Privacy Policy

Tipped ("we", "us", "our") is a tip tracking platform for restaurant workers in Canada. This policy explains how we collect, use, and protect your personal information in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA).

When you create an account, we collect:

• Email address — for authentication and account recovery
• Password — stored securely by our authentication provider (Supabase Auth), never in plain text
• Display name — defaults to your email prefix; you may use a pseudonym
• Role (optional) — your job role (e.g., server, bartender) to pre-fill forms

When you log tips, we collect:

• Date, restaurant, shift type, hours worked, tips earned
• Tip structure (pooled, individual, tipout) and role
• Optional notes you choose to add

We also automatically collect:

• Session cookies — used solely to keep you logged in. We do not use tracking cookies or third-party advertising cookies.
• Anonymous analytics — we use Vercel Analytics (cookieless, privacy-focused) to measure page views and Web Vitals. We use Sentry for error monitoring, which may record session replays when errors occur (all text is masked, media is blocked). Neither tool identifies you personally or uses cookies.

Your data is used for two purposes:

1. Personal tracking — showing you your own earnings trends, averages, and breakdowns. This data is private and visible only to you.
2. Anonymized aggregations— with your consent, your tip data contributes to aggregated insights (e.g., median server tips at a restaurant). Individual entries are never shown. See "Aggregation and anonymization" below.

We do not:

• Sell your personal information to third parties
• Use your data for advertising
• Share individual tip logs with employers or anyone else

Tipped shows aggregated tip data on public restaurant and city pages to help workers understand industry pay. These aggregations are subject to strict privacy thresholds:

• A minimum of 5 logged shifts from 3 or more distinct users is required before any earnings data is displayed
• Per-role breakdowns (e.g., bartender average) independently require 3 or more distinct users in that role
• Below these thresholds, only a contributor count is shown — never earnings
• We use median values (not averages) to resist manipulation by outliers

These thresholds are public commitments. They are not configurable settings and will not be lowered.

By creating an account and logging tips, you consent to the collection and use of your data as described in this policy, including the use of your anonymized tip data in public aggregations.

You may withdraw your consent at any time by deleting your account through the Settings page. Deleting your account permanently removes all your personal data and tip logs.

We retain your personal information and tip logs for as long as your account is active. Accounts that have been inactive for more than 24 months may be flagged for deletion; we will notify you by email before any action is taken.

When you delete your account:

• Your user profile and all tip log entries are permanently deleted
• Previously computed aggregations may still reflect your contributions, but no individual data remains
• This deletion is irreversible — we recommend exporting your data first

As a user in Canada, you have the right to:

• Access — request a copy of all personal information we hold about you (available via the data export feature in Settings)
• Correction — update your role and other profile information at any time through Settings
• Deletion — permanently delete your account and all associated data through Settings
• Withdraw consent — stop participating at any time by deleting your account

Your data is stored in a PostgreSQL database hosted by Supabase. All data is encrypted in transit (TLS) and at rest. Access to individual tip logs is enforced at the database level through row-level security — even our application code cannot access another user's private data without their authentication credentials.

We use the following third-party services to operate Tipped. These providers may process your data as part of delivering their services:

• Supabase — database hosting and authentication
• Vercel — application hosting, content delivery, and anonymous analytics (cookieless)
• Sentry — error monitoring and session replay (text masked, media blocked)
• Resend — transactional email delivery

These providers are US-based companies. Your data may be stored or processed in the United States. While PIPEDA does not prohibit cross-border data transfers, we want you to be aware that your information may be subject to US laws, including the possibility of access by US government authorities under applicable legal processes.

We may update this privacy policy from time to time. Material changes will be communicated via email to registered users. The "Last updated" date at the top of this page indicates when the policy was last revised.

Our Privacy Officer is responsible for our compliance with PIPEDA. If you have questions about this privacy policy, wish to make a complaint, or want to exercise your rights regarding your personal data, contact our Privacy Officer at nikosmeds@gmail.com.