Privacy Policy

1. Who we are

This Privacy Policy describes how True Value Protocol LLC ("tvpcards," "we," "us," "our"), a Texas limited liability company, collects, uses, and protects information when you visit tvpcards.com, interact with our content on third-party platforms (TikTok, Instagram, X, YouTube, Threads), or use any service we operate (collectively, the "Services").

2. Plain-English summary

We tried to write this policy without legalese. The short version:

• We collect very little. The website doesn't require an account and doesn't sell anything yet.
• We use Cloudflare to serve the site. Cloudflare logs basic request information (IP address, user agent, page requested) for security and performance reasons. We don't read those logs unless we're investigating an attack.
• If you email us, we have your email and what you said. We don't share it.
• We don't use advertising trackers. We don't sell data. We don't have data to sell.
• If we ever launch a paid product, this policy will be updated before that happens, and you'll have a chance to opt in or stay out.

The rest of this document is the long version, written for completeness and for jurisdictions that require it.

3. Information we collect

3.1 Information you provide directly

• Email address — if you email [email protected], we have your email address and the contents of your message.
• Future waitlist or account information — if and when we launch a waitlist or paid app, we will collect the information necessary to provision your account (typically email address and, for paid users, billing information processed by a third-party payment provider). This Privacy Policy will be revised before any such collection begins.

3.2 Information collected automatically

• Server logs — when you visit tvpcards.com, our hosting provider (Cloudflare) automatically receives and logs standard web request information including your IP address, browser type and version, operating system, the page you requested, the referring URL (if any), and the date and time of your request. This is standard internet infrastructure logging.
• Performance and security data — Cloudflare uses request information to detect and mitigate abuse, denial-of-service attacks, and security threats. We do not have access to identifying-level data from these logs in the ordinary course of operations.
• Analytics — we may use privacy-respecting analytics (such as Cloudflare Web Analytics or a comparable provider) that does not use cookies and does not collect personal information. Aggregate, anonymous metrics include page views, referrer domains, and country-level geography.

3.3 Information from third-party platforms

When you interact with our content on TikTok, Instagram, X, YouTube, Threads, or other platforms, those platforms collect information about your interactions according to their privacy policies — not ours. We may receive aggregated, non-identifying analytics from those platforms (e.g., total views, follower counts, demographic breakdowns). We do not receive identifying personal information about individual users from these platforms.

4. How we use information

We use the information described above to:

• Operate, maintain, and secure our Services;
• Respond to your emails and other inbound communications;
• Understand aggregate usage patterns and improve content;
• Detect, prevent, and respond to fraud, abuse, and security incidents;
• Comply with legal obligations.

We do not use your information to:

• Build advertising profiles;
• Sell or rent to third parties for marketing;
• Train artificial intelligence models on identifying user data.

5. Sharing and disclosure

We do not sell personal information. We share information only in the following limited circumstances:

• Service providers — with infrastructure and tooling providers who process information on our behalf to operate the Services (e.g., Cloudflare for hosting, Google Workspace for email). These providers are contractually limited to the purposes for which we engage them.
• Legal compliance — when required by valid legal process (subpoena, court order, search warrant) or to protect rights, property, or safety. We will challenge overbroad requests when feasible.
• Business transfers — if True Value Protocol LLC is acquired, merged, or undergoes a similar corporate transaction, information may transfer as part of that transaction. Continuing protections will apply.
• With your consent — for any purpose disclosed at the time of collection and consented to.

6. Cookies and analytics

tvpcards.com does not use first-party cookies for tracking, advertising, or behavioral profiling. We may use a strictly necessary session token if and when account features are introduced; this will be disclosed at that time.

The site uses Google Fonts to load typeface files (Space Mono and JetBrains Mono). Google may receive request information when font files are loaded by your browser; see Google's Privacy Policy for details. We do not control or have access to that data.

7. Third-party services

The Services rely on or interact with the following third-party providers, each of which has its own privacy practices:

• Cloudflare (hosting, DNS, security) — cloudflare.com/privacypolicy
• Google Workspace (email infrastructure) — policies.google.com/privacy
• Google Fonts (font delivery) — policies.google.com/privacy
• TikTok, Instagram, X, YouTube, Threads (content distribution platforms) — see each platform's policy.

We may add or change service providers from time to time as the Services evolve. Material changes will be reflected in updates to this policy.

8. Data retention

We retain information for the period necessary to fulfill the purposes for which it was collected:

• Inbound emails — retained in our Google Workspace inbox until manually deleted, generally up to 24 months unless required for ongoing correspondence.
• Server access logs — retained by Cloudflare per Cloudflare's standard retention policy (generally days to weeks).
• Aggregate analytics — retained indefinitely in non-identifying form.

9. Security

We implement reasonable administrative, technical, and physical safeguards proportionate to the limited information we hold. These include encrypted transport (HTTPS), provider-level security on Cloudflare and Google Workspace, and access controls limiting internal access to information.

No system is perfectly secure. If we discover a security incident affecting your information, we will notify affected individuals and applicable regulators as required by law.

10. Your rights

10.1 General

Depending on your jurisdiction, you may have the right to (a) access information we hold about you; (b) correct inaccurate information; (c) delete information; (d) restrict or object to processing; (e) data portability; (f) withdraw consent. To exercise any of these rights, email [email protected]. We will respond within the timeframe required by applicable law (typically within 30 days).

10.2 European Economic Area, United Kingdom, Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, you have the rights described above under the General Data Protection Regulation (GDPR) and equivalent local laws. Our legal bases for processing are: (a) legitimate interests for security, fraud prevention, and aggregate analytics; (b) consent for any optional features you opt into; (c) contract performance for any account services we provide; (d) legal obligation for compliance with applicable law. You may also lodge a complaint with your local data protection authority.

10.3 California (CCPA / CPRA)

California residents have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, including the right to know, delete, correct, and opt out of "sale" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising. We do not knowingly process the information of California residents under 16 without consent.

10.4 Other U.S. state laws

Residents of states with comprehensive privacy laws (including but not limited to Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Delaware, Florida, New Hampshire, New Jersey, Minnesota, Maryland) have similar rights. Email [email protected] to exercise them.

11. Children's privacy

The Services are not directed to children under 13 (or under 16 in the EEA/UK and certain U.S. states). We do not knowingly collect personal information from children. If we discover that we have collected personal information from a child without verifiable parental consent, we will delete it promptly.

12. International users

tvpcards is operated from the United States. If you access the Services from outside the U.S., your information may be transferred to, stored, and processed in the U.S. or other jurisdictions in which our service providers operate. We rely on appropriate transfer mechanisms (such as Standard Contractual Clauses) for cross-border transfers where required by applicable law.

13. Changes to this policy

We may revise this Privacy Policy from time to time. The "last updated" date at the top of this document indicates the current version. Material changes will be communicated through a prominent notice on tvpcards.com or by email if we have your address. Continued use of the Services after a revision takes effect constitutes acceptance of the revised policy.

14. Contact

Questions, requests, or concerns about this Privacy Policy or our data practices:

We aim to respond to all good-faith inquiries within 14 days. Legally-required responses (e.g., GDPR access requests) will be handled within the applicable statutory timeframe.

This Privacy Policy is provided as a good-faith description of our data practices. It is not legal advice. If you require legal counsel regarding our data practices or your rights, consult an attorney in your jurisdiction.