Skip to main content
Are you a creator? · Download the Fluencify App
  • For ambassadors
  • For brands
  • Blog
  • Sign in
  • Book a Demo
  • For ambassadors
  • For brands
  • Blog
  • Sign in
  • Book a Demo

Fluencify legal

Privacy Policy

This Policy explains how Fluencify handles personal data about Platform users, creators, business contacts and people whose public creator profiles may be considered for campaign opportunities.

Version
PRIVACY-2026-07-10
Effective and last updated
10 July 2026

Controller: Fluencify AB, org. no. 559484-6254, Solparksvägen 3, 169 54 Solna, Sweden. For privacy requests, email contact@fluencify.io. If your request concerns a public social profile, include the platform and public handle so we can locate the right record without asking for unnecessary identification.

1. Who this Policy covers

This Policy covers personal data about:

  • creators, ambassadors and other registered Platform users;
  • brand, agency, customer and supplier representatives;
  • people who contact us, receive service communications or visit our Web Service;
  • public creators considered for relevant campaign opportunities; and
  • business contacts approached about Fluencify's services.

Fluencify is normally the controller for its marketplace, account, creator, contract, security, analytics and business-development activities. Where a business customer gives Fluencify documented instructions to process personal data solely on that customer's behalf, the customer is controller and Fluencify acts as processor under the applicable Data Processing Agreement.

2. Personal data and where it comes from

Personal-data categories and sources
ContextExamplesUsual source
Account and identityName, email, phone, organisation, role, account ID, authentication and age-eligibility informationYou, an authorised administrator, Clerk, Apple or Google sign-in
Campaign and contentApplications, briefs, submissions, messages, approvals, public posts, image, voice, usage rights and performance informationYou, customers, public platforms and campaign activity
Billing and payoutPlan, invoice, transaction and payout references, amount, currency, status and limited fraud/compliance informationYou, Stripe, Grade and our transaction records
Device, service and securityIP address, device/browser details, timestamps, logs, session and access events, support and error informationYour device, our systems and service providers
Optional analyticsPage paths, navigation, feature events, role and application-error context after consentYour use of the Web Service through PostHog after you allow analytics
Public creator discoveryPublic handle, profile name, bio, avatar, captions, public media/URLs, engagement metrics, content topics or style and a broad estimated age bandPublic social platforms, public websites and data-source providers
Business developmentWork name, role, employer, published work contact, source, correspondence and suppression statusYou, public business sources, referrals and business-data providers

We do not ask for special-category data for ordinary Platform use and do not intentionally create sensitive-trait, biometric, precise-location or personality labels from public creator content. Please do not provide such data unless we have expressly requested it for a lawful, documented reason.

3. Why we process data and our legal bases

Processing purposes and legal bases
PurposeLegal basis
Create accounts, authenticate users, provide Platform features, run campaigns, communicate and administer creator compensationPerformance of a contract or steps requested before a contract; legitimate interests for related business-user administration
Bill customers, maintain accounting/tax records, respond to authorities and establish or defend legal claimsLegal obligation and legitimate interests in legal-claims management
Protect users and systems, prevent fraud, enforce rules, troubleshoot and maintain availabilityLegitimate interests in a secure and reliable service; legal obligation where applicable
Identify public creators for relevant invitations and human-assisted campaign matchingLegitimate interests, subject to strict minimisation, transparency, human review, freshness, objection and suppression safeguards
Send proportionate, role-relevant B2B communications and maintain an opt-out listLegitimate interests, subject to marketing law and the unconditional right to object to direct marketing
Measure Web Service use and application errors through optional analyticsConsent; the SDK remains uninitialized until analytics is allowed
Send marketing that requires permission or access a device feature such as camera or notificationsConsent or the relevant device permission, where required

Where we rely on legitimate interests, we balance the stated business purpose against the person's reasonable expectations, data sensitivity and likely impact. You may request information about that assessment and object as described below.

4. Public creators and Article 14 information

Public availability does not remove privacy rights. We may use limited public profile and content information to identify creators whose publicly presented work may fit a campaign, invite them to join Fluencify and support human-assisted matching. We aim to provide this information at first contact and, where required and reasonably possible, within one month after collection or before an earlier disclosure.

AI may help describe non-sensitive content topics, produce a broad age band or rank a possible match. Its output is a suggestion, can be wrong and must not be the sole basis for a decision with legal or similarly significant effects. Suspected minors must not be targeted for outreach. Customers do not receive an unrestricted right to download or reuse the public-creator dataset.

The dedicated Public Creator Notice explains sources, profiling, likely effects and the quickest correction, objection and removal route.

5. Who receives personal data

We disclose personal data only where needed, including to:

  • authorised Fluencify personnel and contractors bound by confidentiality;
  • the relevant brand, agency or creator for a campaign or requested collaboration;
  • hosting, storage, authentication, communications, search, analytics, AI and support providers;
  • payment, payout and e-signature providers for their service and compliance purposes;
  • professional advisers, auditors, insurers, authorities or courts where justified; and
  • a buyer, investor or successor subject to appropriate confidentiality and diligence controls.

Our current customer-service provider list is available on the Subprocessors page. Some providers, such as payment services and social platforms, may act as independent controllers for parts of their processing under their own notices.

6. International transfers

Our providers and their authorised support teams may process data in the EEA and in other countries. Before making a restricted transfer, we use an applicable GDPR Chapter V mechanism, such as an adequacy decision or the European Commission's Standard Contractual Clauses, and assess supplementary protections where required. The exact route depends on the service, account and selected region. Contact us for information about the safeguard relevant to your data.

7. How long we keep data

Main retention periods
DataRetention rule
Account and ordinary Platform dataFor the account or service relationship, then deletion or anonymisation after applicable closure, backup and legal-retention periods
Campaign contracts, approved deliverables and transaction recordsFor the licence/contract term and statutory accounting, tax, dispute and legal-claims periods
Ordinary messagesUp to 730 days unless a shorter feature rule or legal need applies
Security and audit eventsNormally up to 365 days, longer only for an active investigation or legal claim
Raw AI or provider payloadsTarget maximum 30 days unless a recorded, lawful need requires a different period
Public creator source factsRefreshed at least every six months; inactive candidate profiles deleted after 12 months; prompt suppression and purge following an upheld objection
Business prospectsNormally 12 months after the last meaningful contact; a minimal suppression record may remain to prevent re-contact
Optional analyticsFor the configured PostHog project period and only while needed for the disclosed purpose; browser consent and identifiers can be withdrawn or cleared at any time

We may retain less data for longer where necessary to honour an objection, prevent fraud, meet legal duties or establish, exercise or defend a legal claim. Backups are isolated and expire on their managed cycle unless restoration is required.

8. Your rights

Subject to the GDPR's conditions and exceptions, you may request access, correction, deletion, restriction, portability and information about your data. You may object to processing based on legitimate interests. An objection to direct marketing is absolute: we will stop marketing to that person and keep only the minimum suppression information needed to avoid contacting them again.

Email contact@fluencify.io. We may ask for proportionate information to verify that we are acting for the right person. We normally respond within one month and will explain if the GDPR permits an extension or limits a request. You may also complain to the Swedish Authority for Privacy Protection, Integritetsskyddsmyndigheten (IMY), at imy.se, or to the competent authority where you live or work.

9. Security and children

We use role-based access, managed authentication, encryption in transit, provider storage protections, restricted secrets, logging and incident procedures proportionate to the risks. No online service can promise absolute security. Tell us promptly if you suspect unauthorised account use.

Registered creator accounts are limited to people aged 18 or older. Public content may nevertheless include a minor or a person whose age is unclear. We do not intentionally target suspected minors for creator outreach and use age-risk review, minimisation and deletion/suppression controls for that risk.

10. Cookies, similar technologies and changes

Necessary browser storage supports authentication, security and requested features. Optional PostHog analytics is disabled until you choose to allow it. Details and the withdrawal route are in our Cookie Policy.

We will update the version and date above when this Policy changes. If a change materially affects a purpose, legal basis or your choices, we will provide additional notice and seek renewed consent where required. Prior versions are retained in our internal policy archive.

Footer

© 2026 Copyright. All Rights Reserved.

Pages

  • Brands
  • Ambassadors
  • Blog
  • Sign In

Socials

  • Instagram
  • LinkedIn

Resources

  • Privacy
  • Terms

Contact

  • Support
  • Email
Fluencify