Privacy Policy
Last updated: June 2026
This Privacy Policy explains how Ratify ("Ratify", "we", "us") collects, uses, and protects personal data when you visit ratify.cc, join our early-access waitlist, and — once it launches — use the Ratify reputation platform. We operate globally; wherever you are, we aim to handle your data lawfully and transparently. We use the GDPR as our baseline and extend the same protections to honour rights under other regimes, including US state privacy laws.
Summary of key points
- Today (website & waitlist): the only data you actively give us is your email address. We also keep basic server logs to operate and secure the site.
- On the platform (at launch): Ratify builds a public, multi-dimensional reputation score for people and projects from verifiable interactions. This involves processing personal data and a form of profiling — explained in section 2.
- We use no cookies, no analytics, no tracking; fonts are self-hosted.
- We never sell or rent your data and never use it for advertising.
- You can access, correct, reply to, dispute, or delete your data — see your rights below.
Table of contents
1. What information we collect
Information you provide
Today, when you sign up for early access, you give us your email address — the only information we ask for. On the platform (section 2) you will additionally provide profile information and reviews. We do not collect special categories of data ("sensitive information"), and you should not submit such data in free-text fields.
Information collected automatically
When you visit the site, our server records limited technical data in log files: IP address, date and time, the page requested, referrer, and browser/device user-agent. This is standard for operating a website securely.
2. Reputation profiles & scores
The reputation platform is not yet live. This section explains how it will handle personal data, so you understand it before you ever create a profile. Until then, only the website and waitlist (sections 1, 3–15) apply to you.
Ratify's purpose is to provide a manipulation-resistant trust layer for Web3: a public, multi-dimensional reputation score — shown as a traffic light — for people and projects, derived from real, verifiable interactions.
Data we will process on the platform
- Profile data you provide: display name, handle, bio, avatar, roles/skills, and links.
- Identities you choose to link: a crypto wallet address (and its public on-chain history/age) and social accounts (e.g. X, Discord, GitHub) with public attributes such as account age — used to gauge "identity strength" and resist fake accounts.
- Relationships, engagements and reviews: the working relationships you confirm, the reviews you write about others, and the reviews others write about you (multi-dimensional ratings plus comments), along with upvotes and public replies.
- Invitations: who invited you, which forms part of the trust graph.
- Later phases (only when those features launch): payment records and KYC identity verification, which is required to receive payments.
How the score works, and profiling
We compute the score from reputation-weighted, verifiable signals (confirmed relationships, endorsements weighted by the endorser's own standing, and economic proof), smoothed toward a neutral default when data is thin ("when in doubt, grey"). Computing a reputation score is a form of profiling under the GDPR. It is built from real, verifiable interactions and is designed to be explainable: your public profile shows what a score is based on (verified vs. open sources, number of sources, confidence). We do not use it to make solely automated decisions that produce legal or similarly significant effects about you without human involvement, and you can always respond and dispute (see your rights).
Scoring transparency & automated decisions
Like a credit score (for example, the German Schufa score), a Ratify reputation score is a compact assessment derived from data — here, the trustworthiness signal from verifiable interactions. We tell you the categories of data that feed it and the principles of the model (the factors and how they broadly combine). To keep the system resistant to manipulation, the exact weights and thresholds are not disclosed — a deliberate, recognised limit that balances transparency against gaming, similar to how scoring providers protect their formula.
Under Art. 22 GDPR you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you. Ratify itself uses the score as informational — it does not, on its own, make such decisions about you. Because third parties may nonetheless rely on a published score, we give you meaningful safeguards: the right to information about your score and the main factors influencing it, to obtain human review, to express your view, and to contest a result. Scores are recalculated regularly, older inputs lose weight over time (decay), and you can have inaccurate underlying data corrected.
Public visibility
Profiles, projects and their scores are public and server-rendered so they can be found and verified (including by search engines). Please don't put anything in your profile that you don't want to be public.
Reviews about identifiable people
Reviews must rest on a real business contact, and a relationship only becomes visible when both sides confirm it or a payment proves it. If you are reviewed, you have a right of reply, the right to have inaccurate entries corrected, and the right to have reviews removed where no genuine business contact exists. Disputed entries are hidden pending moderation.
Third-party & public sources
Some platform data comes from public sources you connect — for example public blockchain history (for wallet age/activity) and public social-account attributes — used solely to assess identity strength and resist manipulation.
3. How we use your information
- Waitlist: to notify you when early access opens and to manage available seats.
- Platform (at launch): to operate your profile and compute and display reputation scores for people and projects, and to keep the system fair and manipulation-resistant.
- Operate and secure the service: to deliver pages, maintain stability, and detect or prevent abuse, fraud, Sybil attacks, and manipulation.
- Comply with law and respond to lawful requests.
We do not use your information for advertising or for automated decisions producing legal effects without human involvement.
4. Legal bases (GDPR/UK GDPR)
- Consent (Art. 6(1)(a)) — for the waitlist email, and for creating a profile and linking your identities. Withdrawable at any time.
- Legitimate interests (Art. 6(1)(f)) — for server logs and security; and for operating a fair, manipulation-resistant trust layer, including reviews about identifiable persons that rest on a real business contact. We balance these interests against your rights, consistent with established case law on rating platforms.
- Contract (Art. 6(1)(b)) — for features you actively request, such as future payment/escrow handling.
- Legal obligation (Art. 6(1)(c)) — including identity verification (KYC/AML) where the law requires it for payments.
If you are in a region requiring express consent (e.g. Canada), we rely on your express consent for the waitlist and profile creation.
5. Sharing your information
We do not sell, rent, or trade your personal data and never share it with advertisers. We share data only with:
- Hosting provider — our infrastructure runs on netcup GmbH (data centre in Germany) as our processor under a data processing agreement (Art. 28 GDPR). Waitlist emails are stored on our own server, not with an external marketing platform.
- Future processors — when the platform and payments launch, we may use vetted processors (e.g. a regulated payment provider or KYC vendor). Ratify never custodies funds; we will identify such processors here before they go live.
- Public visibility — profile information and scores you publish are, by design, visible to anyone (see section 2).
- Legal / business transfers — where required by law, or in connection with a merger or acquisition, with continued protection and notice of material changes.
6. Cookies & tracking
We use no cookies for marketing or analytics, no web-analytics services, and no third-party trackers, pixels, or ad tags. Fonts are served locally from our own server, so no data is transmitted to third-party font providers (such as Google Fonts).
7. How long we keep it
We keep your waitlist email until you withdraw or the purpose ends. Server logs are kept only briefly for security and then deleted. Profile and reputation data is kept while your account is active; reviews lose weight over time (decay) and you can request correction or deletion as described below. When data is no longer needed, we delete or anonymise it.
8. How we keep it safe
We apply appropriate technical and organisational measures: HTTPS/TLS everywhere, a hardened, firewalled server with key-only access and automatic security updates, and data minimisation. No method of transmission or storage is 100% secure, however, and we cannot guarantee absolute security; you share information with us at your own risk.
9. International data transfers
We are based in Germany and host data within the European Union. If we engage a processor outside the EEA, we rely on an adequacy decision or appropriate safeguards (such as the EU Standard Contractual Clauses). As a global service, we apply this baseline of protection to all users regardless of location.
10. Minors
The site, waitlist, and platform are not directed to individuals under 18, and we do not knowingly collect their data. If you believe a minor has provided us information, contact us and we will delete it.
11. Your privacy rights
Subject to applicable law, you have the right to: access your data; correct it; delete it; restrict or object to processing (including profiling); data portability; and to withdraw consent at any time (without affecting prior processing). On the platform you additionally have a public right of reply to any review about you, and the right to have reviews removed where no genuine business contact exists. Regarding your reputation score, you have the right to information about the score and the logic involved (Art. 13/15(1)(h)) and, where decisions involve automated processing, to human intervention, to express your view, and to contest the outcome (Art. 22). To exercise any right, email us — we respond within the timeframes required by law.
If you are in the EEA, UK, or Switzerland, you may also lodge a complaint with your local data protection authority. For Germany this includes the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW).
12. US residents' rights
Residents of US states with comprehensive privacy laws (such as California, Colorado, Connecticut, Texas, Virginia, and others) may have the right to know, access, correct, and delete personal information, and to opt out of its "sale"/"sharing" and of targeted advertising. We do not sell or share personal information and do not use it for targeted advertising or profiling for advertising purposes. California residents may also use the "Shine the Light" law. Contact us to exercise these rights; we verify and respond as required, and you may appeal a decision.
13. Do-Not-Track
Because we do not track visitors across websites, there is nothing to disable. As no common "Do-Not-Track" standard exists, we do not respond to DNT browser signals — but our no-tracking practice applies to everyone regardless.
14. Updates to this notice
We may update this Privacy Policy to reflect changes in our practices or for legal reasons — in particular, we will expand it with concrete detail before the reputation platform and payment features go live. The "Last updated" date will change accordingly, with prominent notice of material changes where appropriate.
15. How to contact us
For any privacy question, or to exercise your rights, contact the controller:
Ratify.cc
Emsdettener Str. 10
48268 Greven
Germany
Email: simon@summit3.io