Privacy Policy

This Privacy Policy describes how NDM Ventures, LLC, operating as netted.io ("we," "us," or "our") collects, uses, and shares information about you when you use Netted ("Service"). By using the Service, you agree to the practices described in this policy.

1. Information We Collect

Account information. When you create an account, we collect your email address and, if you choose password-based authentication, a hashed version of your password. We may also collect your name if you provide it.

Financial transaction data. When you connect a revenue platform (such as Stripe, Gumroad, PayPal, Lemon Squeezy, Etsy, or an affiliate network), Netted retrieves transaction records from that platform's API. This data includes transaction amounts, dates, platform fees, and currency. We do not collect the personal information of your customers (such as their names, email addresses, or IP addresses) and do not store it.

OAuth credentials and API keys. To connect platforms, you authorize Netted to store encrypted OAuth tokens or API credentials on your behalf. These are encrypted using AES-256-GCM and used solely to retrieve your transaction data.

Usage data. We collect standard web server logs and analytics data including pages visited, time spent, browser type, operating system, and referring URL. This data is associated with your account where you are signed in.

Payment information. Subscription payments are processed by Stripe, Inc. We do not store full payment card numbers. We receive and store a payment method token, last four digits, card brand, and expiry from Stripe for billing management.

Waitlist information. If you submit your email address on our landing page before launching an account, we store that email address in our mailing list (managed via Resend) to notify you when the Service is available.

2. How We Use Your Information

• To provide and operate the Service, including syncing and displaying your financial data.
• To process payments and manage your subscription.
• To send transactional emails (account notifications, billing receipts, sync alerts).
• To send product updates and waitlist notifications, where you have opted in.
• To improve the Service through aggregate usage analysis.
• To detect, investigate, and prevent fraudulent or unauthorized activity.
• To comply with legal obligations.

3. Data Retention

We retain your data for as long as your account is active. If you delete your account, your data is deleted within 30 days.

4. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

• Legal requirements. We may disclose your information if required by law, regulation, legal process, or governmental request.
• With your consent. We may share information with third parties when you explicitly authorize us to do so.

5. Data Security

We use industry-standard security practices to protect your data:

• All data is encrypted in transit using TLS 1.2 or higher.
• OAuth tokens and API credentials are encrypted at rest using AES-256-GCM.
• Database access is restricted by row-level security policies.
• We conduct periodic security reviews of our codebase and infrastructure.

No security system is impenetrable. We cannot guarantee absolute security, but we will notify you promptly in the event of a breach affecting your data as required by applicable law.

6. Cookies and Tracking

We use session cookies for authentication. We may use privacy-respecting analytics tools to understand aggregate usage patterns. We do not use advertising cookies or cross-site tracking technologies.

7. Your Rights and Choices

Depending on where you live, you may have rights regarding your personal information, including:

• Access. You can request a copy of the personal information we hold about you.
• Correction. You can update your account information at any time in account settings.
• Deletion. You can request deletion of your account and associated data by contacting us or using account settings.
• Portability. You can export your transaction data in CSV format at any time.
• Opt-out of marketing. You can unsubscribe from marketing emails at any time using the unsubscribe link in any email we send.

To exercise any of these rights, contact us at privacy@netted.io.

8. International Data Transfers

Netted is operated in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We take appropriate safeguards to protect your information consistent with this policy.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn we have collected information from a child under 18, we will delete it promptly.

10. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party site you visit.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top and provide notice via email or in-app notification. Continued use of the Service after the effective date constitutes acceptance of the revised policy.