StubKeeper Privacy Policy

Last Updated: December 13, 2025

Version: 2.1

Effective Date: December 13, 2025

Introduction

Welcome to StubKeeper. This Privacy Policy explains how StubKeeper ("we," "us," or "our") collects, uses, stores, and protects your information when you use our blockchain-based memory preservation service.

⚠️ CRITICAL NOTICE

StubKeeper operates on the Polygon blockchain. Data committed to the blockchain is permanent, immutable, and publicly accessible. Please read this policy carefully to understand what information becomes permanent and what remains private.

OUR CORE PRINCIPLE: "You own your memories — and only you." We have designed our systems so that no one — not StubKeeper, not our service providers, not any third party — can access, transfer, or censor your memories without your authorization.

Table of Contents

  1. Information We Collect
  2. How We Create and Secure Your Wallet
  3. Data Storage Architecture
  4. Third-Party Service Providers
  5. How We Use Your Information
  6. What You Can and Cannot Control
  7. Account Recovery
  8. Data Sharing and Disclosure
  9. Your Privacy Rights
  10. Children's Privacy
  11. International Data Transfers
  12. Data Security
  13. Changes to This Policy
  14. Contact Information

1. Information We Collect

1.1 Information You Provide

Account Information:

  • Email address (from your Google or Apple account)
  • Display name
  • Username (stored on-chain, see Section 3)
  • Profile avatar and bio
  • Privacy preferences and notification settings

Memory Content:

  • Photos of ticket stubs you upload
  • Event details (artist/team, venue, date, seat information)
  • Personal tags and notes
  • Manual entries using our nostalgic templates

Optional Information:

  • Cloud Backup enrollment status
  • Communication preferences

1.2 Information Collected Automatically

Device Information:

  • Device type and operating system
  • Unique device identifiers
  • App version

Usage Information:

  • Features accessed and actions taken
  • Time spent in the app
  • Error logs and crash reports

Authentication Information:

  • OAuth tokens from Google or Apple
  • Session identifiers
  • Login timestamps and device history

1.3 Information from Third Parties

From Google or Apple (via OAuth):

  • Email address
  • Display name
  • Profile picture (if available)

From Privy (our wallet infrastructure provider):

  • Wallet creation confirmation
  • Recovery share status
  • Authentication events

2. How We Create and Secure Your Wallet

2.1 Embedded Wallet Architecture

StubKeeper uses an embedded wallet system powered by Privy. Unlike traditional cryptocurrency wallets that require you to manage seed phrases or private keys, your wallet is created automatically and invisibly when you sign up.

What this means for you:

  • You never see a seed phrase or private key during normal use
  • You sign in with your familiar Google or Apple account
  • Your wallet is ready to use immediately
  • No cryptocurrency knowledge is required

2.2 Shamir's Secret Sharing (2-of-3 Security Model)

Your wallet's private key is protected using Shamir's Secret Sharing, a cryptographic technique that splits the key into multiple pieces ("shares"). Any 2 of 3 shares are required to access your wallet.

Share Storage Location Who Controls It
Device Share Your device's secure enclave (iOS Keychain / Android Keystore) You
Auth Share Privy's secure infrastructure, tied to your Google/Apple login Privy (accessible via your login)
Cloud Share Your iCloud or Google Drive (optional, encrypted) You

Key Security Properties:

  • No single party has full access. StubKeeper cannot access your wallet. Privy cannot access your wallet. Only you, with 2 of your 3 shares, can authorize transactions.
  • Shares are cryptographically useless alone. If someone obtains only one share, they cannot access your wallet.
  • You own your memories. This architecture ensures true ownership — we cannot seize, freeze, or censor your NFTs.

2.3 Cloud Backup (Optional)

Cloud Backup adds a third recovery share stored in your personal iCloud or Google Drive account. This share is:

  • Encrypted before upload — unreadable without another share
  • Stored in YOUR cloud account — not on StubKeeper or Privy servers
  • Optional — you can use StubKeeper with only Device + Auth shares

2.4 What We Do NOT Have Access To

StubKeeper never possesses:

  • Your complete private key
  • Your Device Share
  • Your Cloud Share
  • The ability to sign transactions on your behalf
  • The ability to transfer, freeze, or seize your NFTs

3. Data Storage Architecture

3.1 On-Chain Data (Permanent, Public)

The following data is stored on the Polygon blockchain and is permanent and publicly accessible:

Data Purpose Can Be Deleted?
Wallet addressYour identity on the blockchain❌ No
UsernameYour unique on-chain identity❌ No
NFT ownership recordsProof you own each memory❌ No
Event metadataArtist, venue, date, event type❌ No
Blockchain tagsPermanent categorization❌ No
Event hashEnables "I Was There Too" matching❌ No
TimestampsWhen each memory was created❌ No
Transaction historyAll mints, transfers, tag additions❌ No

⚠️ BLOCKCHAIN PERMANENCE WARNING

Once data is written to the Polygon blockchain, it cannot be deleted, modified, or hidden by anyone — including StubKeeper. This data is publicly viewable using tools like PolygonScan.

3.2 Decentralized Storage (Semi-Permanent)

The following data is stored on IPFS (InterPlanetary File System) via Pinata:

Data Purpose Can Be Deleted?
Ticket stub imagesVisual record of your memories⚠️ Partially
Extended metadataAdditional details beyond on-chain data⚠️ Partially

3.3 Off-Chain Data (Private, Deletable)

The following data is stored in our traditional database (Supabase) and CAN be deleted:

Data Purpose Can Be Deleted?
Display nameHow your name appears to others✅ Yes
Profile avatarYour profile picture✅ Yes
BioYour profile description✅ Yes
Application tagsFlexible personal organization tags✅ Yes
Privacy settingsPublic/friends/private preferences✅ Yes
Notification preferencesEmail and push settings✅ Yes
Social connectionsFollowing/follower relationships✅ Yes
Email addressAccount identification✅ Yes

14. Contact Information

For Privacy Questions:
Email: privacy@stub-keeper.com

For General Support:
Email: support@stub-keeper.com

For Security Issues:
Email: security@stub-keeper.com

Mail:
StubKeeper, Inc.
[Business Address]
[City, State, ZIP]

Website: https://www.stub-keeper.com

Acknowledgment

BY USING STUBKEEPER, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.

You specifically acknowledge:

  • ✓ Blockchain data (username, NFTs, metadata) is permanent and publicly accessible
  • ✓ StubKeeper cannot delete or modify your on-chain data
  • ✓ Your wallet is secured by Shamir's Secret Sharing (2-of-3 model)
  • ✓ Neither StubKeeper nor Privy can access your wallet alone
  • ✓ Lost access to 2+ shares means permanent wallet inaccessibility
  • ✓ Off-chain data can be deleted; on-chain data cannot
  • ✓ Cloud Backup is optional and stores encrypted data in YOUR cloud account

If you do not agree with this Privacy Policy, do not use StubKeeper.

Last Updated: December 13, 2025
Version: 2.1
Effective Date: December 13, 2025

© 2025 StubKeeper. All rights reserved.