Disclaimers & Legal References

Version v1-2026-05-27 · Last updated 2026-05-27.

Chokala surfaces short-form disclaimers inline at point-of-action (when you submit feedback, when you make a tip or fundraiser donation, when you accept the Terms of Service, etc). This page consolidates the long-form text of every such disclaimer in one place — for revision review, historical reference, and easy access without hunting through point-of-action modals.

Quick links:

Feedback & Bug-Report Submission
Privacy & Data Collection
Payments, Tips & Fundraisers
Age Affirmation
Screenshots & Attached Media
Data Subject Access Rights (DSAR)
Revision History

1. Feedback & Bug-Report Submission

Long form of the short-form disclaimer surfaced inline on every feedback-bubble form (see lib/legal/feedback-disclaimer.js, version 2026-05-26-v1).

1.1 What we collect when you send feedback

When you send a feedback report or bug submission through Chokala, we collect the following data fields:

Your typed description — the free-text body you write in the feedback form. May include screenshots' contextual description, reproduction steps, or any other content you choose to include.
The page URL where you opened the feedback bubble. This includes any query-string parameters present in the URL at the moment of capture. Operator-facing surfaces may include tenant slugs, admin route paths, or feature-flag query strings.
Your role at the moment of submission (e.g. superadmin, admin, manager, creator-user, visitor).
Your viewport dimensions (CSS pixel width × height) so we can reproduce layout bugs at your screen size.
Your browser identification (user-agent string), which identifies browser engine, browser version, and operating system family. Used to reproduce browser-engine-specific bugs.
The app version — the Heroku release identifier (e.g. v1062) of the Chokala build serving the page at the moment of capture. Used to correlate bug reports with specific releases.
Your recent navigation breadcrumb — the last few URLs you visited on chokala.gg within the current session. Used to reproduce flow-specific bugs that depend on prior page state. Bounded to the last 10 navigation events.
Your recent browser-console log lines — the last few console.log / console.warn / console.error entries the page emitted before you opened the feedback bubble. May include JavaScript error stack-traces. Bounded to the last 50 log lines.
If you choose to share one: the screenshot you select via your browser's screen-share prompt. You control which screen, window, or browser tab to share — Chokala never captures your screen without your explicit per-submission consent via the browser's native screen-share permission flow.

1.2 Why we collect it

We use this data only to diagnose and fix issues you report. We do not sell this data to third parties. We do not use it for advertising. We do not use it to profile your behavior outside the reported issue. The screenshots and console logs are accessed only by Chokala's engineering team during issue triage.

1.3 How long we keep it

Feedback-report data (including any attached screenshot) is retained for up to 90 days after submission, then deleted. You can request earlier deletion via a verified DSAR request (see §6 below). Per-tenant retention windows may be shorter if your operator has configured a tighter retention policy. [OPERATOR-VERIFY: per-tenant override schema not yet shipped; default 90d applies to every tenant at time of writing.]

1.4 Screenshot-authority confirmation

When you submit a screenshot via the feedback bubble, you confirm that you have authority to share any content visible in the screenshot — including any names, emails, payment records, or other personal data of third parties (your fans, subscribers, paying users, sister operators, etc) that may appear in the capture. Chokala processes the screenshot on your behalf under the legal assumption that you have obtained necessary consent from any identifiable third parties whose data appears in the capture.

2. Privacy & Data Collection

Long form of the privacy disclaimer surfaced on signup, marketing-modal forms, and the canonical Privacy Policy page (version v1-2026-05-13).

2.1 Account signup

When you create a Chokala Creator account, we collect: the email address you provide, plus the IP address and user-agent of the signup request. The email is the canonical identifier for your account; the IP + user-agent are kept for abuse-prevention (rate-limit signups, detect compromised credentials) and are deleted on a verified DSAR request.

2.2 Session cookies

We set a session cookie (an opaque random token; NOT your email or any personal identifier) to keep you signed in. The cookie is scoped to the canonical host (chokala.gg) and is set with HttpOnly + Secure + SameSite=Lax attributes. The cookie expires after a bounded session window and is invalidated on sign-out OR when you exercise the "sign me out of all devices" option in your account settings.

2.3 Payment metadata (when applicable)

When a payment passes through Chokala, we record the payment processor's transaction identifier, the payment amount, the currency, and the Creator/Visitor identities involved in the transaction. The payment processor (currently PayPal; additional processors may be added) handles the payment-method details (card number, bank account, etc) — Chokala does NOT store payment-method details on its own infrastructure. [OPERATOR-VERIFY: PayPal is the primary processor as of writing; Stripe sandbox integration is feature-gated.]

2.4 Optional analytics

We collect aggregate, non-identifying usage signals (page-load timing, error rates, feature-usage counts) used to operate and improve the Platform. We do not run cross-site advertising trackers. We do not share usage signals with third-party data brokers. [OPERATOR-VERIFY: analytics substrate is operator- configurable per tenant; some tenants may disable analytics collection entirely.]

2.5 Server logs

We collect server-side request logs containing URL, status code, request timing, and IP address. Retained for a limited window for debugging and abuse-prevention. [OPERATOR-VERIFY: retention window is approximately 30 days per Heroku default; longer-term storage is operator-configurable.]

See the full Privacy Policy for the authoritative version of these terms.

3. Payments, Tips & Fundraisers

Long form of the payment-related disclaimers surfaced inline on tip forms, fundraiser pages, and the per-creator monetization surfaces (see lib/legal/disclosures.js for the canonical short-form fragments).

3.1 Tip tax disclosure

Tips processed through Chokala are personal gifts to the recipient Creator, not taxable purchases of goods or services. Chokala does NOT issue 1099-K or 1099-MISC forms to Creators for tip income — Creators are responsible for reporting tip income to their own tax authorities per the laws of their jurisdiction. Chokala provides annual aggregate summaries to Creators as a courtesy but does not provide tax advice.

3.2 Creator 1099-K notice (US-only)

For US-based Creators only: under IRS rules effective for the 2026 tax year, third-party payment processors (including PayPal, Stripe, and Chokala when acting as a processor) may be required to issue Form 1099-K to Creators whose aggregate annual payment volume exceeds a threshold set by the IRS. Whether you receive a 1099-K depends on your processor's classification of your account (personal vs business) and your annual volume. Chokala does not act as a payment processor for direct Creator → Visitor payments — the upstream processor (PayPal, Stripe) is responsible for any 1099-K issuance. [OPERATOR-VERIFY: IRS threshold for 2026 is $5,000 per the most recent guidance at time of writing; check current IRS guidance.]

3.3 Fundraisers & constrained donations

Chokala hosts two payment categories beyond tips:

Fundraisers: a goal-based campaign with a public target amount (e.g. "raise $5,000 for hardware"). Payments to a fundraiser are NOT tax-deductible unless the Creator has separately registered as a 501(c)(3) charitable organization and represented that status on the fundraiser page. Chokala does NOT verify or vouch for any Creator's charitable-organization status — payments to fundraisers are at your own risk and discretion.
Constrained donations: a payment with a specific stated purpose (e.g. "studio rent for August"). Same tax-treatment as fundraisers above. Chokala does NOT enforce that the Creator actually uses the donation for the stated purpose — that's between you and the Creator.

3.4 Refund policy (fundraisers + constrained donations)

Fundraiser and constrained-donation payments are non-refundable once the payment processor confirms the transaction. Creators may issue voluntary refunds at their discretion via Chokala's admin tools. Disputes about refunds belong between you and the Creator; Chokala's role is limited to processing the payment and providing the Creator with the refund tooling. PayPal Goods & Services protections may apply for transactions routed through PayPal — see PayPal's own buyer-protection terms for the authoritative scope.

4. Age Affirmation

Long form of the age-affirmation disclaimer surfaced at signup, on fan-account creation, and on monetization- surface forms (see AGE_AFFIRMATION_LABEL in lib/legal/disclosures.js).

When you create an account or submit a payment on Chokala, you confirm that you are at least 18 years old (or the age of majority in your jurisdiction, whichever is higher). Chokala does NOT knowingly collect personal data from minors. If we learn that we have collected personal data from a minor, we will delete it as soon as practicable. If you believe a minor's personal data is in our possession, contact privacy@chokala.gg.

5. Screenshots & Attached Media

Long form of the screenshot-authority clause that appears in both the feedback-bubble disclaimer (§1.4 above) and any other surface where you can attach media to a submission.

When you attach a screenshot, image, video, audio, or any other media file to a submission through Chokala, you represent and warrant that:

You have the right to share the media. Either you created the media yourself, OR you obtained explicit permission from the rightful owner to share it with Chokala for the stated purpose.
The media does not infringe third-party rights. No copyright, trademark, trade-secret, publicity-right, or privacy-right of any third party is violated by your sharing the media with Chokala.
Any identifiable persons in the media have consented to its capture and sharing. If the media shows identifiable third parties (faces, voices, names, distinctive personal data), you have obtained their consent — or the context (e.g. operator self-screenshotting their own dashboard) makes consent implicit.
The media is not unlawful. No CSAM, no non-consensual intimate imagery, no content depicting illegal activity. CSAM reports go to abuse@chokala.gg with subject "CSAM REPORT" — do NOT include the material itself, URLs only.

Chokala retains attached media for the same window as the surrounding submission (typically 90 days for feedback; indefinitely for tip/fundraiser receipts unless DSAR-deleted) and applies the same DSAR rights described in §6.

6. Data Subject Access Rights (DSAR)

Long form of the DSAR cross-reference that appears in multiple short-form disclaimers ("removed earlier on a verified DSAR request").

6.1 Your rights

Depending on your jurisdiction (GDPR for EU/UK residents, CCPA for California residents, similar laws elsewhere), you may have the following rights regarding personal data Chokala holds about you:

Access: request a copy of the personal data we hold about you.
Rectification: request that we correct inaccurate or incomplete personal data.
Erasure ("right to be forgotten"): request that we delete your personal data, subject to legitimate operational + legal retention requirements.
Portability: request a machine-readable copy of the personal data you have provided to us.
Objection: object to specific processing activities (e.g. analytics).

6.2 How to exercise DSAR rights

Submit a DSAR request via email to privacy@chokala.gg. Include:

Your email address associated with the Chokala account.
A description of which right you want to exercise (access, erasure, etc).
Sufficient information for us to verify your identity (we will respond with verification instructions).

We respond to verified DSAR requests within 30 days (or sooner where required by applicable law). [OPERATOR-VERIFY: GDPR statutory timeline is 30 days extendable to 90 days for complex requests; CCPA statutory timeline is 45 days extendable to 90 days.]

6.3 DSAR cascade

When you exercise the right to erasure, Chokala cascades the deletion across the substrate tables that hold your personal data — your account record, your session history, any feedback reports you submitted, any payment metadata, any uploaded media. Cascade scope and timing are documented in Chokala's engineering runbook (operator-facing; not published).

7. Revision History

Append-only log of substantive changes to this consolidated disclaimers reference page (NOT a per-disclaimer revision log — sister disclaimer files maintain their own version constants and per-file commit history is the attorney-grade source-of-truth).

Date	Summary	Commit	Reviewer
2026-05-27	Initial consolidated disclaimers reference page shipped. Aggregates feedback-disclaimer (2026-05-26-v1), platform-privacy (v1-2026-05-13), platform-terms (v1-2026-05-13), platform-aup (v1-2026-05-13), platform-dmca (v1-2026-05-13). Sprint D-6-DISCLAIMERS-REFERENCE-PAGE.	`(this commit)`	operator + engineer (attorney sign-off recommended pre-broad-launch)

For per-disclaimer revision history, consult the source-of-truth modules:

lib/legal/feedback-disclaimer.js — DISCLAIMER_VERSION constant + git log
lib/legal/platform-privacy.js — PLATFORM_PRIVACY_VERSION constant + git log
lib/legal/platform-terms.js — PLATFORM_TERMS_VERSION constant + git log
lib/legal/platform-aup.js — PLATFORM_AUP_VERSION constant + git log
lib/legal/platform-dmca.js — PLATFORM_DMCA_VERSION constant + git log
lib/legal/disclosures.js — per-feature short-form fragments (no version constant; git log is the authoritative trail)

See also: Terms of Service, Privacy Policy, Acceptable Use Policy, DMCA Notice & Takedown, Accessibility Statement. Questions about this page or the disclaimers it consolidates? Email legal@chokala.gg.

Version v1-2026-05-27 — MVP. Full attorney review of the consolidated long-form text recommended before chokala.gg goes broadly public. This page is the engineering substrate; the canonical legal-pass tracker is in Chokala's internal runbooks.