Version: 2026-05-17-v1 · Effective Date: May 17, 2026
This policy applies to all users of the EarningIt platform, including Tenants, Affiliates, and End Users whose data is processed through referral tracking. It complies with the Philippine Data Privacy Act of 2012 (R.A. 10173), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA) where applicable.
EarningIt.co is the Data Controller for data collected directly through the Platform (registration, authentication, affiliate activity, payout records). Each Tenant Organization is an independent Data Controller for referral and conversion data their program generates; EarningIt acts as a Data Processor on their behalf for that data (see Section 12). For privacy inquiries or Data Subject Access Requests:
Email: privacy@earningit.co
We will respond to all requests within 30 days.
2.1 Account & Identity Data (collected at registration)
Name, email address, password (bcrypt-hashed, never stored in plain text), country, IP address at registration, user agent string. Lawful basis: Contractual necessity (to create and manage your account).
2.2 Affiliate Activity Data
Referral codes, referral link clicks (with IP, user agent, timestamp, referrer URL), conversion events, commission records, program enrollments, and payout history. Lawful basis: Contractual necessity and legitimate interest (to operate and audit the referral program).
2.3 Payment & Tax Data
Payout details (bank account, PayPal, or other payment method details you provide), tax documentation (W-9, W-8BEN) where applicable. This data is collected and stored with encryption at rest.Lawful basis: Legal obligation and contractual necessity.
2.4 Communications Data
Emails sent and received through the Platform (OTP codes, commission notifications, program alerts). Log records of email delivery are retained 90 days. Lawful basis: Contractual necessity.
2.5 Tracking & Technical Data
Cookies and localStorage used by the EarningIt tracking script embedded on Tenant websites: referral code attribution cookie (expiry = program cookie duration setting, default 30 days), session tokens (HTTP-only, expires at session end). Device type, browser, OS, screen resolution collected for fraud detection.Lawful basis: Legitimate interest (fraud prevention, platform security) and Consent(where required by ePrivacy/GDPR for non-essential cookies).
2.6 Legal Acceptance Records
When you accept Terms of Service, Privacy Policy, or Program Agreements, we record: timestamp, document version, IP address, and user agent. This constitutes evidence of informed consent. Lawful basis: Legal obligation and legitimate interest (legal compliance, dispute resolution).
When an End User clicks an affiliate referral link, the Platform records: IP address, user agent, referrer, timestamp, and the referral code clicked. If the End User subsequently converts (signs up or makes a purchase on the Tenant's platform), the conversion event and associated lead data (name, email) provided by the Tenant are recorded. End Users should consult the Tenant's own privacy policy for how their personal data is processed by the Tenant's product. EarningIt processes this data only as a Data Processor on behalf of the Tenant.
We share data with the following third-party processors under Data Processing Agreements:
We do not sell, rent, or trade your personal data to any third party for advertising or marketing purposes. We will not share your data with any government authority except where legally compelled to do so, and we will notify you to the extent permitted by law before complying.
EarningIt's primary infrastructure is hosted in the EU (Hetzner, Germany). Transactional email is processed by Resend in the USA. For transfers of EU personal data to the USA, we rely on Standard Contractual Clauses (SCCs) where required. If you are located in the Philippines, your data is processed in accordance with the National Privacy Commission guidelines on cross-border transfers.
• Account data: Retained while account is active + 3 years after closure
• Commission & payout records: 7 years (tax and audit obligation)
• Referral click logs: 24 months
• Legal acceptance records: 10 years (statute of limitations for contract disputes)
• Tax documentation (W-9/W-8BEN): 7 years
• Email logs: 90 days
• Session tokens: Deleted at session end
• Authentication OTPs: Deleted upon use or expiry (10 minutes)
We implement the following security measures: (a) all data in transit is encrypted via TLS 1.2+; (b) passwords are hashed using bcrypt with a work factor of 12; (c) authentication tokens are HTTP-only, Secure cookies not accessible via JavaScript; (d) database access is restricted to application processes within a private Docker network; (e) rate limiting is applied to authentication endpoints; (f) payout details are stored encrypted at rest; (g) tax documents are stored with field-level restrictions. In the event of a data breach likely to result in high risk to individuals, we will notify affected users and relevant supervisory authorities within 72 hours of becoming aware, as required by GDPR Article 33.
Depending on your jurisdiction, you may have the following rights:
To exercise any right, email privacy@earningit.co with proof of identity. We will respond within 30 days. Note that erasure requests cannot override our legal obligation to retain commission, payout, and tax records for 7 years.
The Platform is strictly for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we become aware that a minor has created an account, we will immediately delete the account and all associated data. If you believe a minor has registered, contact privacy@earningit.co.
For detailed information on cookies set by the Platform and the tracking script, see the Cookie Policy.
If you are a California resident, you have the right to: know what personal information is collected; know whether it is sold or disclosed; opt out of the sale of personal information (we do not sell personal information); request deletion; not be discriminated against for exercising these rights. To exercise CCPA rights, email privacy@earningit.co with subject "CCPA Request."
Each Tenant Organization that uses EarningIt to run an affiliate program is an independent Data Controller for the referral, lead, and conversion data generated through their programs. Tenants are required under the EarningIt Tenant Agreement to maintain their own compliant privacy policy, obtain necessary consents from their end users, and enter into a Data Processing Agreement with EarningIt covering EarningIt's role as processor. Affiliates sharing lead data with a Tenant's program must ensure they have the legal right to share that data.
Material changes to this Privacy Policy will be communicated by email to all active users at least 14 days before taking effect. Non-material changes (e.g., clarifications, typo fixes) may be made at any time with the version number updated. Continued use of the Platform after the effective date constitutes acceptance of the updated policy.