Privacy Policy

Effective Date: October 27, 2025
Last Updated: October 27, 2025

1. Introduction

Welcome to Flexilocus ("we," "our," "us"). Flexilocus operates an influencer marketplace platform that connects content creators with brands for collaboration opportunities. We are committed to protecting your privacy and ensuring the security of your personal information.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including our website and services (collectively, the "Service"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

2. Information We Collect

2.1 Information You Provide to Us

Account Registration Information:

Full name
Email address
Password (encrypted)
Username
User role (Creator or Brand)
Profile information
Company/organization details (for brand users)
Payment information (processed securely through our payment processor)

Profile and Content Information:

Profile pictures and avatars
Bio and description
Portfolio content
Campaign proposals and collaboration details
Messages and communications between users
Storefront information and pricing
Category preferences

Payment Information:

Billing information
Transaction history
Subscription details
Payment method information (securely processed through third-party payment processors)

2.2 Information Automatically Collected

Usage Data:

IP address
Browser type and version
Device information
Operating system
Pages visited and features used
Time and date of visits
Time spent on pages
Referring website addresses
Clickstream data

Cookies and Tracking Technologies:

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities
Session cookies for authentication
Preference cookies for user settings
Analytics cookies for service improvement

2.3 Information from Third-Party Services

Google Account Information

When you sign in using Google OAuth, we collect:

Your Google account email address
Your Google account name
Your Google profile picture
A unique Google user identifier

YouTube Data API Information

When you connect your YouTube channel to our platform, we access and store the following information through the YouTube Data API v3 and YouTube Analytics API v2:

Channel Information (via YouTube Data API v3):

YouTube channel ID
Channel name and title
Channel description
Channel profile picture/thumbnail
Subscriber count
Total video count
Total lifetime views
Individual video IDs
Video statistics (views, likes, comments per video)
Upload dates and video metadata

Analytics Information (via YouTube Analytics API v2):

Views over specified time periods (last 30 days)
Estimated minutes watched
Audience demographics (gender breakdown)
Audience age group distribution
Geographic distribution of viewers (top countries)
Viewer percentage metrics

Important Notes About YouTube Data:

We only access data from YouTube channels you explicitly connect to our platform
We use read-only access and never modify, delete, or upload content to your YouTube channel
You can disconnect your YouTube channel at any time from your account settings
We comply with YouTube's API Services Terms of Service
Your use of our Service with YouTube integration is also governed by the Google Privacy Policy

Instagram Data

When you connect your Instagram account:

Instagram username and handle
Profile information
Follower count
Content insights and analytics (with appropriate permissions)

2.4 Information from Other Users

Collaboration invitations and proposals
Reviews and ratings
Messages and communications
Campaign feedback

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Provision and Operation

Create and manage your account
Authenticate your identity and maintain security
Process transactions and manage subscriptions
Facilitate connections between creators and brands
Display your profile and channel information to potential collaborators
Enable messaging and communication features
Process and fulfill collaboration agreements

3.2 Platform Analytics and Insights

Calculate engagement rates and performance metrics
Generate creator analytics dashboards
Provide brands with creator discovery and filtering capabilities
Display audience demographics to facilitate informed collaboration decisions
Aggregate performance data for marketplace insights

3.3 Service Improvement

Analyze usage patterns to improve user experience
Develop new features and functionality
Conduct research and analytics
Test and troubleshoot technical issues
Monitor and prevent fraud and abuse

3.4 Communication

Send transactional emails (account verification, password reset, collaboration notifications)
Provide customer support
Send important service updates and announcements
Notify you about collaboration opportunities (with your consent)
Respond to your inquiries and requests

3.5 Marketing and Promotional Activities

Send promotional materials and newsletters (with your consent)
Conduct surveys and gather feedback
Personalize your experience on the platform
Show relevant content and recommendations

3.6 Legal Compliance and Safety

Comply with legal obligations and regulations
Enforce our Terms of Service and other policies
Protect against fraudulent, unauthorized, or illegal activity
Resolve disputes and enforce agreements
Protect the rights, property, and safety of Flexilocus, our users, and the public

4. YouTube API Services - Specific Terms

Flexilocus's use of information received from YouTube APIs will adhere to the YouTube API Services Terms of Service.

4.1 Purpose and Use

We access your YouTube data solely to display your channel statistics, audience demographics, and analytics within our platform
This information helps brands make informed decisions about collaboration opportunities
We never sell your YouTube data to third parties
We do not use your YouTube data for advertising purposes

4.2 Data Storage and Security

YouTube access tokens are encrypted and stored securely in our database
We implement industry-standard security measures to protect your YouTube data
We maintain your YouTube data only as long as necessary to provide our services
When you disconnect your YouTube channel, we delete associated access tokens

4.3 Your Rights and Controls

You can revoke Flexilocus's access to your YouTube data at any time by:
- Visiting your account settings and disconnecting your YouTube channel
- Visiting the Google security settings page and removing Flexilocus
After revocation, we will delete your YouTube access tokens within 30 days
You can request deletion of all your YouTube data by contacting us

4.4 Third-Party Access

We do not share your YouTube data with any third parties except:
- When required by law
- With your explicit consent
- With service providers who assist in platform operation (under strict confidentiality agreements)

5. How We Share Your Information

5.1 Public Information

The following information may be visible to other users on the platform:

Your profile information (name, username, bio, profile picture)
Connected social media channels and their public statistics
Portfolio and storefront content
Public collaboration proposals
Reviews and ratings (if applicable)

5.2 With Other Users

When you engage in collaborations, relevant information is shared with collaborating parties
Messages and communications with other platform users
Proposal details when submitting or receiving collaboration offers

5.3 Service Providers

We share information with trusted third-party service providers who assist in operating our platform:

Supabase: Authentication, database services, and cloud storage
Cloudflare R2: File and media storage
Payment processors: Secure payment processing (Dodo Payments)
Email service providers: Transactional and marketing emails (Resend)
Analytics providers: Usage analytics and service improvement

All service providers are contractually obligated to maintain confidentiality and security of your data and may only use it to perform services on our behalf.

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred to the successor entity, subject to this Privacy Policy.

5.5 Legal Requirements

We may disclose your information when required by law or in response to:

Valid legal process (subpoena, court order, warrant)
Legal requests from government authorities
Protection of our rights, property, or safety
Protection of users or the public from harm or illegal activities
Investigation of potential Terms of Service violations

5.6 With Your Consent

We may share your information for other purposes with your explicit consent.

6. Data Retention

6.1 Active Accounts

We retain your personal information for as long as your account is active or as needed to provide services.

6.2 Account Deletion

When you delete your account:

Most personal information is deleted within 30 days
Some information may be retained for legal compliance, fraud prevention, or dispute resolution
Aggregate, anonymized data may be retained for analytics

6.3 YouTube Data Retention

YouTube access tokens are retained only while your channel is connected
Upon disconnection or account deletion, YouTube tokens are deleted within 30 days
Cached YouTube analytics data may be retained for up to 90 days for platform analytics
You can request immediate deletion by contacting us

6.4 Legal Obligations

We may retain certain information longer when required by law or for legitimate business purposes (tax records, transaction history, legal disputes).

7. Data Security

7.1 Security Measures

We implement comprehensive security measures to protect your information:

Encryption of data in transit (TLS/SSL)
Encryption of sensitive data at rest
Secure authentication mechanisms
Regular security audits and assessments
Access controls and authentication requirements
Secure cloud infrastructure
Regular backups and disaster recovery procedures

7.2 Password Security

Passwords are hashed using industry-standard algorithms
We never store or have access to your plain-text password
We recommend using strong, unique passwords

7.3 Third-Party Token Security

OAuth tokens (Google, YouTube, Instagram) are encrypted in our database
Tokens are transmitted securely using industry-standard protocols
We implement token refresh mechanisms to minimize exposure

7.4 No Absolute Security

While we implement strong security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but continuously work to enhance our security practices.

8. Your Privacy Rights and Choices

8.1 Access and Correction

You have the right to:

Access your personal information
Update and correct inaccurate information
Download your data through account settings

8.2 Deletion Rights

You can request deletion of your account and personal information through:

Account settings (self-service deletion)
Contacting our support team

Note: Some information may be retained as permitted by law.

8.3 Third-Party Integrations

You can manage connected services:

YouTube: Disconnect from account settings or Google security settings
Instagram: Disconnect from account settings or Instagram app permissions
Google Sign-In: Revoke access through Google account settings

8.4 Marketing Communications

You can opt out of marketing communications:

Unsubscribe links in emails
Email preferences in account settings
Contacting us directly

Note: You cannot opt out of essential service communications (security alerts, transaction confirmations).

8.5 Cookies and Tracking

You can control cookies through:

Browser settings to refuse cookies
Browser extensions that block tracking
Opting out of analytics cookies in site preferences

Note: Disabling cookies may limit functionality.

8.6 Do Not Track

We currently do not respond to "Do Not Track" browser signals, as there is no industry-wide standard.

9. International Data Transfers

Flexilocus operates globally. Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer data internationally, we implement appropriate safeguards:

Standard contractual clauses
Adequacy decisions
Data processing agreements with service providers
Compliance with applicable regulations (GDPR, CCPA, etc.)

10. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided personal information to us, please contact us immediately. We will take steps to delete such information from our systems.

11. Regional Privacy Rights

11.1 European Economic Area (EEA) - GDPR Rights

If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR):

Right to Access: Request copies of your personal data
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your data ("right to be forgotten")
Right to Restrict Processing: Request limitation of data processing
Right to Data Portability: Receive your data in a machine-readable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent for processing at any time
Right to Lodge a Complaint: File complaints with your local data protection authority

Legal Basis for Processing:

Performance of contract
Legitimate interests
Consent
Legal obligations

11.2 California Residents - CCPA/CPRA Rights

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: Request disclosure of collected personal information
Right to Delete: Request deletion of personal information
Right to Opt-Out: Opt out of sale/sharing of personal information
Right to Correct: Request correction of inaccurate information
Right to Limit Use: Limit use of sensitive personal information
Right to Non-Discrimination: Exercise rights without discrimination

Categories of Personal Information Collected:

Identifiers (name, email, username)
Commercial information (transaction history)
Internet activity (usage data)
Professional information (brand/creator details)
Inferences (preferences, engagement patterns)

Sale of Personal Information: We do not sell personal information for monetary consideration. We may share data for business purposes as described in this policy.

Verification Process: To exercise your rights, we will verify your identity by requesting:

Email verification
Account credentials
Additional information if necessary

11.3 Other Jurisdictions

We comply with applicable data protection laws in all jurisdictions where we operate. Contact us to exercise your privacy rights.

12. Third-Party Links and Services

Our Service may contain links to third-party websites, services, or applications not operated by us:

YouTube, Google, Instagram, and other social platforms
Payment processors
Analytics services

We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies.

13. Cookies and Similar Technologies

13.1 Types of Cookies We Use

Essential Cookies:

Authentication and session management
Security features
Load balancing

Functional Cookies:

User preferences and settings
Language preferences
Remember me functionality

Analytics Cookies:

Usage statistics
Performance monitoring
Feature optimization

Marketing Cookies (with consent):

Personalized content
Campaign tracking
Conversion measurement

13.2 Managing Cookies

You can control cookies through:

Browser settings
Cookie preference center (if available)
Third-party opt-out tools

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

Changes in our practices
Legal or regulatory changes
New features or services

Notification of Changes:

Material changes will be notified via email or prominent notice on our platform
Continued use after changes constitutes acceptance
We will update the "Last Updated" date at the top of this policy

We encourage you to review this Privacy Policy periodically.

15. Data Protection Officer

For data protection inquiries, you may contact our Data Protection Officer at:

Email: hi@flexilocus.com
Subject Line: "Data Protection Inquiry"

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Flexilocus
Email: hi@flexilocus.com
Privacy Email: hi@flexilocus.com

For YouTube Data Privacy Inquiries:
Email: hi@flexilocus.com
Subject Line: "YouTube Data Privacy Request"

Response Time:
We aim to respond to all privacy inquiries within 30 days. For urgent matters, please indicate this in your subject line.

17. Acceptance of This Policy

By using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Service.

Google API Disclosure:
Flexilocus's use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

YouTube API Disclosure:
Information collected through YouTube API Services is used solely to provide and improve our influencer marketplace services, display analytics to creators, and facilitate brand-creator collaborations. We do not use YouTube data for serving advertisements or any purposes outside of providing our core service functionality.

This Privacy Policy is effective as of the date stated above and governs our collection, use, and disclosure of your information.