Privacy

Privacy Policy

Last updated: April 2026

1. Introduction

GimmeDat ("we," "our," or "the Platform") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

2. Information We Collect

2.1 Information You Provide

  • Account information: email address, display name, class year, phone number (optional), and campus affiliation.
  • Profile information: bio, avatar photo, and any other details you choose to add.
  • Offers: titles, descriptions, photos, pricing, and category selections.
  • Messages: content of messages sent through the Platform’s messaging system.
  • Reports: information you provide when reporting other users or content.

2.2 Payment Information

  • Seller Stripe account ID: stored to link your account to Stripe for payouts. We do not store bank account details or card numbers.
  • Transaction records: transaction amounts, payment status, and Stripe reference IDs are stored for order management and record-keeping.
  • Card information: credit/debit card details are collected exclusively by Stripe, which is PCI DSS compliant. GimmeDat never receives, processes, or stores your card information.
  • Transaction metadata: order details and timestamps are stored to support order management and dispute resolution.

2.3 Information Collected Automatically

  • Device and browser information: browser type, operating system, and device identifiers (via User-Agent header).
  • Usage data: pages visited, offer views, search queries, and interaction patterns.
  • IP address: collected for security, rate limiting, and fraud prevention purposes.

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Platform and its features.
  • Verify your identity and campus affiliation.
  • Display your offers and profile to other users on your campus.
  • Facilitate messaging between users.
  • Send you notifications about your account, offers, and messages (based on your preferences).
  • Moderate content and enforce our Terms of Service.
  • Detect and prevent fraud, abuse, and security threats.
  • Improve the Platform through aggregate analytics.

4. Information Sharing

We do not sell your personal information. We share information only in these limited circumstances:

  • With other users on your campus: your display name, avatar, class year, bio, and offer content are visible to authenticated users at your school.
  • Cross-campus isolation: your information is never shared with users at other campuses. Each school is a completely separate community.
  • Payment processing: your email address and transaction details are shared with Stripe to facilitate payment processing, payouts, and fraud prevention.
  • Service providers: we may share data with third-party services that help us operate the Platform (e.g., hosting, email delivery, error tracking), under strict data protection agreements.
  • Legal requirements: we may disclose information if required by law, court order, or to protect the safety of users.

5. Data Retention

  • Account data is retained as long as your account is active.
  • Deleted offers are soft-deleted and may be retained for moderation purposes for up to 90 days.
  • Messages are retained for the duration of the conversation thread.
  • You may request full deletion of your account and associated data at any time.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Passwords are hashed using industry-standard algorithms (never stored in plain text).
  • Authentication tokens are securely managed with expiration and rotation.
  • API access is protected by rate limiting and input validation.
  • Database connections are encrypted.

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

7. Your Rights

You have the right to:

  • Access your personal data through your profile and account settings.
  • Correct inaccurate information by editing your profile.
  • Delete your account and associated data.
  • Control notifications through your notification preferences.
  • Export your data upon request.

8. Cookies & Local Storage

The Platform uses browser local storage to maintain your authentication session. We do not use tracking cookies or third-party advertising trackers. Session data is stored locally in your browser and expires after 30 days of inactivity. Stripe may set cookies on your device for fraud detection and to ensure the security of payment transactions; these cookies are governed by Stripe’s privacy policy.

9. Children’s Privacy

The Platform is intended for college students aged 18 and older. We do not knowingly collect information from anyone under 18. If we learn that we have collected data from a minor, we will delete it promptly.

10. AI & Automated Processing

GimmeDat uses artificial intelligence (powered by Anthropic’s Claude) to enhance the Platform experience. AI is used in the following ways:

  • Content moderation: AI assists in reviewing offers and messages for prohibited content, spam, and policy violations. Flagged content is subject to human review before action is taken.
  • Semantic search: AI-generated embeddings (vector representations) are used to improve search relevance. These embeddings are derived from offer titles and descriptions and cannot be reverse-engineered into the original text.
  • Campus assistant: An AI-powered chatbot may answer questions about the Platform, campus policies, or help users navigate features. Conversations with the assistant may be logged for quality improvement.
  • AI processing is performed via API calls to Anthropic. Your data is sent to Anthropic’s servers for processing and is subject to Anthropic’s usage policies. Anthropic does not use API inputs to train its models.
  • You may opt out of AI-powered features by contacting us at privacy@gimme-dat.com. Opting out may limit certain Platform functionality such as smart search and automated content review.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know: You may request a copy of the personal information we have collected about you in the preceding 12 months, including the categories of information, the sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to delete: You may request that we delete your personal information, subject to certain exceptions (e.g., legal obligations, fraud prevention).
  • Right to correct: You may request correction of inaccurate personal information.
  • Right to opt out of sale/sharing: GimmeDat does not sell your personal information and does not share it for cross-context behavioral advertising. Because we do not engage in these activities, there is no need to submit an opt-out request — but if our practices change, we will provide a “Do Not Sell or Share My Personal Information” link.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
  • To exercise these rights, contact us at privacy@gimme-dat.com or through the Platform’s support channels. We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes via email or platform notification. Continued use of the Platform after changes constitutes acceptance of the updated policy.

13. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at privacy@gimme-dat.com or through the Platform’s support channels. Our mailing address is: GimmeDat, 300 N Washington St, Gettysburg, PA 17325.

See also our Terms of Service

Terms of Service