Below is a stand-alone, publish-ready Privacy Policy for Just The Tip (“JTT”) that does not require any signature. Use of the platform constitutes agreement. Replace items in [brackets] with your details, review with counsel, and publish.

Privacy Policy — Just The Tip (“JTT”)

Effective date: Sep 24 2025

Last updated: Sep 24 2025

This Privacy Policy describes how Just The Tip LLC (“JTT,” “we,” “us,” “our”) collects, uses, shares, and protects personal information in connection with our QR/link-based digital tipping platform, websites, and related services (the “Services”).

By visiting our sites, scanning a JTT QR/link, creating or using a JTT account, or otherwise using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

Note: This document is for transparency and does not constitute legal advice. Some rights and disclosures vary by region.

1) Who We Are & Contact Information

• Provider/Controller (in specified contexts below): Just The Tip LLC, doing business as Just The Tip.
  
• Privacy email: privacy@usejtt.com
  
  

2) Scope & Audiences Covered

This Policy applies to:

• Website visitors and prospective customers (merchants),
  
• Merchants (owners/admins) and their staff/recipients,
  
• Guests/tippers who use JTT QR codes/links,
  
• Job applicants.
  

It covers our websites, merchant dashboards, QR/short-link tip flows, APIs, and support channels, and works alongside our Terms of Service and Cookie Policy (Annex B). A standard Data Processing Addendum (DPA) for merchants is available at usejtt.com/dpa or upon request.

3) What JTT Does (Plain English)

JTT enables a tip-first flow: a guest scans a QR/link and tips first (e.g., Apple Pay, Google Pay, credit/debit card). Only after the tip may the guest leave a short note and follow a gentle nudge to a merchant-selected public review page (e.g., Google/Tripadvisor). JTT is free for businesses; any applicable platform fee is shown to the guest before payment.

Payments are processed by independent third-party payment processors (e.g., Stripe). Guests may provide payment information directly to those processors. JTT does not store full card numbers or CVV.

4) Roles Under Privacy Law (Controller vs Processor)

• Merchant as Controller (primarily): For most merchant data—e.g., staff endpoints, team/individual associations, placement attribution, and tip routing configured by the merchant—JTT acts as a data processor on behalf of the merchant (controller) and processes data under the merchant’s instructions and the DPA. To the maximum extent permitted by law, the merchant is responsible for establishing a lawful basis, providing notices to staff/guests, and fulfilling data subject requests for controller data.
  
• JTT as Controller (limited contexts): JTT acts as an independent controller for our own website/app analytics, security/fraud prevention, product improvement telemetry, merchant leads and account administration, and direct marketing to merchants (subject to consent/opt-out).
  
• Independent third-party controllers: Payment processors and public review platforms act as independent controllers for data you provide directly to them, governed by their own policies.
  

5) Personal Information We Collect

5.1 Website Visitors & Leads

• Identifiers (IP, cookie/SDK IDs), device/OS/browser details, general geolocation (city/region), referral/UTM, pages viewed, session data.
  
• Contact details you submit (name, email, company, role, phone), form content, event/webinar registrations, preferences.
  

5.2 Merchants (Owners/Admins)

• Business contact details; account/profile; authentication data (hashed); configuration (endpoints, pooled/individual, review destination); product usage telemetry; support/chat/call records; marketing preferences; billing/payout metadata (payout/settlement details are held by the payment processor).
  

5.3 Staff/Recipients (Employees/Contractors who receive tips)

• Name or display name; role/department; endpoint associations; earnings/tip totals and timestamps; placement attribution; post-tip guest notes (if provided); dashboard activity necessary to deliver the Services.
  

5.4 Guests/Tippers

• Tip transaction metadata (time/date, amount, currency, endpoint/QR used), device/browser, approximate location (IP-based).
  
• Optional data provided after tipping: short note, rating.
  
• Contact info only if the guest provides it (e.g., for a receipt).
  
• Review link routing metadata (e.g., which review link was opened).
  

Payment data: Guests enter payment details directly with the processor (e.g., Stripe). We receive limited tokens/IDs and payment status to confirm the transaction. JTT does not store full card numbers or CVV. See the processor’s privacy policy: https://stripe.com/privacy.

5.5 Job Applicants

• Resume/CV, contact info, work history, references, interview notes, right-to-work documentation (where required).
  

5.6 Data We Do Not Intentionally Collect

• Special categories of data (e.g., health, biometric, precise geolocation) are not required for the Services and should not be submitted through them.
  

6) Sources of Personal Information

• Directly from you (forms, dashboard, support, QR flow).
  
• Automatically via cookies/SDKs (see Annex B).
  
• From merchants about their staff (to create/manage endpoints).
  
• From payment processors (transaction confirmations, payout status).
  
• From review platforms (click-through events; not review content).
  

7) How We Use Personal Information (Purposes & Legal Bases)

(Legal bases apply where relevant, e.g., GDPR/UK GDPR: contract, legitimate interests, consent, legal obligation.)

• Provide and operate the Services (contract/legitimate interests): Create endpoints/QRs, route tips, provide dashboards, exports, and payouts (via processor), review routing after a tip, and support.
  
• Security & fraud prevention (legitimate interests/legal obligations): Detect, prevent, and investigate abuse.
  
• Improve the Services (legitimate interests): Diagnostics, analytics, A/B testing; aggregate or de-identified insights for product decisions.
  
• Merchant communications (contract/legitimate interests/consent): Onboarding, service updates, surveys, marketing (opt-out anytime).
  
• Compliance (legal obligations): Accounting/tax records; responding to lawful requests.
  

Where we rely on consent (e.g., certain cookies/marketing in the EEA/UK), you can withdraw consent at any time via our preferences tools or by contacting us.

8) “Tip-First,” Notes & Review Routing

• Tip-first: Comments/ratings and any public review prompts occur only after a tip.
  
• Positive ratings (e.g., 4–5★) may be nudged to a single public review destination chosen by the merchant.
  
• Lower ratings (e.g., 1–3★) remain private to the merchant for service recovery.
  
• JTT does not post reviews on a guest’s behalf; we link out to third-party sites subject to their terms.
  

9) Payments & Direct Provision to Third Parties

• Direct collection by payment processors: During checkout, guests interact directly with independent payment processors (e.g., Stripe), which collect and store payment information under their own privacy policies.
  
• No card storage by JTT: JTT does not store full card numbers or CVV; we receive limited tokens/IDs and success/failure status.
  
• Review platforms: If a guest follows a post-tip link to a public review site, they interact with that platform under its own policies.
  
• Third-party responsibility: To the maximum extent permitted by law, JTT is not responsible for the privacy/security practices of third-party processors or platforms. Please review their policies.
  

10) Sharing & Disclosures

10.1 Service Providers (Processors)

We share data with vendors who help us operate JTT: hosting/cloud, analytics, logging/monitoring, email/SMS delivery, customer support, product telemetry, and (where relevant) print/signage vendors. These providers are bound by contracts limiting their use to our instructions.

10.2 Payment Processors & Financial Institutions

We share transaction metadata and identifiers as needed to process payments and payouts. Payment processors may act as independent controllers of data provided directly to them.

10.3 Review Platforms

We route guests after a tip to a merchant-selected public review destination via outbound links.

10.4 Partners & Discretionary Sharing for Merchants

For merchants, we may share merchant data with third parties at our discretion (consistent with applicable law and this Policy), including integration partners, resellers, referral/marketing partners, professional advisors, and in corporate transactions (merger, acquisition, financing, asset transfer). Where required by law, we will obtain consent or provide an opt-out.

We do not “sell” personal information as “sale” is defined under certain US state laws. If our activities constitute “sharing” for cross-context advertising, we will provide the required notices and opt-out mechanisms.

10.5 Legal, Safety, and Compliance

We may disclose data to comply with law, enforce agreements, or protect rights, property, users, or the public.

10.6 Aggregated/De-identified Information

We may use and share aggregated or de-identified information that does not reasonably identify an individual for research, analytics, and product improvement.

11) International Transfers

We may process/store data in countries other than where it was collected. For EEA/UK transfers, we rely on recognized safeguards such as EU Standard Contractual Clauses (and the UK Addendum), along with additional measures (e.g., encryption, access controls).

12) Data Retention

We retain personal information only as long as necessary for the purposes described, including legal/accounting requirements. Illustrative ranges (confirm with counsel):

• Transaction and payout records: up to 7 years (or as required by law).
  
• Guest notes/ratings linked to tips (merchant access): 5 years.
  
• Merchant account data: life of account + 12 months.
  
• Marketing data: until opt-out or 12 months of inactivity.
  

13) Security

We implement appropriate technical and organizational measures, including encryption in transit/at rest (where applicable), least-privilege access, MFA, logging/monitoring, vendor diligence, workforce training, and incident response. No method is 100% secure.

14) Your Rights & Choices

14.1 EEA/UK (GDPR/UK GDPR)

Depending on our role (controller vs processor), you may have rights to access, rectify, erase, restrict, object, and data portability, and to withdraw consent.

• When the merchant is controller: Direct requests to the merchant. To the maximum extent permitted by law, JTT—acting solely as processor—will refer requests to the controller and assist as required by the DPA.
  
• When JTT is controller: Contact privacy@usejtt.com; we will respond within applicable timelines.
  
  You may lodge a complaint with your supervisory authority.
  

14.2 US State Laws (e.g., California CPRA, Colorado, Virginia, Connecticut, Utah)

Rights may include access/know, delete, correct, portability, and to opt-out of “sale” or “sharing” and targeted advertising. JTT does not sell personal information.

14.3 Canada (PIPEDA) & Other Regions

You may have rights to access/correct personal information and to lodge complaints with authorities. Contact us at privacy@usejtt.com.

14.4 Marketing Preferences

Merchant admins can opt out of marketing emails via the unsubscribe link or by contacting us. Transactional communications (e.g., receipts, critical service messages) may continue.

14.5 Cookies & Tracking

See Annex B (Cookie Policy) for cookie categories, consent options, and controls.

15) Children’s Privacy

JTT is not directed to children under 16 and we do not knowingly collect their personal information. If you believe a child has provided data, contact us to delete it.

16) Role-Based Visibility (Merchants & Staff)

• Staff/recipients may see their own tip history/amounts and, where enabled, post-tip guest notes for their endpoint or pool.
  
• Merchant managers/admins may see outlet/department/placement analytics and exports for payroll.
  
• Guest identity is not required to tip; if a guest provides contact info (e.g., for a receipt), it may be visible to the merchant according to settings.
  

17) Merchant Responsibilities (When You Are Controller)

Merchants are responsible for:

• Providing any required privacy notices to staff/guests and establishing a lawful basis for processing;
  
• Configuring review links in line with third-party platform policies;
  
• Handling payroll/tax obligations related to tips (JTT provides exports);
  
• Ensuring use of JTT complies with local law and cultural norms (e.g., transparent “optional gratitude” messaging).
  
  To the maximum extent permitted by law, JTT is not liable for a merchant’s failure to meet controller obligations.
  

18) Third-Party Links & Services

Our Services may link to third-party websites and services (e.g., payment processors, review platforms). Your use of those services is governed by their terms and privacy policies. To the maximum extent permitted by law, JTT is not responsible for third-party privacy/security practices.

19) Changes to This Policy

We may update this Policy periodically. We will post changes here and, for material changes, provide additional notice (e.g., email or in-app). Check the “Last updated” date.

20) How to Contact Us

• Email: privacy@usejtt.com

Annex A — Sub-processors & Key Third Parties

We use carefully selected vendors to operate JTT.

Payments & Financial

• Stripe — payment processing and payouts (independent controller/processor per their policy)
  

We may add/replace sub-processors over time. Where legally required, we will provide notice and an opportunity to object (see DPA).

Annex B — Cookie Policy

Last updated: Sep 24, 2025

B.1 Overview

We use cookies and similar technologies to run our sites/services, understand usage, and (where permitted) improve or advertise our services. In regions requiring consent (e.g., EEA/UK), we present a cookie banner/manager.

B.2 Categories of Cookies

• Strictly Necessary: Required for site and security features (cannot be switched off).
  
• Performance/Analytics: Measure usage to improve the product.
  
• Functional: Remember choices (e.g., language).
  
• Advertising/Retargeting (if used): Tailor ads and measure effectiveness.
  

B.3 Managing Preferences

Use our Cookie Settings to accept, reject, or withdraw consent. You can also control cookies in your browser settings. Disabling certain cookies may impact functionality.

B.4 Do Not Track

We currently do not respond to “Do Not Track” signals. Use the Cookie Settings and browser tools for control.

B.5 Example Cookie Table (illustrative)

Annex C — US State Privacy Notice (CPRA & Others)

Last updated: Sep 24, 2025

This Notice supplements the Privacy Policy for residents of states with comprehensive privacy laws (e.g., California, Colorado, Virginia, Connecticut, Utah). Terms have the meanings defined by applicable law.

C.1 Categories of Personal Information Collected

We do not knowingly collect sensitive personal information through the Services.

C.2 “Sell” / “Share” / Targeted Advertising

We do not sell personal information. If we “share” personal information for cross-context behavioral advertising, we will provide required notices.

C.3 Your Rights

Residents may have rights to know/access, delete, correct, portability, and to opt-out of sale/share and targeted advertising. Submit requests at privacy@usejtt.com. We will verify and process requests as required by law. We will not discriminate against you for exercising rights.

Annex D — Jurisdictional Notices (EEA/UK, Canada)

• EEA/UK: For controller processing by JTT, you have rights under GDPR/UK GDPR described in §14.1 of the Policy. Contact privacy@usejtt.com 
  
• Canada (PIPEDA): You may request access to and correction of personal information we hold about you, and contact privacy@use.com or the Office of the Privacy Commissioner of Canada with concerns.
  

Acceptance & Language

By using the Services, you agree to this Privacy Policy. If this Policy is translated, the English version controls in the event of conflict.

Questions? Contact privacy@usejtt.com.