§ P01 — THE INDUSTRY AUDIT

What Every Other Platform Does With Your Data

Before the LaunchPillow covenant, the record. Every major creator platform has a published data policy. The table below is drawn from those primary sources — not interpretation, not paraphrase. What is collected. What it is used for. What the creator surrenders to participate.

Platform What They Collect What They Do With It Creator Status Primary Source
Meta
Instagram · Facebook · Threads
Every post, like, comment, message, and search. IP addresses, device identifiers, location signals, behavioral patterns across all Meta properties. Since 2024: public posts and captions used to train generative AI models.
Creator Content → AI Training Data
Meta grants itself a non-exclusive, royalty-free, worldwide license to host, distribute, and modify creator content. Data is used to serve targeted advertisements, develop internal AI products, and personalize experiences across all linked Meta services. Data sharing with advertising partners may qualify as a "sale" under CCPA even without direct monetary exchange. Product ↗ instagram-privacy-and-safety — March 2026
↗ instagram-privacy-policy — usercentrics.com
Google / YouTube Watch history, search history, device metadata, IP address, GPS and sensor location data. Cross-service data linkage across all Google products. Creator content used to train recommendation algorithms and ad targeting systems. Behavioral data shared with measurement companies and advertising partners via cookies and similar technologies. Data used to improve services, provide personalized content recommendations, and serve targeted advertisements. Creators and advertisers are permitted to work with third-party measurement companies to analyze audience data. Ad revenue split: YouTube retains 45%.
Personalized Ads · Third-Party Measurement
Partner / Subject ↗ howyoutubeworks/privacy — YouTube official
↗ policies.google.com/privacy
↗ youtube-2026-creator-economy — timescommerce.com
TikTok
Post-2026 ownership
2026 policy change: precise GPS location data now collected if location services are enabled. Previously, TikTok's U.S. policy explicitly excluded precise GPS collection. Citizenship data, sensitive personal data, behavioral signals, device fingerprints. Biometric identifiers in some jurisdictions.
Precise Location · Citizenship Data
Location data classified as sensitive data under the 2026 policy. Used for personalization, ad targeting, and content recommendation. Privacy advocates noted: "If the only choice is to accept the unnecessary collection and use of your location data, your citizenship data and other sensitive data, or not use the app at all — that's not a real choice." Surveilled ↗ tiktok-privacy-geolocation — CBS News, January 2026
CreatorIQ Public data from social platforms via API — posts, engagement metrics, follower demographics. Authenticated data collected on behalf of brand customers with creator consent. AI and machine learning applied to all data types. Third-party data providers supply inferred demographics. Data processed to enable brand discovery of creators for campaigns. Customers (brands) are the end client. Creator data builds a queryable corpus for brand targeting. The creator's public output becomes a product sold to the brands that pay CreatorIQ — not to the creator.
Creator Is The Inventory
Inventory ↗ creatoriq.com/legal/privacy-policy
Patreon Member data (audience personal data) passed to creators to enable membership fulfillment. Creators process member data under a Data Processing Agreement mandating strict limits — only for the purpose of delivering membership services, not for the creator's own use. Upon leaving Patreon, creators must securely destroy all member data — no rights persist. The framework protects audience members from creators, not creators from the platform. The creator's access to their own audience data terminates the moment they leave.
Audience Data Revoked on Exit
Licensee ↗ Patreon Data Processing Agreement — May 2026
The Pattern
Across every platform above, the creator grants a license. The platform monetizes the data. The creator holds an account — not a node. When the account is terminated, suspended, or the platform changes its terms, the creator's data, audience access, and provenance record are gone. The creator economy has no infrastructure layer that treats the creator as the client. LaunchPillow is that layer.

§ P02 — THE LAUNCHPILLOW COVENANT

The Declaration

Four clauses. Each is unconditional. Each is structurally enforced by the LaunchPillow architecture — not by policy alone.

CLAUSE I
The Creator Is The Client. The Node Belongs To The Creator.
Every other platform issues an account. LaunchPillow mints a node. The creator's DID document — anchored at launchpillow.com/registry/[handle]/did.json — is cryptographically controlled by the creator, not by the platform. The W3C DID specification is explicit: the controller of a DID proves control without requiring permission from any other party. The mint timestamp is immutable. The platform cannot reassign it, transfer it, or revoke it without the creator's explicit written request.

↗ W3C Decentralized Identifiers (DIDs) v1.1 — Candidate Recommendation, March 5 2026
CLAUSE II
Creator Data Has One Purpose: Growing Their Reach.
Data submitted during onboarding — questionnaire answers, contact information, ontology declarations — writes to the creator's Cloudflare D1 ledger. That data is used for one purpose: building and maintaining the creator's knowledge graph node. It is used to enrich edges to research articles in their verticals, connect their profile to related creator nodes, and grow their machine-readable presence on the open web.

LaunchPillow does not sell this data. LaunchPillow does not use this data for advertising. LaunchPillow does not share this data with social media platforms, data brokers, or third-party advertising networks. LaunchPillow does not feed creator intake data into AI training pipelines.
CLAUSE III
The Public Node Is Intentionally Public. This Is The Product.
The creator's machine-readable profile — their schema:Person JSON-LD document, ontology pillars, topic authority edges, and provenance record — is published to the open web. Google reads it. Perplexity reads it. Claude reads it. Every AI retrieval system that touches the public web finds it.

This is not a privacy risk. It is the value proposition. The creator consents to this machine-readability explicitly at enrollment. W3C Verifiable Credentials are privacy-preserving by design — ↗ selective disclosure allows users to prove specific claims without over-sharing personal data. The public node contains what the creator declares. Private intake data stays in the D1 ledger. These are structurally separate.
CLAUSE IV
Data Minimization By Architecture.
LaunchPillow collects what is required to build the node. No behavioral tracking on creator profile pages. No third-party analytics pixels on the public provenance surface. No cookies on the open-web creator profile documents. The profile page is a clean, machine-readable provenance record — not a surveillance endpoint.

This aligns with the data minimization principle built into W3C VC 2.0 (ratified May 15, 2025) and is a compliance requirement under GDPR for any platform collecting personal data from EU residents. ↗ California's CCPA mandates explicit disclosure of all data collected, its purpose, and the right to deletion — enforced by the CPPA as of 2025. matomo.org/blog — May 2026

§ P03 — WHAT WE COLLECT

Two Categories. Structurally Separate.

Private intake data and public node data are different objects stored in different systems for different purposes. The distinction is architectural, not procedural.

◈ Private · D1 Ledger
Legal name and contact email (enrollment only)
Questionnaire responses — bio, content categories, ontology declarations
Handle and slug reservation
Billing information (processed by Stripe — not stored by LaunchPillow)
IP address at enrollment (session-only, not retained)
PURPOSE: BUILD AND MAINTAIN THE CREATOR NODE
ACCESS: CREATOR + LAUNCHPILLOW INFRASTRUCTURE ONLY
NEVER SOLD · NEVER SHARED · NEVER USED FOR ADS
⬡ Public · Open Web Node
schema:Person JSON-LD document at /registry/[handle]
DID document at /registry/[handle]/did.json
Declared ontology pillars and topic authority categories
Research article edges in the creator's verticals
Mint timestamp and provenance record
Creator-declared geographic anchors (if provided)
PURPOSE: AI RETRIEVAL · SEARCH DISCOVERABILITY · GRAPH TRAVERSAL
ACCESS: OPEN WEB — ANY SYSTEM THAT READS HTTP
CONSENT GIVEN EXPLICITLY AT ENROLLMENT

§ P04 — CREATOR RIGHTS

Your Rights. Executed On Request.

These rights are not conditional on tier, subscription status, or account standing. They apply to every creator in the registry.

R·01
Access
Request a full export of all private data held in your D1 ledger — every field, every value, as structured JSON. Delivered within 30 days of request.
30 DAYS
R·02
Correction
Update or correct any field in your private ledger or public node at any time via the creator dashboard. Changes propagate to the open web node within 24 hours.
24 HOURS
R·03
Deletion
Request full node deletion. Private D1 ledger is wiped. Public JSON-LD profile is removed. Graph edges connected to your node are severed. The mint timestamp record on the open web — already indexed by external crawlers — cannot be retroactively erased from third-party caches. This is disclosed here, before enrollment, so the creator understands the permanent nature of the provenance timestamp. All other data is deleted within 30 days.
30 DAYS
R·04
Portability
Your node data is structured JSON-LD from day one. It is portable by design. Export and deploy it on any platform that reads W3C Verifiable Credentials or schema.org markup — no proprietary lock-in format.
ON DEMAND
R·05
Opt-Out of Automated Processing
LaunchPillow's knowledge graph construction is automated — research article edge assignment, related creator node connections, and ontology scoring are all computed processes. Creators may request manual review of any automated graph connection. Contact [email protected] to initiate.
MANUAL REVIEW
GDPR requires honoring data deletion requests within 30 days and naming all third-party data processors. California's CCPA mandates the same and is enforced by the California Privacy Protection Agency with penalty increases effective 2025. The Delete Request and Opt-Out Platform (DROP) launched January 1, 2026 — data broker deletion compliance required as of August 1, 2026. LaunchPillow is not a data broker. These timelines are the institutional floor. LaunchPillow operates on the same standard.

§ P05 — THIRD PARTIES & AI

Named. Scoped. No Exceptions.

Every third-party system that touches LaunchPillow creator data is named here. Unnamed parties do not have access.

Cloudflare D1
Relational database infrastructure for private creator ledger storage. Located on Cloudflare's edge network. No data is shared with Cloudflare beyond what is required for infrastructure operation. Cloudflare's privacy policy governs their handling of infrastructure data. Creator intake data does not leave the D1 ledger for any advertising or analytics purpose.
INFRASTRUCTURE ONLY
Stripe
Payment processing for subscription tiers. Billing data is transmitted directly to Stripe and is governed by Stripe's privacy policy. LaunchPillow does not store card numbers, billing addresses, or payment credentials. Stripe returns only a subscription status token to the LaunchPillow system.
BILLING ONLY
Open Web Crawlers
AI retrieval systems — Google, Bing, Perplexity, OpenAI, Anthropic, and others — read the creator's public JSON-LD node as they would any open web document. This access is intentional and constitutes the product. These systems operate under their own privacy policies. LaunchPillow does not control or receive data from their crawl sessions. The creator consents to public crawlability at enrollment.
PUBLIC BY DESIGN
No One Else
LaunchPillow does not use third-party analytics platforms (Google Analytics, Mixpanel, Segment, etc.) on creator profile pages. No advertising networks. No data brokers. No social media pixels. The public provenance surface is clean.
ZERO
On AI and Creator Data
LaunchPillow does not feed creator intake data into AI training pipelines. The public node — what the creator declares and consents to publishing — is open web content. AI systems reading it do so as they would any publicly accessible document. Any platform using AI processing must disclose: the use of AI, the type of processing and its purpose, and a clear way to opt out of automated processing. This section is that disclosure. LaunchPillow's automated processes — knowledge graph edge construction, research article matching, related creator node connections — operate on declared, consented data. Creators may request manual review of any automated result.

§ P06 — EFFECTIVE DATE

Governing Version

§
Effective Date
July 2026 — Version 1.0
This policy is reviewed annually at minimum. Material changes are communicated to all enrolled creators by email at least 30 days before taking effect. The version history of this document will be published at launchpillow.com/privacy/changelog. Continued use of LaunchPillow after the effective date of any update constitutes acceptance of the revised policy. Creators who do not accept a material change may request full node deletion before the effective date at no charge.
► Enroll Now View The Specification