1. Information We Collect
We may collect the following information:
- Account Data: Name, email, business registration details (for brands), social media integrations (for influencers).
- Campaign & Transaction Data: Campaign briefs, contracts, payment details (via licensed payment providers).
- Usage Data: Logins, device information, and analytics data to improve our services.
2. How We Use Your Information
Data of influencers extracted from Meta API Graph Integration is used for metrics to present to brands while personal information on both sides (influencers and brands) is held for identification purposes of the account and will not be shared with other users.
3. Legal Basis for Processing
We process personal data only where we have a valid legal basis under applicable law, including:
- Contractual Necessity: When processing is essential to deliver our services, such as enabling campaign creation, matchmaking, and payments.
- Legitimate Interests: When processing supports our business operations in ways that do not override your rights, for example, ensuring platform security, preventing fraud, and improving user experience.
- Legal Obligations: When we must process data to comply with applicable laws, including tax, financial, or regulatory requirements.
- Consent: When you have given us explicit permission, such as for receiving marketing communications or enabling optional platform features.
4. Data Sharing & Transfers
We may share data with:
- Escrow and payment partners (licensed under UAE Central Bank rules).
- Analytics and IT providers under strict confidentiality agreements.
- Regulators where it is legally required.
Cross-border data transfers comply with PDPL data export provisions and equivalent safeguards.
5. Data Security & Retention
Data Security
- User data is stored in a PostgreSQL database with access controls.
- Passwords are hashed with bcrypt (12 salt rounds).
- Authentication uses JWT tokens sent in Authorization headers (Bearer tokens), not cookies.
- Tokens are stored securely: mobile uses MMKV, web dashboard uses local storage.
- All authentication actions are logged in an audit system.
Data Retention
- User data is retained until the user requests deletion.
- Users can request account deletion, which removes their data and related records via cascade deletion.
- Automated cleanup removes:
- • Expired email verification codes (after expiration or 30 days if verified)
- • Old audit logs (after 90 days)
6. Your Rights
Under the UAE Personal Data Protection Law (PDPL), you have the right to:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Ask us to correct or update inaccurate or incomplete information.
- Erasure: Request deletion of your data where it is no longer needed or if you withdraw consent.
- Restriction & Objection: Limit or object to certain types of data processing, including for marketing purposes.
- Data Portability: Request to receive your data in a structured, commonly used, and machine-readable format, where applicable.
- Withdraw Consent: Where we rely on consent for processing, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
To exercise your rights, please contact us at info@influencymatch.com. We will respond in accordance with PDPL timelines and requirements.
7. Cookies & Analytics
Cookie Usage
- Cookies are not used for authentication or session management.
- One cookie is used in the admin dashboard to store sidebar UI state (preference only, expires after 7 days).
- Authentication relies on JWT tokens in HTTP headers, not cookies.
8. Updates to This Policy
We may update this Privacy Policy from time to time. Changes will be communicated via the platform and become effective upon posting.
9. Contact Us
For questions or data requests, contact:
Email: info@influencymatch.com
Phone: +971 50 199 8527