Back
Privacy Policy
Your Data Matters

Privacy Policy

Historbit Inc. — Effective March 29, 2026

Designed to comply with GDPR, CCPA/CPRA, LGPD, PIPEDA, UK GDPR, POPIA, APPI, and other applicable data protection laws worldwide.

1. Introduction

Historbit Inc., doing business as Historbit ("we," "our," or "us"), operates the Historbit platform (the "Platform"), a content and media marketplace connecting creators with businesses and audiences. This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal information when you access or use our Platform, website, mobile applications, APIs, and related services (collectively, the "Services"). By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, you must discontinue use of our Services immediately. This Privacy Policy applies to all users of our Services globally, including content creators, business partners, advertisers, and general users. Where regional laws grant you additional rights or impose additional obligations on us, those provisions are addressed in the jurisdiction-specific sections below.

2. Data Controller & Operator Information

For purposes of applicable data protection laws, the data controller (or "operator" under Brazil's LGPD, or "responsible party" under South Africa's POPIA) is:

Historbit Inc.

Bayside, NY

harry@historbit.com

3. Information We Collect

3.1 Information You Provide Directly

  • Account registration data: name, email address, username, password, profile photo, and biographical information.
  • Creator profile data: portfolio links, content categories, audience demographics, and rate information you submit for the creator-brand marketplace.
  • Business profile data: company name, industry, brand guidelines, campaign objectives, and billing information.
  • Content you create, upload, or publish: videos, images, text, audio, comments, and other media.
  • Communications: messages sent through the Platform, customer support inquiries, and survey responses.
  • Payment and financial information: bank account details, tax identification numbers, and billing addresses processed through our third-party payment processors.
  • Identity verification documents: where required for creator payout or compliance purposes.

3.2 Information Collected Automatically

  • Device and technical data: IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.
  • Usage data: pages visited, features used, content viewed or interacted with, search queries, click patterns, referring URLs, and session duration.
  • Location data: approximate geographic location derived from your IP address; precise location only with your explicit consent.
  • Cookies and similar technologies: we use cookies, web beacons, pixel tags, local storage, and similar technologies. See Section 9 for full details.

3.3 Information from Third Parties

  • Social media platforms: if you link or log in via third-party accounts (e.g., Google, Apple), we may receive your name, email, profile picture, and public profile information.
  • Analytics providers: aggregated and pseudonymized usage data from third-party analytics services.
  • Business partners and advertisers: campaign performance data, attribution information, and audience segment data.
  • Publicly available sources: public social media profiles and publicly accessible databases for creator recruitment and partnership development.

3.4 Sensitive Personal Information

We do not intentionally collect sensitive personal information (such as racial or ethnic origin, political opinions, religious beliefs, health data, sexual orientation, or biometric data). If you voluntarily include such information in content you publish on the Platform, you do so at your own discretion and risk. We will treat any incidentally collected sensitive data with heightened safeguards as required by applicable law.

5. How We Use Your Information

5.1 Service Delivery & Operations

  • Providing, maintaining, and improving the Platform and Services.
  • Creating and managing your account, authenticating your identity, and enabling platform features.
  • Facilitating the creator-brand marketplace, including matching creators with business campaigns, negotiating deals, and processing payments.
  • Displaying content you publish and enabling other users to discover and interact with it.
  • Processing transactions, sending confirmations, and managing billing.

5.2 Communications

  • Sending service-related notices, including account verification, security alerts, technical updates, and policy changes.
  • Responding to your inquiries, comments, and support requests.
  • Sending marketing and promotional communications (with your consent where required by law).

5.3 Analytics, Personalization & Improvement

  • Analyzing usage patterns and trends to improve our Services and develop new features.
  • Personalizing your experience, including content recommendations and search results.
  • Conducting research and analysis, including surveys and A/B testing.

5.4 Safety, Security & Legal Compliance

  • Detecting, investigating, and preventing fraud, abuse, and other harmful activities.
  • Enforcing our Terms of Service and Community Guidelines.
  • Complying with applicable legal requirements and government requests.
  • Protecting the rights, property, and safety of Historbit, our users, and the public.

5.5 Advertising & Measurement

  • Facilitating ad placements on the Platform and measuring campaign effectiveness.
  • Providing aggregated, anonymized reports to business partners. We do not sell your personal data to advertisers.

6. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

6.1 With Other Users

Content you publish on the Platform is visible to other users in accordance with your privacy settings. Creator profiles participating in the marketplace may be visible to business partners.

6.2 With Business Partners

When you participate in the creator-brand marketplace, we share relevant creator profile information with businesses seeking partnerships. We share only the information necessary and in accordance with your marketplace settings.

6.3 With Service Providers

We engage trusted third-party service providers who perform services on our behalf. These providers are contractually bound to use your information only for specified purposes and in accordance with applicable data protection laws.

6.4 For Legal Reasons

We may disclose your information if required by law, regulation, legal process, or governmental request; to enforce our Terms of Service; to protect rights, property, or safety; or to detect, prevent, or address fraud, security, or technical issues.

6.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your personal information.

6.6 With Your Consent

We may share your information in other circumstances with your explicit consent.

7. International Data Transfers

Our servers and operations are primarily located in the United States. If you access the Services from outside the United States, your personal information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. Where we transfer personal data from the EEA, the United Kingdom, Switzerland, Brazil, or other jurisdictions that restrict cross-border data transfers, we implement appropriate safeguards, including:
  • Standard Contractual Clauses (SCCs) approved by the European Commission or the UK ICO.
  • Adequacy decisions by relevant authorities recognizing the destination country's data protection level.
  • Binding Corporate Rules, where applicable.
  • Your explicit, informed consent to the transfer, where no other mechanism is available.
  • Supplementary measures such as encryption in transit and at rest, access controls, and pseudonymization.

You may request a copy of the applicable safeguards by contacting us.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting obligations.
Active accounts

We retain your data for as long as your account remains active.

Closed accounts

We retain certain data for up to three (3) years after account closure.

Marketing data

Retained for as long as you remain subscribed, plus any legally required period.

Financial/tax records

Retained for a minimum of seven (7) years, or as required by applicable tax law.

Content

Published content remains visible until you delete it or your account is terminated.

When personal data is no longer required, we will securely delete or anonymize it.

9. Cookies & Tracking Technologies

Strictly Necessary

Required for basic functionality — session management, authentication, and security. Cannot be disabled.

Functional

Enable enhanced functionality and personalization, such as remembering your preferences.

Analytics

Help us understand usage patterns, popular pages, and navigation to improve the Platform.

Advertising / Targeting

Deliver relevant ads and measure effectiveness. Only placed with your consent where required.

You can manage your cookie preferences through your browser settings or our consent management tool. We honor Do Not Track (DNT) and Global Privacy Control (GPC) signals as required by applicable law.

10. Your Rights

Access

Request a copy of the personal data we hold about you.

Rectification

Request correction of inaccurate or incomplete personal data.

Erasure

Request deletion of your personal data ("Right to Be Forgotten").

Restriction

Request that we limit how we use your data in certain circumstances.

Data Portability

Request a machine-readable copy of data you have provided.

Object

Object to processing based on legitimate interests or direct marketing.

Withdraw Consent

Withdraw consent at any time where we rely on consent as our legal basis.

Non-Discrimination

Exercise your privacy rights without receiving discriminatory treatment.

Opt Out of Sale/Sharing

Where applicable, opt out of the sale or sharing of personal information.

Limit Sensitive Data Use

Direct us to limit our use of sensitive personal information.

Lodge a Complaint

File a complaint with a supervisory authority in your jurisdiction.

Automated Decision-Making

Not be subject to decisions based solely on automated processing with legal effects.

To exercise any of these rights, contact us at harry@historbit.com. We will respond within the timeframe required by applicable law (generally 30 days).

11. Jurisdiction-Specific Provisions

11.1 EEA, United Kingdom & Switzerland

Our legal bases are described in Section 4. You may lodge a complaint with your local supervisory authority (e.g., ICO in the UK, CNIL in France, BfDI in Germany). International transfers are governed by Section 7 safeguards. We process children's data under 16 only with verifiable parental consent.

11.2 United States — California (CCPA/CPRA)

California residents have rights to Know, Delete, Correct, Opt Out of Sale/Sharing, Limit Sensitive Data Use, and Non-Discrimination. We do not sell personal information or share it for cross-context behavioral advertising. To make a verifiable consumer request, contact us at the details in Section 2.

11.3 United States — Other State Laws

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws have similar rights. We honor these rights as required by applicable state law.

11.4 Brazil (LGPD)

Brazilian users have rights to confirmation of processing, access, correction, anonymization, blocking/deletion of excess data, data portability, and information about data sharing. You may petition the ANPD with complaints.

11.5 Canada (PIPEDA)

We comply with PIPEDA and applicable provincial privacy laws. You have the right to access and correct your personal information. We obtain meaningful consent and limit collection to identified purposes.

11.6 South Africa (POPIA)

You have the right to access, correct, and delete your personal information and to object to processing. You may lodge a complaint with the Information Regulator.

11.7 Japan (APPI)

We obtain consent for cross-border transfers and provide information about destination country data protection. You may request disclosure, correction, suspension of use, and deletion.

11.8 Australia (Privacy Act 1988)

We comply with the Australian Privacy Principles. You have the right to access and correct personal information and to complain to the OAIC.

11.9 South Korea (PIPA)

We obtain consent for collection, use, and cross-border transfer. You may access, correct, suspend processing, and delete your personal information.

12. Children's Privacy

Our Services are not directed to children under the age of 13 (or the applicable minimum age in your jurisdiction, such as 16 in certain EEA member states). We do not knowingly collect personal information from children below the applicable age. If we become aware that we have collected personal information from a child without verifiable parental or guardian consent, we will take steps to delete such information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us. Where we operate in jurisdictions with specific children's privacy laws (such as COPPA in the US or the UK Age Appropriate Design Code), we will comply with those requirements.

13. Data Security

We implement and maintain reasonable administrative, technical, and physical safeguards designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
  • Encryption of data in transit (TLS/SSL) and at rest.
  • Access controls and authentication mechanisms, including role-based access.
  • Regular security assessments, vulnerability testing, and penetration testing.
  • Employee training on data protection and security best practices.
  • Incident response procedures for detecting, reporting, and responding to data breaches.
  • Secure development practices and code review processes.

No method of transmission or storage is completely secure. In the event of a data breach that poses risk to your rights and freedoms, we will notify you and the applicable supervisory authority in accordance with applicable law.

15. Automated Decision-Making & Profiling

We may use automated processing, including profiling, to recommend content, match creators with brand campaigns, detect fraud, and personalize your experience. These automated processes do not produce legal effects or similarly significant effects on you. If we implement automated decision-making that produces legal or significant effects, we will inform you, provide meaningful information about the logic involved, and ensure appropriate human review, intervention, and the right to contest the decision.

16. Data Protection Impact Assessments

Where processing activities are likely to result in a high risk to individuals' rights and freedoms, we conduct Data Protection Impact Assessments (DPIAs) in accordance with GDPR Article 35 and equivalent requirements under other applicable laws.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:
  • Post the updated Privacy Policy on our website with a revised "Effective Date."
  • Provide prominent notice on the Platform (e.g., a banner notification or in-app alert).
  • Where required by law, obtain your consent before implementing material changes.
  • Notify you via email where the change is significant.

Your continued use of the Services after the effective date of the updated policy constitutes your acceptance of the changes.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Historbit Inc.

Bayside, NY

harry@historbit.com

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

19. Governing Law & Dispute Resolution

This Privacy Policy is governed by the laws of the State of New York, United States, without regard to its conflict of law principles, except where mandatory data protection laws of your jurisdiction provide otherwise. Disputes shall first be resolved through good-faith negotiation. If negotiation fails, disputes shall be resolved through binding arbitration in accordance with the rules of the American Arbitration Association (AAA), except where prohibited by applicable law. Users in the EU, UK, or other jurisdictions where mandatory law prohibits mandatory arbitration retain their right to bring claims in the competent courts of their jurisdiction.

20. Miscellaneous

Severability

If any provision of this Privacy Policy is found invalid or unenforceable, the remaining provisions continue in full force.

Entire Agreement

This Privacy Policy, together with our Terms of Service, constitutes the entire agreement between you and Historbit regarding the processing of your personal data.

Language

This Privacy Policy is drafted in English. If translated, the English version prevails in the event of conflict.

No Waiver

Our failure to enforce any provision shall not constitute a waiver of that provision or any other provision.

End of Privacy Policy

Effective: March 29, 2026

Back to Historbit