Privacy Policy

This Privacy Policy explains how Raceef Corporation ("Raceef", "we", "us", or "our") collects, uses, shares, and protects personal information when you use the Raceef mobile applications, website, and related services (collectively, the "Services").

Raceef is a social commerce platform combining a social network (built on the AT Protocol), a marketplace for products and services, a booking system, and an AI assistant. The Services are operated by Raceef Corporation, a corporation incorporated in the State of Oklahoma, United States.

We are the data controller for personal information we process about you. This means we decide why and how your personal information is processed.

If you have questions about this Policy or how we handle your personal information, contact us at support@raceef.com. For privacy-specific requests, you can also write to privacy@raceef.com.

A summary of our practices

This summary highlights the most important parts of this Policy. The full Policy below has more detail.

• Most content on Raceef is public. Posts, profiles, products, and shop pages you create are visible to anyone on the internet, including people who do not have a Raceef account. Treat anything you post as public.
• Direct messages are private. Messages you send through Raceef's chat are visible only to you and the recipient, unless they are reported for moderation review or our trust and safety team must access them to investigate violations.
• We use the AT Protocol. Raceef runs on a decentralized social networking protocol. Your account, posts, and profile may be visible to other applications that speak the AT Protocol. Once content is shared into this network, we cannot guarantee deletion from every application that received it.
• We process payments through Stripe. Raceef does not store full credit card numbers. Stripe (a US-based payment processor) handles your card data under their own terms and privacy policy.
• Sellers receive your information when you buy from them. When you place an order or book a service, the seller receives your name, contact details, delivery address, and order details so they can fulfill the order. Sellers are independent businesses, not Raceef employees.
• We use AI. Raceef includes an AI assistant called "Lamp" that helps sellers set up and run their shops. We do not train AI models on your personal content. Your messages to Lamp are processed by Anthropic, our AI provider.
• Your rights. Depending on where you live, you may have rights to access, correct, delete, or export your personal information. See Section 9.
• You can delete your account. Open the app, go to Settings → Account → Delete account. We will start a 30-day grace period during which you can cancel. After that, we anonymize or delete your account.
• We do not knowingly collect personal information from children under 13. Raceef is not directed at children. See Section 11.

1. Personal information we collect

We collect personal information in three ways: information you give us, information we collect automatically, and information from third parties.

1.1 Information you give us

Account information. When you create an account, you provide a handle, an email address, a year of birth, and a password. You may add a display name, biography, profile picture, banner image, and language preferences.

Identity verification (for sellers). Sellers who accept card payments must complete identity verification through our payment processor (Stripe). This includes providing your legal name, date of birth, residential address, government-issued identification, and tax identification number where required.

Shop and product information. Sellers provide information about their business (shop name, description, address, opening hours, contact details, payment preferences), products, services, prices, and policies.

Orders and bookings. When you place an order or book a service, you provide delivery or service addresses, contact phone numbers, dietary or accessibility preferences if relevant, and any special instructions you choose to share.

Payment information. When you pay with a card, your card details are entered directly with Stripe and we never receive the full card number. We receive a token (a reference) and the last four digits and brand, so you can recognize your card the next time you use it. For Cash on Delivery (COD) orders, no card information is collected.

Content you post or send. This includes posts, replies, reposts, likes, quotes, comments, direct messages, voice messages, stories, live broadcasts, photos, videos, audio recordings, polls, reactions, and other content you create or share. It also includes the messages you send to Raceef's AI assistant ("Lamp").

Customer support communications. When you contact us, we collect your contact details, the content of your message, and any attachments you share.

Survey and research responses. If you participate in user research or surveys, we collect your responses.

1.2 Information we collect automatically

Device and technical information. Device type and model, operating system and version, application version, language and locale, time zone, screen size, and unique device or installation identifiers (IDFA on iOS or AAID on Android, when permitted by you).

Network information. IP address (used to estimate approximate location and prevent abuse, then promptly hashed or discarded for analytics — see Section 6), and basic connection information such as Internet service provider where exposed.

Usage information. Pages and screens you view, features you use, buttons you tap, sessions and session length, referring URLs, performance metrics (load times, errors), and crash reports.

Cookies and similar technologies. On the web, we use cookies and similar technologies (such as local storage) for authentication, security, preferences, and analytics. You can control cookies through your browser settings and through the cookie banner on our website.

Approximate location. We may derive approximate location from your IP address for fraud prevention, regional shop discovery, and abuse prevention. We do not collect precise (GPS) location unless you specifically grant permission and use a feature that needs it (such as sharing your live location in a direct message). Raceef does not use background location.

1.3 Information from third parties

Payment processors. Stripe provides us with information about the success or failure of transactions, payout status, identity-verification results, and risk signals (such as suspected fraud).

Authentication providers. If you sign in with Apple or another supported identity provider, we receive your name and email from that provider as permitted by you.

Service providers and integrations. Our service providers (described in Section 7) may share information with us in connection with their services, such as content moderation tools or fraud detection.

2. How we use personal information

We use your personal information for the following purposes.

To operate, provide, and maintain the Services. This includes creating and managing your account, displaying your content, processing payments, fulfilling orders, scheduling and confirming bookings, sending transactional notifications (order confirmations, booking reminders, password resets), and providing customer support.

To personalize the experience. We use your activity, follows, and preferences to suggest content, sellers, and products you may like. You can adjust personalization in your settings.

To enable the AI assistant ("Lamp"). When you use Lamp, your messages and context are sent to our AI provider (currently Anthropic) to generate a response. Your messages and the generated responses are stored in your Raceef account so the conversation can continue across sessions.

To improve the Services. We use aggregated and de-identified usage data to understand how the Services are used, identify problems, and develop new features.

For security, fraud prevention, and abuse prevention. We use device, network, and usage information to detect and prevent unauthorized access, fake accounts, payment fraud, spam, abuse, and other harmful activity.

To comply with legal obligations. We use information to comply with applicable laws (such as tax, accounting, anti-money-laundering, and consumer protection laws), respond to lawful requests, and enforce our agreements.

For marketing communications, with your consent where required. We may send you product updates, newsletters, and promotional messages. You can opt out at any time through the unsubscribe link or your notification settings. Transactional messages (order confirmations, payment receipts) are not promotional and cannot be turned off without disabling the corresponding feature.

Legal bases (for users in the European Economic Area, the United Kingdom, and Morocco). Where applicable law requires us to identify a legal basis for processing, we rely on the following: performance of a contract (to operate the Services you requested), consent (for marketing and certain optional features), legitimate interests (security, fraud prevention, service improvement, where these are not overridden by your rights), and legal obligation (compliance with applicable laws).

3. Public content and the AT Protocol

Raceef is built on the Authenticated Transfer Protocol (AT Protocol), a decentralized social networking protocol originally developed by Bluesky.

You should understand the following:

• Posts, profiles, follows, likes, and similar interactions are public by default. They are visible to anyone using Raceef or any other AT Protocol application, including search engines and archivers.
• Shop pages, product listings, services, and seller profiles are public. They are designed to be discovered and shared.
• Direct messages are private. Direct messages are not published to the AT Protocol network. They are visible only to you and the people you send them to. Direct messages may be accessed by Raceef's trust and safety team if reported or as part of an investigation into serious violations (see Section 5).
• Once content is on the AT Protocol, deletion is not always immediate or complete. Other applications may have cached, indexed, or copied your content. When you delete content, we will remove it from the parts of the network we operate and notify other applications that you deleted it. We cannot force third-party applications to delete it.
• Account portability. The AT Protocol is designed so that you can move your account to a different provider while keeping your followers and posts. If you migrate away from Raceef, your social content will move with you, but your Raceef-specific commerce, bookings, and shop data will remain with Raceef.

4. How we share personal information

We do not sell personal information. We share your personal information in the following circumstances.

4.1 With sellers when you buy or book

When you place an order or book a service, we share with the seller the information they need to fulfill the order: your display name, contact details, delivery or service address (if relevant), the items or services purchased, the total paid, any special instructions, and order or booking timestamps. Sellers are independent businesses and become independent controllers of your information for their own records. We require sellers to handle this information lawfully and in accordance with our Seller Terms.

4.2 With buyers when you sell

If you are a seller, your business contact information (shop name, public address, opening hours, phone number, email if you publish it) is visible to potential buyers. When a buyer places an order, we share their order details with you so you can fulfill the order.

4.3 With our service providers

We share personal information with trusted service providers who help us operate the Services. They process information only on our instructions and may not use it for their own purposes. Our key service providers are:

• Amazon Web Services (AWS) — cloud infrastructure hosting (primarily United States).
• Cloudflare — content delivery, security, and email routing.
• Stripe, Inc. — payment processing, payouts, identity verification, and tax calculation.
• Anthropic, PBC — the AI model that powers the Lamp assistant.
• Apple Inc. — app distribution through the App Store and in-app purchase processing.
• Google LLC — app distribution through Google Play, push notifications through Firebase Cloud Messaging, and in-app purchase processing.
• Sentry GmbH (Frankfurt, Germany) — error tracking and performance monitoring.
• Resend, Inc. — transactional email delivery (when configured).

The list above reflects our current sub-processors. We update it as we add or change providers.

4.4 With other users

Information you choose to share publicly (posts, profile, shop, products) is visible to other users. Information you share with specific users (direct messages, replies) is visible to those users.

4.5 For legal reasons and to protect rights

We may share personal information when we believe in good faith that doing so is necessary to:

• Comply with a law, regulation, legal process, or governmental request (such as a court order or subpoena);
• Enforce our Terms of Service, Community Guidelines, or other policies;
• Protect the rights, property, or safety of Raceef, our users, or the public;
• Investigate, detect, prevent, or address fraud, security issues, or technical issues;
• Respond to claims that content violates someone else's rights, such as a DMCA notice.

We publish information about government and legal requests in our Transparency Reports, where allowed by law.

4.6 In connection with a business transfer

If Raceef is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you (such as through a notice on the Site or App) before personal information is transferred and becomes subject to a different privacy policy.

4.7 With your consent

We may share personal information for purposes not covered above if you give us your consent.

5. Content moderation and trust and safety

Raceef is designed to be a safe and welcoming community. To enforce our Terms of Service and Community Guidelines, our trust and safety team may review reported content, including direct messages where they have been reported by a participant or where there are credible signals of a serious violation (such as imminent harm, child safety, fraud, or illegal activity).

We may use trusted third-party moderation tools and labelers to help review content at scale. We may also use automated systems for spam detection, basic abuse detection, and content classification.

Live broadcasting moderation. When a viewer or our systems flag a live stream, our moderation team can review the stream and, if necessary, pause it, end it, prevent the broadcaster from streaming again, or take other action. We log moderation decisions and provide a path for users to appeal.

Appeals. If we take action against your content or account, you may appeal through Settings → Account → Appeals or by emailing support@raceef.com. We aim to respond within 14 days.

6. Data retention

We keep personal information only as long as needed for the purposes described in this Policy or as required by law.

• Account data: While your account is active.
• Public content (posts, products, shop pages): While they exist on Raceef; copies may persist on the AT Protocol network as described in Section 3.
• Direct messages: While both participants have an active account; deleted on account deletion subject to the cascading process described in Section 9.
• Order and booking records: 10 years from the date of the transaction, to comply with tax, accounting, and consumer-protection laws (this is the maximum required by Moroccan and US tax law; we may keep records for shorter periods in some jurisdictions).
• Payment records: Retained by Stripe under their own retention policies. We retain only the minimum necessary references for our own records.
• Identity verification records (for sellers): As long as required by our payment processor and applicable anti-money-laundering laws.
• Server logs: Up to 90 days for security and operational purposes, after which they are deleted or aggregated.
• Sentry error reports: Up to 30 days, then automatically deleted.
• Backups: Database backups are retained for up to 365 days in encrypted cold storage and then deleted by automated lifecycle rules. Deletion requests are applied to backups when they are restored; we do not selectively delete from existing backup archives.
• Customer support communications: Up to 2 years from the last contact.

When you delete your account, we begin the deletion and anonymization process described in Section 9.

7. International data transfers

Raceef operates primarily in the United States (where we are incorporated and where most of our cloud infrastructure is located) and in Morocco (where our team operates). Our error tracking service (Sentry) is hosted in the European Union.

When we transfer personal information across borders — for example, from the European Union or Morocco to the United States — we rely on safeguards permitted under applicable law:

• Standard Contractual Clauses (SCCs) issued by the European Commission and equivalent clauses required by Moroccan law (loi 09-08).
• Adequacy decisions where they exist.
• Your explicit consent, where permitted and where no other safeguard applies.

You can request a copy of the safeguards we use by writing to privacy@raceef.com.

8. Security

We take reasonable technical and organizational measures to protect personal information against loss, theft, unauthorized access, disclosure, modification, or destruction. These measures include encryption in transit (TLS), encryption at rest (AES-256 for backups), restricted internal access on a need-to-know basis, audit logging, and ongoing security review.

No method of transmission or storage is completely secure. If we become aware of a security incident that affects your personal information, we will notify you and the relevant authorities as required by applicable law.

You can help protect your account by using a strong, unique password, enabling any available security features, and not sharing your login credentials.

9. Your rights

Depending on where you live, you have certain rights regarding your personal information. We honor these rights regardless of where you live unless prohibited by law.

• Access. You have the right to know what personal information we hold about you and to obtain a copy.
• Correction. You can correct inaccurate or incomplete information through your account settings or by contacting us.
• Deletion. You can delete your account at any time through Settings → Account → Delete account. Deletion starts a 30-day grace period during which you can cancel. After the grace period, we anonymize identifying fields on retained records (such as orders we must keep for tax purposes) and delete personal information from systems where retention is not required. The cascading deletion process touches public posts, direct messages, profile data, payment references, AI conversations, bookings, and storefront data. Some content may persist for a short time on the AT Protocol network as described in Section 3.
• Portability. You can request an export of your personal information in a machine-readable format.
• Object or restrict. You can object to or ask us to restrict certain processing, such as personalized recommendations or marketing.
• Withdraw consent. Where we rely on your consent, you can withdraw it at any time without affecting the lawfulness of past processing.
• Lodge a complaint. You have the right to lodge a complaint with a data protection authority, including:
  • The Commission Nationale de Contrôle de la Protection des Données à Caractère Personnel (CNDP) in Morocco.
  • Your local supervisory authority in the European Economic Area.
  • The Information Commissioner's Office (ICO) in the United Kingdom.
  • The relevant authority in your jurisdiction.

To exercise these rights, contact us at privacy@raceef.com. We may need to verify your identity before responding. We will respond within the time limits required by applicable law (generally within 30 days, extendable in complex cases).

Marketing. You can opt out of marketing emails through the unsubscribe link in those emails or through notification settings. You can manage push notifications through your device settings.

10. Regional disclosures

10.1 European Economic Area, United Kingdom, and Switzerland

If you are located in the EEA, the UK, or Switzerland, the rights described in Section 9 are guaranteed by the General Data Protection Regulation (GDPR) and equivalent UK and Swiss laws. Our legal bases for processing are described in Section 2.

We do not have a representative established in the European Union for the purposes of Article 27 GDPR at this time because Raceef does not specifically target EEA users. If we change this, we will update this Policy.

10.2 Morocco

If you are located in Morocco, our processing of your personal information is governed by loi 09-08 relative à la protection des personnes physiques à l'égard du traitement des données à caractère personnel and its implementing regulations. The supervisory authority is the Commission Nationale de Contrôle de la Protection des Données à Caractère Personnel (CNDP).

You have the rights described in Section 9, including the right to access, correct, oppose, and delete your personal information. You also have the right to lodge a complaint with CNDP.

10.3 California, USA

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you the right to know what categories of personal information we collect, to request deletion, to correct inaccurate information, to opt out of any "sale" or "sharing" of personal information as those terms are defined under California law, and to be free from discrimination for exercising these rights.

We do not sell personal information for money. We do not knowingly share personal information for cross-context behavioral advertising. If we ever do, we will provide a "Do Not Sell or Share My Personal Information" link and an opt-out method.

10.4 United Kingdom

If you are located in the UK, the UK GDPR applies. The rights described in Section 9 apply, and your supervisory authority is the Information Commissioner's Office (ICO).

10.5 Other jurisdictions

If you live in a jurisdiction with specific privacy laws (such as Brazil's LGPD, Canada's PIPEDA, Australia's Privacy Act, or others), we comply with applicable requirements. Contact us at privacy@raceef.com if you have questions about your specific rights.

11. Children

Raceef is not directed to children. We do not knowingly collect personal information from anyone under the age of 13.

At signup, we ask for a year of birth and block accounts where the year indicates the user is under 13. If we discover that we have collected personal information from a child under 13 without parental consent, we will delete it promptly. Parents and guardians who believe their child has provided personal information without consent can contact us at privacy@raceef.com.

In some jurisdictions, the minimum age may be higher than 13. We comply with applicable local laws.

In the United Kingdom, where the Online Safety Act applies, we may use age assurance methods for certain features. In jurisdictions where age verification is required to access specific content categories, we follow applicable rules.

12. Cookies and similar technologies on the web

On our website, we use cookies and similar technologies for the following purposes:

• Strictly necessary cookies — required for authentication, security, and core functionality. These cannot be disabled.
• Preferences cookies — to remember your language, region, and display preferences.
• Analytics cookies — to understand how the website is used and improve it.

On first visit from the EEA, UK, or Morocco, we display a cookie banner that allows you to accept or reject non-essential cookies. You can change your choice at any time through the cookie settings link in the website footer.

13. Third-party links and services

Raceef may contain links to third-party websites, applications, or services that we do not control. This Policy does not apply to those third parties. We encourage you to read the privacy policies of any third-party services you use.

Sellers may also use third-party tools (for example, social media links on their shop pages). The privacy practices of those tools are governed by their own policies.

14. Changes to this Policy

We may update this Policy from time to time. When we do, we will post the updated version on our website and in the app, and we will update the "Last updated" date at the top. If we make material changes, we will provide a more prominent notice (such as an in-app announcement or an email).

Your continued use of the Services after an update takes effect means you accept the updated Policy. If you do not agree with the changes, you can stop using the Services and delete your account.

15. Contact us

You can contact us about this Policy and about your personal information at any time.

Raceef Corporation
Braniff Building, 324 N Robinson Ave Ste 100
Oklahoma City, OK 73102
United States
Email: privacy@raceef.com
General support: support@raceef.com