Privacy Policy

Nerdbeak, Inc. ("Nerdbeak," "we," "us," or "our") operates multiple platforms and services, including but not limited to Nerdworth, Cliqket, and other websites, applications, and services operated by Nerdbeak, Inc. (collectively, "our Services" or "our Platforms"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use any of our Services.

By using our Services, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree, please discontinue use of our Services.

1. Information We Collect

1.1 Information You Provide

When you create an account, use our Platforms, or communicate with us, we may collect:

• Name, email address, username, and password
• Profile information (bio, avatar, display name, social links)
• Payment and billing information (processed securely through Stripe)
• Shipping addresses and contact details for marketplace transactions
• Content you create or share, including messages, posts, images, listings, and reviews
• Communications with us, including support requests and feedback
• Phone number (if you opt in to SMS notifications)

1.2 Information Collected Automatically

When you access our Services, we automatically collect:

• Device information (browser type, operating system, device identifiers)
• Log data (IP address, access times, pages viewed, referring URLs)
• Usage data (features used, interactions, search queries, browsing patterns)
• Location data (approximate, based on IP address)

1.3 Cookies and Tracking Technologies

We use cookies, pixels, and similar technologies to operate our Services, remember your preferences, understand usage patterns, and improve your experience. See Section 7 for more details on cookies.

1.4 Payment Information

Payment processing on our marketplace platforms is handled by Stripe, Inc. We do not store your full credit card numbers or bank account details on our servers. Stripe's collection and use of your information is governed by Stripe's Privacy Policy.

1.5 SMS Communications

Some of our Platforms offer SMS-based features (such as text-to-list for marketplace sellers). If you opt in, we collect your phone number and message content. You may opt out of SMS at any time by replying STOP. Message and data rates may apply. We do not sell or share phone numbers collected for SMS features with third parties for marketing.

1.6 OAuth and Social Sign-In

Our shared authentication system supports sign-in through multiple third-party providers, including Google, Discord, Apple, Facebook, and other OAuth/OpenID Connect providers we may add in the future. When you sign in using any of these providers, we request only the minimum scopes necessary for sign-in identity, email, and basic profile. We do not request access to your contacts, friends lists, messages, files, or other provider services unless separately and explicitly requested with your consent.

For all providers, we collect:

• A unique provider user ID
• Email address
• Display name
• Avatar/profile picture URL (when available)
• Authentication metadata (e.g., login timestamps, token expiration)

This data is used to create your account, display your profile, and authenticate you across all Nerdbeak platforms, including Nerdworth, Cliqket, Repcheck, and any future Nerdbeak products.

Provider-specific notes:

• Apple: Apple may provide a private relay email address instead of your real email, and may return limited profile data (no display name or avatar after the first sign-in). We respect Apple's privacy relay and will use the relay address as your account email if you choose to hide your real email.
• Google: We do not request access to Google Drive, Gmail, Calendar, or any Google service beyond basic profile.
• Discord: We do not access your Discord server memberships, messages, or friends list through OAuth sign-in.
• Facebook: We request only public profile and email. We do not access your Facebook friends list, posts, or photos through sign-in.

Retention and deletion: OAuth data is retained for the lifetime of your account. You may disconnect a linked provider at any time by contacting us at ricky@nerdbeak.com. Upon unlinking, we remove the provider-specific identifiers and tokens from your account. If you delete your account entirely, all provider-linked data is deleted.

1.7 Browser Extensions and Discord Bots

Some of our Services operate as browser extensions or Discord bots (such as Repcheck). These tools may collect additional categories of data:

• Browser extensions: Page URLs you visit on supported marketplace sites (to display reputation data), extension usage and interaction data. We do not collect general browsing history, page content, form inputs, or data from sites outside the extension's stated scope.
• Discord bots: Your Discord user ID, username, server (guild) ID, and message content in channels where the bot is explicitly invoked. We do not read or store messages in channels where the bot is not directly called.

1.8 Other Third-Party Information

We may also receive information about you from analytics services, publicly available sources, and other users who interact with you on our Platforms.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Services
• Process transactions and facilitate marketplace activity
• Create and manage your account across our Platforms
• Send transactional notifications (order updates, shipping, account security)
• Send marketing communications (with your consent; you can opt out anytime)
• Provide customer support and respond to inquiries
• Detect and prevent fraud, abuse, and security threats
• Enforce our Terms of Service and community guidelines
• Analyze usage patterns to improve our products and user experience
• Power AI-assisted features, including automated listing creation, image recognition, pricing suggestions, and content recommendations
• Comply with legal obligations

2.1 AI Processing

Our Services use artificial intelligence and machine learning to enhance your experience. This includes image recognition for item identification, automated pricing suggestions based on market data, and content recommendations. When you upload images or provide listing information, this data may be processed by AI models to generate descriptions, identify items, or suggest pricing. We process this data to provide and improve our Services, and we do not sell AI-processed data to third parties.

3. How We Share Your Information

We may share your information in the following circumstances:

• Between Nerdbeak Platforms: Your account information may be shared across our Platforms to provide a unified experience (e.g., your Cliqket profile linked to your Nerdworth marketplace activity).
• With Other Users: Information you make public (profile, listings, reviews, posts) is visible to other users of our Services.
• Service Providers: We share data with third-party providers who assist in operating our Services (hosting, payment processing, analytics, email delivery, cloud storage).
• Legal Compliance: We may disclose information if required by law, regulation, legal process, or governmental request.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
• With Your Consent: We may share information for other purposes with your explicit consent.

We do not sell your personal information to third parties for their marketing purposes.

4. Security

We implement industry-standard technical and organizational measures to protect your personal information, including encryption in transit (TLS/SSL), secure authentication, access controls, and regular security assessments. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data using commercially reasonable measures.

5. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information
• Object to or restrict certain processing of your data
• Request portability of your data
• Withdraw consent where processing is based on consent
• Opt out of marketing communications at any time

To exercise any of these rights, please contact us at ricky@nerdbeak.com. We will respond to your request within the timeframe required by applicable law.

6. Data Retention

We retain your personal information for as long as necessary to provide our Services, comply with legal obligations, resolve disputes, and enforce our agreements. When you delete your account, we will delete or anonymize your personal information within a reasonable timeframe, except where retention is required by law (e.g., transaction records for tax or legal purposes).

7. Cookies

We use the following types of cookies:

• Essential Cookies: Required for our Services to function (authentication, security, session management).
• Analytics Cookies: Help us understand how users interact with our Services (e.g., Vercel Analytics).
• Preference Cookies: Remember your settings and preferences across visits.

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our Services.

8. Children's Privacy

Our Services are intended for users who are at least 18 years old (or the age of majority in their jurisdiction), consistent with our Terms of Service. We do not knowingly collect personal information from anyone under 18. If we become aware that a person under 18 has provided us with personal information, we will take steps to delete that information. If you believe someone under 18 has created an account or provided us with personal information, please contact us at ricky@nerdbeak.com.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request information about the categories and specific pieces of personal information we have collected, the sources of collection, the business purposes, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at ricky@nerdbeak.com. We will verify your identity before processing your request and respond within 45 days as required by law.

10. International Users and GDPR

Our Services are operated from the United States. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

10.1 Legal Basis for Processing (EEA/UK)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases as required by GDPR Article 6:

• Contractual Necessity: Processing necessary to provide our Services, manage your account, process transactions, and fulfill our obligations to you under our Terms of Service.
• Legitimate Interests: Processing necessary for our legitimate business interests, including fraud prevention and security, service improvement and analytics, enforcing our Terms, and communicating with you about your account. We balance these interests against your rights and do not use this basis where your interests override ours.
• Consent: Processing based on your explicit consent, including marketing communications and optional SMS features. You may withdraw consent at any time without affecting the lawfulness of prior processing. For cookies, see our Cookie Policy.
• Legal Obligation: Processing necessary to comply with applicable laws, such as tax reporting, fraud prevention, and responding to lawful requests from authorities.

10.2 International Data Transfers

When we transfer personal data from the EEA or UK to the United States or other countries, we rely on appropriate safeguards including the EU-U.S. Data Privacy Framework (where applicable) and Standard Contractual Clauses (SCCs) approved by the European Commission. You may request a copy of the applicable transfer safeguards by contacting us.

10.3 Additional EEA/UK Rights

In addition to the rights listed in Section 5, EEA and UK residents have the right to:

• Lodge a complaint with your local data protection supervisory authority
• Request restriction of processing while we verify your correction or objection requests
• Object to processing based on legitimate interests (we will cease processing unless we demonstrate compelling legitimate grounds)

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on our website with a new effective date, and where required by law, we will provide additional notice (such as email notification). Your continued use of our Services after the changes take effect constitutes your acceptance of the revised Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: