Privacy Policy
This Privacy Policy explains how we collect, use, share, and protect personal data in connection with the influencers.club website, platform, and API (the “Services”). It is written to satisfy our transparency obligations under Articles 13 and 14 of Regulation (EU) 2016/679 (the “GDPR”) and other applicable privacy laws, including the California Consumer Privacy Act as amended (“CCPA”).
1. Who we are
The influencers.club website and the creator database made available through the Services are operated by:
Influencers Club DOO is the data controller for the personal data described in this Privacy Policy, including the creator database (see Section 4).
Customer subscriptions and commercial contracts for the Services are entered into with OneMore InfluencersClub OÜ, a company registered in Estonia (registry code 16123472, Tartu mnt 67/1-13b, Kesklinna linnaosa, 10115 Tallinn, Estonia), which is part of the same corporate group. OneMore InfluencersClub OÜ acts as the processor of Customer Data under our Data Processing Agreement and serves as Influencers Club DOO’s representative in the European Union for the purposes of Article 27 GDPR. You may address any GDPR inquiry to either entity; the contact point for all privacy matters is privacy@influencers.club.
This Policy covers three groups of people:
- Visitors — anyone browsing our website;
- Customers — businesses and their authorized users who register for and use the Services;
- Creators — social media content creators whose publicly available information is included in our database. If you are a creator, the most relevant document for you is our Creator Privacy Notice, which explains in plain language what information we hold, why, and how to have it removed. Section 4 below summarizes the same points.
2. Personal data we collect from Customers and Visitors
In line with the data minimization principle (Art. 5(1)(c) GDPR), we collect only what we need to provide and improve the Services.
| Data | How we get it | Legal basis (GDPR) | Purpose |
|---|---|---|---|
| Name, business email, company name, role | You provide it at sign-up or when contacting us | Performance of a contract (Art. 6(1)(b)) | Account creation, authentication, service delivery, support |
| Billing and payment details | You provide them at purchase (processed by our payment providers; we do not store full card numbers) | Performance of a contract (Art. 6(1)(b)); legal obligation (Art. 6(1)(c)) for invoicing and accounting records | Billing, invoicing, fraud prevention |
| Usage data (features used, queries run, credits consumed, API call metadata) | Generated automatically when you use the Services | Legitimate interests (Art. 6(1)(f)): operating, securing, and improving the Services | Product analytics, abuse prevention, support, capacity planning |
| IP address, browser and device information, log data | Collected automatically | Legitimate interests (Art. 6(1)(f)): security and service integrity | Security, troubleshooting, fraud and abuse prevention |
| Cookies and similar technologies | Set via your browser | Strictly necessary cookies: legitimate interests / contract. All other cookies: your consent (Art. 6(1)(a)) | See our Cookie Policy |
| Marketing preferences and communications | You provide them; or we contact existing customers about similar services | Consent (Art. 6(1)(a)); or legitimate interests in direct marketing to existing customers (Art. 6(1)(f), Recital 47) | Newsletters, product updates, marketing. You can opt out at any time via the unsubscribe link or by emailing privacy@influencers.club |
| Business contact details of prospective customers | Provided by you, or obtained from publicly available professional sources | Legitimate interests in business-to-business marketing (Art. 6(1)(f), Recital 47) | Outreach about our Services; you may object at any time |
If you do not provide the data we need to perform the contract (for example, an email address to create an account), we may be unable to provide the Services.
3. Where creator data comes from
We collect and analyze publicly available information from the public internet — public web pages, search engines such as Google, and other open sources — and we obtain data from third-party partners who offer publicly available data. Our collection is limited to publicly available sources; we do not collect data from behind a login or password wall.
We believe information that creators have chosen to make freely available on the public internet should be usable to help brands and creators find each other. Where we generate statistics (for example, audience composition), we do so by analyzing publicly available engagement — such as the history of public commenters and other engagers on a creator’s content — and applying statistical models to extrapolate what an audience looks like.
4. Personal data we process about Creators
4.1 What we hold
Our database contains creator profiles built from publicly available information, which may include:
- Public profile information: username/handle, display name, public profile picture, public bio, language, country/city, links the creator has published;
- Public content metadata: follower counts, engagement metrics, topics, posting activity;
- Contact information that the creator has made publicly available or that we obtain from third-party partners offering publicly available data;
- Statistically derived attributes generated by our models, such as estimated audience age groups, audience gender split, audience geography, topical interests, estimated engagement authenticity, and similar analytics. These are estimates, clearly identifiable as such, and are produced for statistical purposes.
We do not process special categories of personal data (Art. 9 GDPR) such as racial or ethnic origin, health data, or political opinions as part of the creator database, and we do not produce inferences of that kind. No decision producing legal or similarly significant effects on any creator is made by automated means (Art. 22 GDPR).
4.2 Legal basis
We process creator data on the basis of our legitimate interests (Art. 6(1)(f) GDPR) in operating a creator discovery and analytics service that helps businesses identify and contact creators for commercial collaboration — a purpose from which creators themselves typically benefit. We have carried out and documented a balancing assessment, concluding that this processing — limited to information already made public, used for business discovery purposes, with an unconditional right to object and be removed (Section 8) — does not override the interests or fundamental rights and freedoms of the creators concerned.
4.3 Information obligation (Article 14 GDPR)
Because creator data is obtained from public sources rather than from creators directly, Article 14 GDPR applies. Given the very large number of creators in the database, providing an individual notice to each creator would involve a disproportionate effort within the meaning of Article 14(5)(b) GDPR and Recital 62. In accordance with that provision, we make this information publicly available through this Privacy Policy and the dedicated Creator Privacy Notice, and we take appropriate measures to protect creators’ rights, freedoms, and legitimate interests — including an easy, free, and fast removal process (Section 8).
4.4 How creator data is used and shared
Creator data is made available to Customers through the platform and API so that they can discover, evaluate, and contact creators for legitimate business purposes (such as marketing collaborations, partnerships, and recruitment of creators). Customers are contractually prohibited from using creator data for purposes regulated under the U.S. Fair Credit Reporting Act (such as employment, credit, or insurance eligibility decisions) and must comply with applicable data protection and electronic marketing laws when contacting creators. When a Customer obtains creator personal data through the Services, the Customer becomes an independent controller of that data and is responsible for its own compliance, including any notice obligations to the creators it contacts.
5. Audience statistics
For each creator we may provide aggregated, statistical estimates about that creator’s audience (for example: percentage split by age group, gender, language, and country). These statistics are derived from analysis of publicly available engagement and are produced and presented only in aggregate form — they are not lists of audience members, and individual audience members are not identified or identifiable in the statistics delivered to Customers. Legal basis: legitimate interests (Art. 6(1)(f) GDPR) in providing statistical analytics, with safeguards consistent with Article 89(1) GDPR for statistical processing.
6. Who we share personal data with
We do not sell Customer personal data. We share personal data only with:
- Service providers (subprocessors) that host and support the Services — cloud infrastructure, database, email delivery, analytics, support tooling. The current list, including each provider’s location and function, is published at our Subprocessor List and is incorporated into our DPA.
- Payment providers (e.g., Stripe, PayPal), which act as independent controllers of the payment data they process.
- Customers, in the case of creator data, as described in Section 4.4.
- Professional advisers and authorities, where required to comply with a legal obligation, enforce our agreements, or protect our rights. We review every government or third-party disclosure request and only comply where there is a valid legal basis; we do not voluntarily disclose personal data in response to informal requests.
- A successor entity, in the event of a merger, acquisition, or sale of assets, subject to this Policy.
7. International transfers
We host the Services and the database primarily in the European Union. Where personal data is transferred to a provider in a country without an EU adequacy decision (for example, certain US-based analytics or support tools), we rely on the European Commission’s Standard Contractual Clauses (Implementing Decision (EU) 2021/914), together with supplementary technical and organizational measures where appropriate — including encryption in transit and at rest, access controls, and data minimization. For transfers subject to UK law, we use the UK International Data Transfer Addendum. Copies of relevant safeguards are available on request at privacy@influencers.club.
8. How long we keep personal data
| Category | Retention |
|---|---|
| Customer account data | For the life of the account; deleted within 30 days of verified deletion request or account closure (except data we must keep — see below) |
| Invoicing and accounting records | As required by applicable accounting and tax law (7 years under Estonian accounting law; 5 years under North Macedonian accounting law) |
| Usage logs and security logs | Up to 18 months |
| Marketing data | Until you opt out or object |
| Creator profile data | Kept while the creator’s source account remains public. Refreshed on a regular cadence. If a creator deletes their account on the source platform, the corresponding profile is removed from Customer-facing systems within 30 days of detection. Removal requests are processed without undue delay, at most within 30 days (Section 9.2) |
| Aggregated audience statistics | Stored with the related creator profile and deleted with it |
When data is no longer needed, it is deleted or irreversibly anonymized.
9. Your rights
9.1 All data subjects
Under the GDPR you have the right to: access your personal data (Art. 15); rectification (Art. 16); erasure (Art. 17); restriction of processing (Art. 18); data portability (Art. 20); object to processing based on legitimate interests, including direct marketing (Art. 21); not be subject to solely automated decisions with legal or similarly significant effects (Art. 22); and withdraw consent at any time where processing is based on consent (Art. 7(3)), without affecting prior processing.
To exercise any right, email privacy@influencers.club. We respond within one month (extendable by two further months for complex requests, in which case we will tell you). We may need to verify your identity before acting on a request. You also have the right to lodge a complaint with a supervisory authority — see edpb.europa.eu/about-edpb/about-edpb/members_en. California residents have the rights described in the CCPA, including the right to know, delete, correct, and opt out of “sale” or “sharing” of personal information, and the right not to be discriminated against for exercising those rights.
9.2 Creators — removal
If you are a creator and want your profile removed from our database, you do not need to give a reason. Email privacy@influencers.club from an address or account that lets us verify you control the profile, or use the removal form in the Creator Privacy Notice. We will remove your profile from Customer-facing systems without undue delay — at most within 30 days, and usually much faster — and instruct Customers who received your data through the Services to honor the removal. We keep a minimal suppression record (a hashed identifier) solely to keep your profile from being re-added.
10. Security
We apply technical and organizational measures appropriate to the risk (Art. 32 GDPR), including: role-based access control with multi-factor authentication and least-privilege access; encryption in transit (HTTPS/TLS 1.2+) and at rest; logical multi-tenant data separation; tamper-resistant audit logging; encrypted backups and disaster-recovery plans; regular vulnerability scanning and annual penetration testing; and employee confidentiality agreements and data protection training. A fuller description is in Annex 2 of our Data Processing Agreement. In the event of a personal data breach we will notify the competent supervisory authority and affected individuals where required by Articles 33–34 GDPR.
11. Cookies
We use cookies and similar technologies as described in our Cookie Policy. Non-essential cookies are set only with your consent, which you can withdraw at any time through the cookie settings on our site or your browser controls.
12. Children
The Services are business tools and are not directed at children. We do not knowingly collect personal data from anyone under 16, and we remove any profile we identify or are notified of as belonging to a minor. If you believe we hold data about a child, contact privacy@influencers.club and we will remove it.
13. AI and machine learning
We use machine-learning models to generate the statistical estimates described in Sections 4 and 5. Personal data processed through the Services is not used to train generalized AI or machine-learning models — neither our own foundation models nor any third party’s — and we contractually require our service providers not to use personal data we share with them for model training. Specifically, influencers.club does not use any data obtained through Google Workspace APIs (including the Google Sheets API or Drive API) to develop, improve, or train generalized or non-personalized AI/ML models, and does not transfer Google user data to third-party AI tools for any such purpose; Google Workspace data is accessed only at the user’s initiation, for the user’s current session, and is not stored or reused beyond it.
14. Changes to this Policy
We may update this Policy from time to time. Material changes will be announced on the website and, for Customers, by email at least 30 days before they take effect. The “Effective Date” at the top shows the current version.
15. Contact
Privacy questions and data subject requests: privacy@influencers.club
Legal/contractual questions: legal@influencers.club
Controller: Influencers Club DOO, Franklin Rusvelt 43A, Skopje, North Macedonia
EU representative (Art. 27 GDPR): OneMore InfluencersClub OÜ, Tartu mnt 67/1-13b, Kesklinna linnaosa, 10115 Tallinn, Estonia