RedTulip.io Privacy Policy

Last Updated: 2026-04-08

1. Introduction

This Privacy Policy explains how RedTulip AI Corp. ("RedTulip," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use the RedTulip.io website, mobile applications, and related services (the "Platform"). By using the Platform, you agree to the practices described here. If you do not agree, stop using the Platform.

This policy applies to all Platform users (Seekers, Keepers, and Visitors), across all devices and channels. It does not apply to third-party websites or services linked from the Platform. We encourage you to review third-party privacy practices independently.

RedTulip AI Corp. is the data controller for personal information collected through the Platform. We may update this policy to reflect changes in our practices or legal requirements. Significant changes will be communicated via email or Platform notification at least 30 days before taking effect. The "Last Updated" date above reflects the most recent revision.

2. Information We Collect

2.1 Information You Provide

Account information: name, display name, date of birth, email, phone number
Profile details: profile picture, languages spoken, biography
Booking and transaction data: dates, times, amounts, listing details
Communications: messages between users, reviews, support requests

2.2 Identity Verification Data

If you choose to verify your identity, you will submit a government-issued ID and complete a liveness check through our third-party verification partner. RedTulip does not store your ID documents, photos, or biometric data. Our verification partner processes this information and returns only a pass/fail result and the issuing country, region, or state of the ID. We retain only your verification status and the issuing jurisdiction.

2.3 Payment Information

Payment details (card information for Seekers, bank account details for Keeper payouts) are collected and processed by our third-party payment providers. RedTulip does not store your full payment card numbers or bank account details. Our payment providers maintain their own privacy policies and are PCI DSS compliant.

2.4 Information Collected Automatically

Device information: device type, operating system, browser type, device identifiers
Usage data: pages visited, clicks, search queries, time spent on the Platform
Geolocation: GPS-based location (with your permission) for relevant listing suggestions; IP-based location for regional compliance
Log data: IP addresses, access times, session activity

2.5 Information from Third Parties

We may receive verification results from our identity verification partner, transaction status updates from payment providers, and publicly available information relevant to investigations or disputes.

2.6 Children's Data

The Platform is not intended for anyone under 18. We do not knowingly collect data from minors. If we discover a minor has created an account, we will delete it and all associated data promptly.

3. How We Use Your Information

We use your information to:

Operate the Platform: create and manage accounts, facilitate listings, bookings, payments, and communication between users
Personalize your experience: tailor search results, recommendations, and relevant content
Ensure safety and compliance: verify identities, detect fraud, enforce our Terms of Service, and comply with applicable laws
Communicate with you: send booking confirmations, payment receipts, account updates, policy changes, and (where you have opted in) promotional messages
Improve the Platform: analyze usage patterns, collect feedback, and optimize features
Meet legal obligations: retain transaction records for tax and regulatory compliance, respond to lawful data requests

We do not sell or rent your personal data. We share information only in these circumstances:

With other users: profile details, listing information, and reviews are shared as needed to facilitate bookings. Messages between users may be monitored for safety.
With service providers: trusted third-party vendors who process data on our behalf, including payment processors, our identity verification partner, analytics tools, and customer support platforms. These providers are contractually required to protect your data and use it only for specified purposes.
For legal reasons: when required by law, court order, or government request; to protect the rights, property, or safety of RedTulip and its users; or to meet tax and regulatory reporting requirements.
In business transfers: if RedTulip is involved in a merger, acquisition, or sale of assets, your information may be transferred. You will be notified and the acquiring entity must honor this policy or provide equivalent protections.
Aggregated data: we may share anonymized, aggregated data that cannot identify you for analytics, research, or business purposes.

5. Data Storage and International Transfers

User account data, listings, communications, and transaction records are stored on secure servers hosted by Amazon Web Services (AWS). Data for users in the United States is stored in the US-West-2 (Oregon) region. Data for users in Bahrain is stored in the ME-South-1 (Bahrain) region.

Financial records are held by our third-party payment providers. Identity verification data is processed and held by our verification partner. RedTulip does not store payment card details or ID documents on its own servers.

Because RedTulip operates globally, your data may be transferred to and processed in countries other than your own. We implement appropriate safeguards for cross-border transfers, including encryption in transit, contractual protections with service providers, and compliance with applicable data protection frameworks (such as GDPR Standard Contractual Clauses where required).

6. Data Retention

Account data: retained while your account is active. After deletion, retained for up to 30 days to allow reactivation, then anonymized or deleted.
Transaction records: retained for at least 7 years as required by tax and financial regulations.
Verification metadata: verification status and issuing jurisdiction retained for the life of the account. No ID documents or biometric data are retained by RedTulip.
Communications: retained as long as necessary to support bookings, disputes, or legal investigations.
Geolocation data: used in real time and deleted or anonymized within 30 days unless linked to an active transaction.
Usage data: identifiable usage data retained for up to 2 years; anonymized data may be retained indefinitely.

Inactive accounts (12+ months without login) may be flagged for deletion after notice to the user. Data related to ongoing disputes or fraud investigations may be retained beyond standard periods.

7. Cookies and Tracking Technologies

We use cookies and similar technologies (device identifiers, session tracking, pixel tags) to provide core functionality (authentication, secure payments), remember your preferences, analyze usage and performance, and ensure security. We do not currently use third-party marketing or advertising cookies.

You can manage cookies through your browser settings or disable location services on your device. Disabling cookies may affect certain features, such as staying logged in or location-based search. Where required by law, we provide a cookie consent banner on first visit.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: request a copy of the data we hold about you.
Correction: request correction of inaccurate or incomplete data.
Deletion: request deletion of your data, subject to legal retention requirements.
Portability: request a copy of your data in a machine-readable format.
Withdraw consent: opt out of marketing communications or disable location tracking at any time.
Object or restrict processing: where applicable under laws such as the GDPR, you may object to or request restrictions on certain processing.

To exercise any of these rights, contact us at hello@redtulip.io. We will respond within 30 days or the timeframe required by applicable law. We may ask you to verify your identity before processing your request. Exercising your rights will not result in discrimination or reduced access to Platform features, except where the requested action makes it technically impossible to provide certain services.

8.1 Jurisdiction-Specific Rights

GDPR (EEA and UK): You may lodge a complaint with your local data protection authority if you believe your rights have been violated.

CCPA (California): You have the right to know what data is collected and shared, and to opt out of data sales. RedTulip does not sell personal data as defined by the CCPA.

Bahrain PDPL: We comply with the Kingdom of Bahrain's Personal Data Protection Law and any regulations issued thereunder.

For users in other jurisdictions, we will honor equivalent rights where required by local law.

9. Data Security

We implement industry-standard security measures to protect your information, including encryption of data in transit (TLS) and at rest (AES-256), role-based access controls, multi-factor authentication for administrative access, continuous system monitoring, and regular security audits.

No system is completely secure. You are responsible for keeping your account credentials safe, using strong passwords, securing your devices, and reporting suspicious activity to us immediately. RedTulip is not liable for breaches resulting from compromised user credentials or unsecured devices.

In the event of a data breach affecting your information, we will notify you and applicable regulatory authorities as required by law, describe the nature of the breach and data affected, and outline steps taken to mitigate the impact.

10. Changes to This Policy

We may update this Privacy Policy periodically. For significant changes, we will provide at least 30 days' notice via email or Platform notification before the changes take effect. Minor updates (typos, clarifications) may be made without advance notice. The "Last Updated" date at the top always reflects the current version. Continued use of the Platform after changes take effect constitutes acceptance. If you disagree, stop using the Platform and contact us to delete your account.

11. Contact Information

For privacy questions, data requests, or concerns:

Email: hello@redtulip.io
Technical issues: dev@redtulip.io

We aim to respond within 48 business hours. If you believe your privacy rights have been violated and we have not adequately addressed your concern, you may contact your local data protection authority.