Privacy Policy

1. Information we collect

• Account information: name, email address, phone number, social media handles, profile photo, and other details you provide during registration.
• Creator information: content samples, audience demographics, pricing preferences, payout details (bank account or payout method), identification documents where required for verification (Emirates ID, passport, or trade licence, retained only as long as required by law).
• Brand information: business name, trade-licence details where required, contact person, billing address, and payment details.
• Booking and transaction data: details of campaigns booked, briefs submitted, content delivered, amounts paid, and communications between users through the Platform.
• Technical data: IP address, device information, browser type, operating system, and usage logs collected automatically via cookies and similar technologies.
• Legal acceptances: records of your acceptance of our Terms, Creator Agreement, Campaign Booking Terms, and Privacy Policy, including timestamps, IP address, and user agent.

We do not collect sensitive personal data (religious belief, political opinion, health data, biometric data) except where strictly required for identity verification.

2. How we use your information

• Provide, maintain, and improve the Platform.
• Match creators with appropriate brand campaigns and vice versa.
• Coordinate bookings, payment processing, and payouts.
• Communicate with you about your account, bookings, or the Platform.
• Send marketing communications (only where you have consented).
• Comply with legal and regulatory obligations, including UAE tax and anti-money-laundering obligations, and respond to lawful requests from regulators or courts.
• Detect, prevent, and respond to fraud, abuse, or security issues.
• Enforce our Terms and other agreements.
• Improve the product, we look at aggregate usage patterns and session recordings (via our analytics provider) to understand which flows are working and where users get stuck.

We do not sell your personal data. We do not use your content to train machine-learning models outside the specific AI-brief feature you opt into order-by-order.

3. Legal basis for processing

Under the PDPL we process personal data on the following bases:

• Performance of a contract (to deliver services you've requested).
• Compliance with legal obligations.
• Consent (for marketing and optional features).
• Legitimate interests (such as fraud prevention, Platform security, service improvement).

4. Sharing of information

Your personal data is shared only with the following categories of processor, each under a written data-processing agreement:

• Stripe, Inc.: to process card payments and execute payouts on Inflink's instruction. Card numbers never touch our servers.
• Twilio Inc.: to send WhatsApp and SMS notifications (OTPs, order updates, payment alerts).
• Supabase Inc.: our database and file-storage provider. All data is encrypted at rest.
• PostHog Inc.: product analytics. We have disabled IP-address-based tracking where your consent is required.
• OpenAI, Inc. and Anthropic PBC, to generate AI briefs for brand orders, only from the public data on the brand website they provide us. No creator content is sent to these providers.
• Cloudflare, Inc.: CDN, object storage (R2), and DNS services.
• Resend, Inc.: transactional email delivery.
• With creators and brands to enable bookings (e.g., a brand will see a creator's profile and content; a creator will receive brand briefs).
• With authorities where required by UAE law or to protect rights and safety.
• In corporate transactions such as mergers, acquisitions, or restructurings.

All international transfers occur to jurisdictions that the UAE Data Office recognises as providing adequate protection, or under standard contractual clauses. We do not sell personal data.

5. Data retention

We retain personal data for as long as necessary to provide the Platform, meet legal obligations, resolve disputes, and enforce agreements.

Specific data categories are kept for shorter periods:

• OTP codes, deleted within 10 minutes of expiry.
• Abandoned carts, deleted 30 days after abandonment.
• Session recordings, deleted after 30 days.
• Delivered order content, retained for the lifetime of the account so the brand can re-access what they paid for.

When you delete your account (see Platform Terms of Use for the deletion flow):

• We permanently delete your profile, content, communications, payout details, and preferences.
• We retain certain records in anonymised form (with no personal identifiers) to comply with legal and regulatory obligations:
• • Legal acceptance records: retained indefinitely, to evidence consent during the period you used the Platform.
  • Booking and transaction records: retained for seven (7) years in line with UAE tax and commercial record-keeping requirements.
  • Dispute and moderation history: retained for three (3) years to defend against potential claims.

Anonymised records contain no personal data identifying you and cannot be used to re-identify you.

6. Data security

We implement technical and organisational measures designed to protect personal data against unauthorised access, loss, or misuse: TLS encryption in transit, encryption at rest in the database, JWT authentication, short-lived access tokens, server-side input validation, rate limiting, and access logging. No system is fully secure, but we review ours regularly.

7. Your rights

Subject to the PDPL and applicable law, you may:

• Access the personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Request deletion of your data (subject to legal retention requirements set out in Section 5).
• Withdraw consent where processing is based on consent.
• Object to or restrict certain processing.
• Request data portability in a machine-readable format.

To exercise any of these rights, contact us at privacy@inflink.ae from the address or phone number on your account. We respond within 30 days. You also have the right to complain to the UAE Data Office if you believe we have mishandled your personal data.

8. International transfers

Your data may be transferred to, stored, or processed outside the UAE. Where this occurs, we take steps to ensure appropriate safeguards are in place in line with UAE law, including the recognition of adequate-protection jurisdictions by the UAE Data Office or the use of standard contractual clauses.

9. Cookies and tracking

We use first-party cookies to keep you signed in and to remember preferences (e.g. theme, UI state). We use our analytics provider's cookies to measure how the product is used in aggregate. Essential cookies are set by default; analytics cookies are set only after you accept.

You can disable cookies in your browser settings. The site will still work but you'll be signed out more often.

10. Children's privacy

The Platform is only for people aged 18 or older. We do not knowingly collect data from minors. If we discover that an under-18 has created an account, we will close it and delete the data.

11. Changes to this policy

We may update this Policy from time to time. When changes are material, we notify you by email or WhatsApp at least 14 days before they take effect. The “Last updated” date at the top of this page tells you when the current version was published.

12. Contact us

Questions, data requests, or complaints: privacy@inflink.ae. Postal mail can be addressed to Following FZC, Business Centre, SPFCFZ, Sharjah, United Arab Emirates.