← Back to Scratch

Privacy Policy

Last updated: June 5, 2026

1. Introduction

Scratch ("we," "our," or "us") is a mutual aid platform operated by Nemomakes, a California corporation doing business as Scratch. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").

2. Age Requirement (18+)

You must be 18 or older to receive donations and withdraw funds on Scratch. This is a federal financial-services requirement that applies to all peer-to-peer money apps, not a choice Scratch makes. Anyone can use the app to donate, browse, or comment, regardless of age.

We ask for your date of birth the first time you try to create a request or set up payouts, and we use it solely to verify the 18-and-over requirement. Stripe also independently verifies your age during payout onboarding (KYC) and will reject any account that does not meet the 18+ threshold.

3. Information We Collect

Account

  • Email address
  • Name (and display name)
  • Phone number
  • Profile photo (optional)
  • Bio (optional)

Identity (collected only if you set up payouts)

  • Full legal name
  • Date of birth
  • Last 4 digits of your Social Security Number
  • Residential address
  • Government ID document (when Stripe requires additional verification)

Identity documents are transmitted directly to Stripe and held by Stripe — Scratch does not store them.

Activity

  • Requests you create
  • Donations you make or receive
  • Follows and connections
  • Direct messages
  • Reciprocity Score inputs (donation history, withdrawal history, skip counts, referrals)

Device

  • Push notification token (used solely to deliver notifications to your device — never sold, never shared with third parties)

Financial

  • Payment-method information (card number, bank account number) is held entirely by Stripe. Scratch never sees or stores it.
  • Transaction metadata (amounts, dates, counterparties) is stored by Scratch for tax compliance and Reciprocity Score calculation.

Authentication

  • Sign-in via email OTP, SMS OTP, or social login (Google, Apple, Facebook)
  • We do not store passwords — authentication is token-based

4. Who Sees What

Scratch is built so that the public-facing profile of a user is deliberately minimal. The data we surface to other users on the platform is strictly limited.

Other Scratch users see

  • Your name
  • Your avatar
  • Your Reciprocity Score level
  • Your bio (if you wrote one)
  • Public stats: number of donations made, number of requests posted

Other Scratch users do NOT see

  • Your email address
  • Your phone number
  • Your date of birth
  • Your Stripe Connect ID or any payout details
  • Your financial state (balance, pending withdrawals, donation amounts received)
  • Your push notification token

Membership in a private circle does not unlock extra PII — same-circle members see exactly the same fields as anyone else.

Scratch admin (info@scratchapp.us) can access account data for moderation, support, and abuse investigations. Stripe receives the identity information it needs for KYC compliance.

5. Private Circles

Private circles let you isolate your Scratch activity to a chosen group — for example, a family, a congregation, or a mutual-aid network. Members of a private circle can see each other's requests and message each other directly.

People outside your circle cannot see that you are in a private circle, cannot see the circle's name, and cannot message you. When you join a private circle, follows and conversations with users outside the circle are automatically severed or hidden to preserve the boundary.

If you leave a private circle, your visibility to the broader Scratch community is restored, and conversations that were hidden by the circle boundary become visible again.

6. How We Use Your Information

  • To create and manage your account
  • To process donations and payouts
  • To calculate your Reciprocity Score and determine request limits
  • To display requests in your community feed
  • To send notifications about donations, request updates, and refunds
  • To verify your identity for payouts (via Stripe)
  • To prevent fraud and abuse
  • To comply with legal and tax reporting obligations

7. Third-Party Services

We use the following third-party services:

  • Stripe — Payment processing, identity verification, and payouts. Stripe's privacy policy applies to data they collect.
  • Supabase — Database hosting, authentication, and serverless functions. Data is stored in secure, encrypted databases.
  • Twilio — SMS verification for phone number confirmation.
  • Resend — Email delivery for OTP codes and notifications.
  • Expo — Push notification delivery to your mobile device.

8. Stripe Connect & Financial Data

All payments on Scratch are processed by Stripe, Inc. We never store card numbers, full bank account numbers, or full Social Security Numbers. Card and bank details live with Stripe under their own security and compliance posture.

To withdraw money you receive on Scratch, you set up a Stripe Connect account. Stripe is legally required to verify your identity (KYC — Know Your Customer) under federal financial regulations. Minors cannot complete Stripe Connect setup; this is enforced by Stripe, not by Scratch.

Refunds: donors can be refunded if a request is cancelled within 48 hours of being posted. Refunds are processed by Stripe back to the original payment method.

9. Data Sharing

We do not sell your personal information. We share data only as follows:

  • With other Scratch users: your display name, profile photo, and request details are visible to other users
  • With Stripe: payment and identity data necessary to process transactions
  • With law enforcement: when required by law or to protect the safety of our users
  • For tax reporting: Stripe handles 1099 reporting for payouts as required by the IRS

10. Data Security

We implement industry-standard security measures including encrypted data transmission (TLS), encrypted database storage, row-level security policies, and secure authentication tokens. No method of electronic storage is 100% secure, and we cannot guarantee absolute security.

11. Communications

We use email and push notifications for transactional updates — request approved, donation received, withdrawal complete, refund processed, and similar events directly tied to your activity on Scratch.

You can disable push notifications at any time in Profile → Notification Settings, or at the operating-system level on your device.

We will not email you marketing material unless you explicitly opt in. Transactional emails (account, payment, security) cannot be disabled while your account is active.

12. Data Retention & Deletion (GDPR / CCPA)

You can delete your account from Profile → Delete Account. Doing so removes your personal data, cancels any active requests, and refunds any pending donations.

Some financial records — primarily donation history needed for tax reporting — are retained per IRS requirements, typically for seven years. These records are retained in a minimized form sufficient to satisfy tax law.

You can request a full export of your personal data by emailing info@scratchapp.us. We will respond within 30 days, consistent with GDPR and CCPA timelines.

13. Your Rights

You have the right to:

  • Access and download your personal data
  • Request correction of inaccurate information
  • Delete your account and personal data
  • Opt out of non-essential notifications

To exercise these rights, use the account settings in the app or contact us at info@scratchapp.us.

14. Children's Privacy

Scratch is not intended for users under the age of 18 as recipients of donations or for payouts. We do not knowingly collect personal information from children for those purposes. If we learn that a minor has provided information for restricted flows, we will delete it promptly.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notification or email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy, contact us at:

Nemomakes, operating as Scratch
info@scratchapp.us