing: Facilitating affiliate commissions and payments
• Authentication: Secure login and account verification
• Customer Support: Responding to inquiries and resolving issues

Personalization

• Content Delivery: Showing relevant products and offers
• Currency Localization: Displaying prices in your local currency
• Language Preferences: Showing content in your preferred language
• Recommendations: AI-powered product and affiliate matching

Legal and Safety

• Fraud Prevention: Detecting and preventing fraudulent activities
• Legal Compliance: Meeting regulatory requirements (KYC/AML)
• Security: Protecting against unauthorized access and abuse
• Dispute Resolution: Resolving conflicts between users

Information Sharing

We DO NOT sell your personal information to third parties.

Limited Sharing for Service Operations

• Payment Processors: Stripe, PayPal, Payoneer for payment processing
• Cloud Services: Firebase/Google Cloud for secure data storage
• Analytics: PostHog for app analytics (anonymized data only)
• Support Tools: Customer service platforms for support ticket management

Legal Requirements

• Legal Compliance: When required by law, court order, or regulatory authority
• Safety Protection: To protect rights, property, and safety of users and the public
• Business Transfers: In case of merger, acquisition, or sale of assets (with user notification)

Data Storage and Security

Security Measures

• Encryption: All data encrypted in transit (TLS) and at rest (AES-256)
• Access Controls: Multi-factor authentication and role-based access
• Regular Audits: Security assessments and vulnerability testing
• Data Minimization: We only collect data necessary for service operations

Data Retention

• Account Data: Retained while account is active plus 7 years for legal compliance
• Transaction Data: Retained for 10 years for tax and legal purposes
• Analytics Data: Anonymized data retained for service improvement
• Support Data: Deleted after 3 years unless legally required to retain

Your Privacy Rights

Access and Control

• Data Access: Request copies of your personal data
• Data Correction: Update or correct inaccurate information
• Data Deletion: Request deletion of your account and data
• Data Portability: Export your data in a machine-readable format

Communication Preferences

• Marketing Emails: Opt-out via unsubscribe links or account settings
• Push Notifications: Disable in device settings or app preferences
• SMS Messages: Reply STOP to opt-out of text messages

Children's Privacy

• Age Requirement: Our Service is not intended for children under 16
• Parental Consent: If we learn we've collected data from a child under 16, we will delete it immediately
• Educational Use: Special provisions for educational institutions with proper consent

Contact Information

Privacy Questions

• Email: privacy@getcommish.app
• Response Time: We respond to privacy inquiries within 30 days

Data Protection Officer

• Contact: dpo@getcommish.app
• Role: Available for GDPR and privacy compliance questions

Specific Disclosures

AI and Machine Learning

• Data Usage: Anonymous usage patterns used to improve AI recommendations
• Model Training: Personal data is never used for AI model training
• Automated Decisions: Users can request human review of automated decisions

Third-Party Integrations

• Social Media: Login via Google/Apple - we only receive basic profile information
• Payment Providers: Financial data processed by certified payment processors
• Analytics: App usage data shared with analytics providers (anonymized)

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Email Notification: Registered users will be notified of material changes
• App Notification: In-app notifications for significant updates
• Website Posting: Updated policy posted on our website
• Effective Date: Changes become effective 30 days after notification