pokat.

Privacy Policy

Last updated · May 31, 2026

This policy explains what data Pokat collects, why, and who processes it. We collect the minimum needed to run a project workspace and a non-custodial payment flow — nothing more.

1. What we collect

  • Account data (freelancer): email address and authentication details.
  • Project content: the blocks, files, messages, and comments you add to a project.
  • Approval audit trail: when a client signs off on a version, we record a content hash, timestamp (UTC), IP address, and browser user agent, plus the captured signature image. This is the proof-of-approval record.
  • Payout details:the freelancer's destination wallet address and chosen chain/asset.
  • Basic technical data: logs needed to operate and secure the service.

2. What we do not do

We do not sell your data. We do not collect payment-card details or run identity verification ourselves — that is handled by Transak as Merchant of Record under Transak's own privacy policy. We do not log wallet addresses, bank details, receipt URLs, or project links in plain text.

3. Why we collect it

To provide the workspace, to produce a tamper-evident record of approvals, to route payouts to the right wallet, to prevent abuse, and to comply with the law.

4. Service providers

We rely on a small set of processors to run Pokat:

  • Supabase — database and authentication.
  • Cloudflare R2 — file and asset storage.
  • Vercel — application hosting.
  • Resend — transactional email.
  • Upstash — rate limiting.
  • Transak — payment processing, KYC/AML, fiat-to-crypto conversion (Merchant of Record).

5. On-chain data is public and permanent

Payments settle on a public blockchain. Wallet addresses, amounts, and transaction times recorded on-chain are public, permanent, and outside Pokat's control. They cannot be edited or deleted by us or anyone. Consider this before transacting.

6. Data retention

We keep project and approval records for as long as your account is active and as needed to provide the service and meet legal obligations. You can request deletion of your account data; on-chain records cannot be deleted.

7. Your rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal data. To exercise them, contact us at the address below.

8. Security

We use access controls, encryption in transit, signed time-limited URLs for private files, and rate limiting. No system is perfectly secure; keep your account credentials and project links private.

9. International transfers

Our processors may store and process data in regions outside your own. We rely on those providers' safeguards for cross-border transfers.

10. Children

Pokat is not intended for anyone under 18.

11. Contact

Privacy questions or requests: hello@pokat.io.