Privacy Policy

Last updated: March 22, 2026

1. Who we are

InfluenceKit is operated by RPD Capital Kft. (“we”, “us”, “our”). We provide a SaaS platform that helps e-commerce brands manage influencer marketing campaigns. We act as a data controller for the personal data we process.

2. What data we collect

We collect only the data necessary to provide our service:

  • Account data: Email address, name, and profile picture (provided via Google OAuth through our authentication provider, Clerk).
  • Organisation data: Organisation name and billing plan.
  • Creator data: Social media handles, follower counts, engagement rates, and platform metrics that you choose to add to your roster.
  • Integration data: OAuth access tokens for Instagram, TikTok, YouTube, and Shopify (stored encrypted, used only for metric syncing).
  • Payment data: Processed entirely by Stripe. We never see or store credit card numbers.
  • Usage data: Basic page views and feature usage for product improvement.

3. How we use your data

  • To provide and maintain the InfluenceKit service.
  • To sync social media metrics from connected platforms.
  • To attribute Shopify revenue to influencer campaigns via UTM tracking.
  • To process payments and manage subscriptions.
  • To send transactional emails (e.g. subscription confirmations).
  • To improve the product based on aggregated, anonymised usage patterns.

We do not sell your data to third parties. We do not use your data for advertising.

4. Third-party services

We use the following trusted third-party services to operate InfluenceKit:

ClerkAuthentication & user management
SOC 2 Type II
StripePayment processing
PCI DSS Level 1
SupabaseDatabase hosting (EU region)
SOC 2 Type II
VercelApplication hosting
SOC 2 Type II
Meta / Instagram APISocial media metric syncing
Meta Platform Terms
TikTok APISocial media metric syncing
TikTok Developer Terms
YouTube APISocial media metric syncing
Google API Terms

5. Data storage & security

  • Your data is stored in Supabase (PostgreSQL) in the EU West (Ireland) region.
  • All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
  • OAuth tokens are stored server-side and never exposed to the browser.
  • We perform regular security reviews and follow OWASP best practices.

6. Your rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access: Request a copy of all data we hold about you.
  • Rectification: Correct any inaccurate personal data.
  • Erasure: Request deletion of your account and all associated data.
  • Portability: Receive your data in a structured, machine-readable format (JSON).
  • Restriction: Request that we limit processing of your data.
  • Objection: Object to processing of your data.

You can exercise these rights directly from your account settings, or by emailing us at privacy@influencekit.io.

Self-service data controls

In your account settings, you can export all your data as a JSON file or permanently delete your account. Account deletion removes all your data within 30 days and is irreversible.

7. Cookies

We use only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. Because we only use strictly necessary cookies, no cookie consent is required under GDPR — but we display a notice for transparency.

8. Data retention

  • Active accounts: data retained as long as your account is active.
  • Deleted accounts: all data permanently deleted within 30 days.
  • Stripe payment records: retained by Stripe per their retention policy (required for legal/tax purposes).

9. Changes to this policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you via email or a prominent notice in the app.

10. Contact us

If you have questions about this privacy policy or your data, contact us at: privacy@influencekit.io