Privacy Policy

Influo AI ("we", "us", "our") operates the Influo AI platform at influoai.co. We're an early-stage company building tools that help brands run affiliate and influencer campaigns, and help creators earn from the content they already make.

• Company: Influo AI
• Contact: hello@influoai.co
• Location: Tbilisi, Georgia

Information you give us

• Account data — email, name, password (hashed), profile photo, and role (brand or creator).
• Brand workspace data — company name, website, logo, team members, billing plan.
• Creator profile data — niches, languages, social handles, portfolio links, audience info you choose to share.
• Campaign content — briefs, opportunities, offers, messages, files you attach in chat.
• Payment data — handled by our payment provider Keepz. We store the order id, status, amount, and timestamp; we never see or store full card numbers.
• Communications — emails you send us, support requests, feedback.

Information collected automatically

• Usage data — pages viewed, features used, clicks on affiliate links, time spent, referrer.
• Device data — browser type, operating system, screen size, language, approximate location derived from IP.
• Server logs — IP address, timestamps, request paths, error events. Used for security and debugging.

Information from third parties

• If you sign in with Google or another OAuth provider, we receive your email, name, and profile photo from that provider — nothing else.
• If you connect a social account to your creator profile, we read only the public profile data needed to verify the handle and show audience info — we don't post on your behalf.

We use the data we collect to:

• Operate the platform — create your account, show you relevant content, run the brand/creator marketplace.
• Match brands with creators using profile data, niches, and AI-assisted recommendations (powered by Anthropic Claude — see Section 6).
• Process payments, plan upgrades, and payouts via Keepz.
• Send transactional email (account confirmations, password resets, payment receipts, campaign notifications) via Resend.
• Send in-app notifications about campaigns, applications, messages, and earnings.
• Respond to support requests and fix bugs.
• Detect and prevent fraud, abuse, fake clicks, and policy violations.
• Comply with legal obligations — tax records, lawful requests from authorities.
• Improve the product — understand what's working, what's broken, what to build next.

We do not use your data for advertising outside Influo AI, and we do not run third-party ad trackers on the platform.

We use cookies and localStorage to make the product work, remember your session, and attribute affiliate sales correctly.

Essential cookies

Authentication, session state, locale preference, theme. Without these the platform can't function.

Analytics

We track aggregated usage to understand how the product is used. We don't load third-party advertising trackers.

Affiliate attribution

When a user clicks a creator's affiliate link, we set a first-party cookie and localStorage entry containing an attribution token. This token lets us credit the creator for a sale that happens later on the brand's store.

• Who sets it: Influo AI, scoped to influoai.co and the brand's store domain when supported.
• Expiry: 7 to 90 days, chosen per opportunity by the brand (default 30 days).
• Use: matching a purchase event from the brand's store back to the originating creator.
• Contents: a random token. We do not store the visitor's name, email, or full IP in the cookie itself.

The attribution cookie is first-party and is removed automatically after the configured window expires.

Managing cookies

You can clear cookies in your browser at any time. Clearing them will sign you out and will remove pending affiliate attributions for clicks that haven't yet converted.

Influo AI provides brands with a lightweight pixel snippet ("Influo Pixel") that the brand installs on their own store to report sales back to the platform. The pixel works alongside the attribution cookie described in Section 4.

What the pixel collects

When a sale completes on the brand's store, the pixel sends us:

• The attribution token from the visitor's Influo cookie (if any).
• Event type (purchase, sign-up, etc., depending on what the brand configured).
• Order amount and currency.
• A brand-provided order ID, so duplicate events can be filtered.
• An optional anonymous customer ID provided by the brand for de-duplication. We do not require any personal data.

The pixel does not collect names, emails, addresses, or payment details. Those stay on the brand's store.

Brand responsibility

Brands that install the Influo Pixel are responsible for disclosing it in their own privacy policy and obtaining any consents required in their jurisdiction. Influo AI provides the technology; the brand controls the deployment on its store.

Attribution window

Each opportunity sets an attribution window (7, 14, 30, 60, or 90 days). A sale is credited to the creator only if it happens within that window after the visitor's first click. Once the window expires, the attribution token is no longer matched.

We share data only with the parties that need it to make Influo AI work.

Between brands and creators

Your profile, messages, applications, and shared campaign content are visible to the counterparties you choose to work with. That's the whole point of the platform.

Public creator profiles

Creators choose whether their profile is public on the platform. Public profiles can be discovered in search by brands and other creators.

Service providers (sub-processors)

We use trusted providers to run the platform. Each is contractually bound to use your data only for the service they provide:

• Supabase — database, authentication, file storage.
• Vercel — hosting, edge runtime, request logs.
• Keepz — payments, subscription billing.
• Resend — transactional email delivery.
• Anthropic Claude API — AI-assisted matching, drafting, and summarisation. Anthropic processes prompts to return responses and does not train on your data.

We do not sell your personal data to data brokers, advertising networks, or anyone else.

Legal requests

We may disclose information when required by a valid legal request (court order, subpoena, lawful warrant). We review every request and push back on overbroad demands where we can.

Business transfers

If Influo AI is acquired or merges with another company, your data may transfer to the new entity. We'll notify you before that happens and you'll have the chance to delete your account.

No sale of data

We don't sell your personal information, and we don't share it for cross-context behavioural advertising.

All payments — plan upgrades, search unlocks, Boost — are processed by Keepz. We don't see or store your full card number, CVV, or bank details.

• Card data is captured directly by Keepz on Keepz's own infrastructure (PCI-DSS scoped).
• We store transaction history: order ID, amount, currency, status, timestamp, and the plan or product purchased.
• For creator payouts, you may provide an IBAN or wallet address. We store this only to send you payouts.

If you pay in crypto for an unlock or upgrade, we store the transaction hash and amount, not your wallet's private keys.

We keep your data for as long as we need it to provide the service:

• Active accounts: for the lifetime of your account.
• Inactive accounts: we may delete or anonymise accounts that have been inactive for 24 months, after notifying you.
• Financial records: transaction and tax records are kept for the period required by Georgian law (typically 6 years).
• Affiliate events: click and sale events are retained for the campaign duration plus 12 months for reconciliation and dispute handling.
• Server logs: rotated every 30 days unless required for an active security investigation.

If you delete your account, we remove your profile and personal data within 30 days, except records we're legally required to keep.

You have the following rights over your data:

• Access: request a copy of the data we hold about you.
• Correction: fix anything that's wrong or out of date.
• Deletion: ask us to delete your account and personal data.
• Portability: receive your data in a structured, machine-readable format.
• Objection: object to processing for legitimate-interest reasons.
• Restriction: ask us to temporarily stop using your data while a request is reviewed.

Most of these are available directly inside the app under Settings. For anything else, email hello@influoai.co. We respond within 30 days. EU/UK users have additional rights under GDPR — same email, same SLA.

If you're a creator with active affiliate attributions or pending payouts, we'll process the deletion request after those are resolved or expired (we'll explain the timing in our reply).

We take security seriously and use industry-standard practices to protect your data:

• All traffic is encrypted in transit (HTTPS / TLS 1.2+).
• Passwords are hashed with bcrypt — we never store plaintext passwords.
• Payment data is handled by PCI-DSS scoped providers (Keepz).
• Database access is gated by row-level security so users can only see their own workspace data.
• Backups are encrypted and rotated regularly.

No system is bullet-proof. If you spot a security issue, please report it to hello@influoai.co.

Influo AI is not intended for users under 16. We don't knowingly collect data from children under 16. If you believe a minor has created an account, contact hello@influoai.co and we'll remove the account.

Some opportunities are flagged as restricted (e.g. alcohol, gambling). Creators must be at least 21 to apply, and brands are responsible for verifying that requirement when they offer those opportunities.

Influo AI is based in Tbilisi, Georgia. If you access the platform from outside Georgia, your data will be transferred to and processed in Georgia and in the regions of our service providers (Supabase, Vercel, Resend, Anthropic).

We comply with GDPR for EU/EEA and UK users, including the right to lodge a complaint with your local data protection authority.

We may update this policy from time to time. When we do, we'll:

• Update the "Last updated" date at the top of this page.
• Email you if the change is material (e.g. new sub-processor, new category of data, new use).
• Give you at least 14 days' notice before any material change takes effect.

Continued use of the platform after the effective date means you accept the updated policy.

Questions, data-rights requests, or anything else privacy-related:

• Email: hello@influoai.co
• Website: influoai.co
• Location: Tbilisi, Georgia

We aim to acknowledge privacy requests within 5 business days and resolve them within 30 days.