Privacy Policy

Collabify Tech Ltd · Effective Date: 17 March 2026

1. Introduction

Collabify Tech Ltd (company number 16591515), trading as “Collabify”, is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use the Collabify platform (“Platform”).

We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If you have any questions about this Privacy Policy or our data practices, please contact us using the details in Section 14.

The Platform integrates with third-party social media platforms, including Meta (Instagram and Facebook), TikTok, and YouTube (Google), via their respective application programming interfaces (APIs) to retrieve creator data and performance metrics. This Privacy Policy describes how data obtained through these integrations is collected, used, stored, and shared.

By using our Platform, you acknowledge that you have read and understood this Privacy Policy. Where we rely on consent as a legal basis for processing, we will seek your explicit consent at the relevant time.

2. Personal Data We Collect

2.1 Information You Provide to Us

• Account Information: name, email address, phone number, business name, job title, date of birth, and profile photograph.

• Profile Data: social media handles, audience demographics, content niche, portfolio links, brand descriptions, and campaign preferences.

• Payment and Billing Information: bank account details, payment card information (processed by our third-party payment processor), billing address, VAT registration number, and transaction history.

• Communications: messages exchanged through the Platform, emails, support tickets, and feedback you provide to us.

• User-Generated Content: reviews, ratings, campaign content, briefs, proposals, and any other material you upload or create on the Platform.

• Verification Data: identity documents or business registration information provided for account verification purposes.

2.2 Information We Collect Automatically

• Device and Technical Data: IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.

• Usage Data: pages visited, features used, search queries, click patterns, session duration, referral URLs, and interaction timestamps.

• Cookies and Similar Technologies: we use cookies, web beacons, and similar tracking technologies as described in Section 9.

• Location Data: approximate location derived from your IP address or, where you have consented, more precise location data from your device.

2.3 Information from Third-Party Platforms via API Integrations

When you connect your social media account(s) to the Platform, we collect data from Meta (Instagram and Facebook), TikTok, and YouTube (Google) via their respective APIs. The specific data collected may include:

• Profile Information: username, display name, profile picture, bio or description, account type (e.g., personal, business, creator), and account verification status.

• Audience Demographics: aggregated data about your followers, including approximate age ranges, gender distribution, geographic locations, and language preferences (where made available by the Third-Party Platform).

• Content and Media Data: publicly available posts, videos, reels, stories, and associated metadata such as captions, hashtags, timestamps, and content type.

• Engagement and Performance Metrics: follower and subscriber counts, likes, comments, shares, saves, views, impressions, reach, watch time, click-through rates, and other engagement data for individual posts and overall account performance.

• Campaign-Specific Metrics: performance data related to specific sponsored posts or Campaigns run through the Platform, including reach, impressions, engagement, and conversion data where available.

• Historical Performance Data: historical trends in follower growth, engagement rates, and content performance over time, as permitted by the relevant Third-Party Platform’s API.

Important: The exact scope of data collected from each Third-Party Platform depends on the permissions you grant during the OAuth authorisation process and the data made available by each platform’s API. You will be informed of the specific permissions requested before you authorise the connection. We only request the minimum permissions necessary to provide our Services.

2.4 Information from Other Third Parties

• Payment Providers: transaction confirmations and payment status updates.

• Business Partners and Publicly Available Sources: information from company registries, marketing databases, or publicly available professional profiles.

3. Legal Bases for Processing

We process your personal data on the following legal bases under the UK GDPR:

• Contract Performance (Article 6(1)(b)): Processing necessary to provide the Platform’s services, manage your account, facilitate Campaigns, process payments, and retrieve and display Third-Party Platform Data you have authorised.

• Legitimate Interests (Article 6(1)(f)): Processing for fraud prevention, platform security, service improvement, analytics (including analysis of aggregated Third-Party Platform Data), and direct marketing (where applicable). We carry out a balancing test to ensure our interests do not override your rights.

• Consent (Article 6(1)(a)): Processing based on your explicit consent, including the authorisation of Third-Party Platform API connections, marketing communications, non-essential cookies, and precise location tracking. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

• Legal Obligation (Article 6(1)(c)): Processing necessary to comply with legal or regulatory obligations, including tax reporting, anti-money laundering requirements, and responding to lawful requests from authorities.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

• Providing and managing the Platform, including account creation, user verification, and campaign facilitation.

• Matching Brands with suitable Influencers based on profile data, audience demographics, engagement metrics, and campaign criteria derived from Third-Party Platform Data.

• Displaying creator profiles and performance metrics sourced from Third-Party Platform APIs to enable informed collaboration decisions by Brands.

• Providing analytics dashboards, campaign tracking, and performance reporting using data from Third-Party Platform APIs.

• Processing payments, generating invoices, and managing billing.

• Communicating with you about your account, campaigns, platform updates, and customer support enquiries.

• Sending marketing and promotional communications where you have consented or where we have a legitimate interest to do so (with an opt-out available).

• Analysing usage patterns and Third-Party Platform Data to improve our services, develop new features, and enhance user experience.

• Detecting, preventing, and addressing fraud, security breaches, and other harmful or unlawful activity.

• Complying with legal obligations and enforcing our Terms and Conditions.

• Generating aggregated and anonymised analytics and insights (which do not identify individual users) for internal research, benchmarking, and reporting purposes.

5. How We Share Your Personal Data

We do not sell your personal data. We may share your data in the following circumstances:

• Between Users: Profile information, Third-Party Platform Data (such as performance metrics and audience demographics), and communications are shared between Brands and Influencers as necessary to facilitate Campaigns. The scope of shared information depends on your role and the nature of the collaboration.

• Service Providers: We engage trusted third-party processors who assist with payment processing, cloud hosting and infrastructure, analytics, email delivery, customer support, and fraud detection. These providers are contractually bound to process your data only on our instructions and in compliance with applicable data protection law. We do not permit service providers to use Third-Party Platform Data for their own purposes.

• Professional Advisors: We may share data with our legal, accounting, and insurance advisors where necessary for the conduct of our business.

• Legal and Regulatory Requirements: We may disclose your data where required by law, regulation, legal process, or enforceable governmental request, or to protect the rights, safety, and property of Collabify, our Users, or the public.

• Business Transfers: In the event of a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such transfer and any changes to how your data is processed.

We do not share, sell, rent, or lease Third-Party Platform Data to any third party for purposes unrelated to the operation of the Platform.

6. International Data Transfers

Your personal data may be transferred to, stored, or processed in countries outside the United Kingdom. Where such transfers occur, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements, including:

• Transfers to countries recognised by the UK Secretary of State as providing an adequate level of data protection.

• Use of Standard Contractual Clauses (SCCs) approved for UK transfers, supplemented by additional measures where necessary.

• Other legally recognised transfer mechanisms, such as binding corporate rules.

This includes transfers of Third-Party Platform Data to servers and service providers located outside the UK. You may request further information about the safeguards we use by contacting us.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, regulatory, accounting, or reporting requirements. In determining the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the purposes for which it is processed, and applicable legal requirements.

• Account Data: Retained for the duration of your account and for up to 3 years after account closure, unless a longer retention period is required by law.

• Transaction and Financial Data: Retained for a minimum of 7 years to comply with tax and accounting obligations.

• Third-Party Platform Data: Retained only for as long as necessary to provide the Services and in compliance with the applicable Third-Party Platform’s data retention requirements. Upon disconnection of a Third-Party Platform account or revocation of API access, associated data will be deleted or anonymised within 30 days, unless a longer retention period is required by law. Upon notification by a Third-Party Platform that data must be deleted, we will comply within the timeframe required by that platform’s policies.

• Marketing Data: Retained until you withdraw consent or opt out, and for a brief additional period to process the request.

• Technical and Usage Data: Generally retained for up to 2 years for analytics and security purposes.

When data is no longer required, it will be securely deleted or anonymised.

8. Third-Party Platform API-Specific Disclosures

This section provides additional disclosures specific to each Third-Party Platform API integration, as required by their respective developer policies.

8.1 Meta (Instagram and Facebook)

Our use of Instagram and Facebook data is governed by the Meta Platform Terms and Developer Policies. We access data via the Instagram Graph API and/or Facebook Graph API. Data collected is used only for the purposes described in this Privacy Policy. Users can revoke access by removing Collabify from their Instagram or Facebook connected apps settings. Upon revocation, we will delete associated Meta-sourced data in accordance with Section 7.

8.2 TikTok

Our use of TikTok data is governed by the TikTok for Developers Terms of Service and the TikTok API Services Terms of Use. We access data via the TikTok API with your explicit authorisation. The data we collect from TikTok is used solely for the purposes described in this Privacy Policy, specifically to display creator metrics, facilitate brand-influencer matchmaking, and provide campaign analytics. We do not use TikTok data for surveillance, discriminatory profiling, or any purpose that would violate TikTok’s policies. Users can revoke access by disconnecting TikTok from their Collabify profile or by removing Collabify from their TikTok authorised applications. Upon revocation, we will delete associated TikTok-sourced data in accordance with Section 7.

8.3 YouTube (Google)

Our use of YouTube data is governed by the YouTube API Services Terms of Service (https://developers.google.com/youtube/terms/api-services-terms-of-service) and the Google Privacy Policy (https://policies.google.com/privacy). We access data via the YouTube Data API. In addition to our normal data deletion procedures described in this Privacy Policy, users who have connected their YouTube account may also manage and revoke our access to their Google account data via the Google security settings page at https://security.google.com/settings/security/permissions. Upon revocation, we will delete associated YouTube-sourced data in accordance with Section 7.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyse usage, and deliver relevant content. The types of cookies we use include:

• Strictly Necessary Cookies: Essential for the Platform to function (e.g., authentication, security). These cannot be disabled.

• Performance and Analytics Cookies: Help us understand how Users interact with the Platform (e.g., pages visited, error reports). We may use tools such as Google Analytics for this purpose.

• Functionality Cookies: Remember your preferences and settings (e.g., language, region).

• Marketing and Targeting Cookies: Used to deliver relevant advertisements and measure the effectiveness of campaigns. These are only placed with your consent.

You can manage your cookie preferences through our cookie consent banner or your browser settings. Please note that disabling certain cookies may affect the functionality of the Platform.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/SSL) and at rest.

• Role-based access controls and the principle of least privilege for access to personal data and Third-Party Platform Data.

• Regular security assessments, penetration testing, and vulnerability scanning.

• Logging and monitoring of access to API data and personal data.

• Staff training on data protection and information security.

• Secure storage of API credentials and tokens using industry-standard encryption.

While we take all reasonable steps to protect your data, no method of electronic transmission or storage is entirely secure, and we cannot guarantee absolute security. In the event of a data breach affecting your personal data, we will notify you and the relevant authorities in accordance with applicable law.

11. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

• Right of Access: You have the right to request a copy of the personal data we hold about you, including any Third-Party Platform Data associated with your account.

• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.

• Right to Erasure: You have the right to request the deletion of your personal data in certain circumstances (e.g., when it is no longer necessary for the purpose for which it was collected). This includes the right to request deletion of Third-Party Platform Data associated with your account.

• Right to Restrict Processing: You have the right to request that we restrict the processing of your data in certain circumstances.

• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

• Right to Object: You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.

• Rights Related to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects.

• Right to Withdraw Consent: Where processing is based on consent (including consent to Third-Party Platform API connections), you may withdraw consent at any time by disconnecting the relevant Third-Party Platform account, adjusting your Platform settings, or contacting us.

To exercise any of these rights, please contact us using the details in Section 14. We will respond to your request within one month. In certain cases, we may need to verify your identity before processing your request. If your request is complex or we receive a high volume of requests, we may extend this period by up to two further months, and we will inform you of any such extension.

12. Children’s Privacy

The Platform is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information promptly. If you believe a child has provided us with their data, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, Third-Party Platform API terms, or industry standards. We will notify you of material changes by posting the revised policy on the Platform and, where appropriate, by email. The “Effective Date” at the top of this policy indicates when it was last updated. We encourage you to review this policy periodically.

14. Contact Information and Complaints

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Collabify Tech Ltd

Contact: Sarvesh Rajdev

Email: sarvesh.rajdev@collabify.tech

Company Number: 16591515

Registered in England and Wales

If you are not satisfied with our response to a data protection concern, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office

Website: www.ico.org.uk

Telephone: 0303 123 1113