Influesque

Privacy Policy

Last updated: April 28, 2026

This Privacy Policy explains how Influesque ("we", "us", "our") collects, uses, and protects information when you visit our website, request a demo, create an account, or otherwise interact with our services.

Who we are

Data Controller: Influesque, a company legally registered in the Netherlands. We operate from the Netherlands (where the company is legally registered) and Germany. Contact: [email protected].

What we collect

User Data

  • Website analytics: We use Pirsch Analytics (EU‑hosted, Germany) to measure page views and events in a privacy‑friendly, cookie‑less way. Pirsch does not collect personally identifiable information nor use tracking cookies.
  • Demo and contact requests (marketing site): If you request a demo or contact us, we collect your work email and other details you provide (e.g., name, company, phone) to respond and schedule your demo. If you opt in to marketing emails during the demo request, we may also add you to our marketing list to send you product updates and resources.
  • Account and authentication (platform): If you sign in to our platform using Google OAuth, we receive basic profile information (such as your name and email) from Google to create and authenticate your account. We do not receive your Google password.
  • Payment information: When you subscribe to paid Services, our payment processor Polar.sh collects payment card information, billing address, and related payment data. We do not store full payment card details on our servers. Payment processing is subject to Polar's Privacy Policy.
  • B2B contact data from public sources: We may collect and process publicly available business contact information (e.g., work email published on a company site or public profile) for legitimate business outreach purposes.
  • Platform usage and search analytics: When you use the platform (e.g., search for creators), we may record your search queries and related usage data (e.g., result counts) to improve the product and understand how features are used. This data is linked to your account and is processed for product improvement under our legitimate interests.

Creator Data

Our platform aggregates and displays data about YouTube creators and sponsors. This data is collected from publicly available sources and includes:

  • Creator contact information: We collect creator contact emails from publicly available sources, including:
    • Creator websites and contact pages
    • YouTube video descriptions
    • Social media profiles and bios
    • Public business directories
    Email collection is performed using automated tools (including web scraping and AI-powered search) to identify publicly published contact information. We only collect emails that are already publicly available and do not access private or protected information.
  • Creator profile data: YouTube channel information (name, subscriber count, video statistics, engagement metrics), social media links, location, language, and content categories.
  • Video data: Video titles, descriptions, view counts, engagement metrics, publication dates, and sponsorship information.
  • Sponsorship data: Information about brand sponsorships, including sponsor names, campaign details, and related video content.

Creator data is collected and processed under our legitimate interest in providing a B2B database service for influencer marketing professionals. Creators have the right to request access, correction, or deletion of their data by contacting us at [email protected].

How we use your information

  • To provide, maintain, and improve our site and services.
  • Transactional emails: To send you account-related emails (onboarding, password resets, subscription updates, service notifications). These are necessary for your account and cannot be unsubscribed from, but you can delete your account at any time.
  • Marketing emails: To send you product updates, new features, tips, and resources. You can unsubscribe from these at any time using the link in every email. We only send marketing emails if you've opted in (e.g., during sign-up or demo request) or if you're an existing customer and haven't opted out (you can opt out anytime).
  • To respond to your requests (demo requests, support inquiries, etc.).
  • To perform product research and understand interest in our features.
  • For security, abuse prevention, and to comply with legal obligations.

Legal bases under GDPR

  • Performance of a contract or steps prior to entering a contract (GDPR Art. 6(1)(b)): For processing your account creation, authentication, subscription management, and requested communications (e.g., demo/contact requests).
  • Legitimate interests (GDPR Art. 6(1)(f)): For privacy‑respecting analytics; for B2B outreach using publicly available business contact details where we balance necessity and your rights; for collecting and processing creator data from publicly available sources to provide our B2B database service; for product improvement, security, and fraud prevention; and for email extraction from public sources for creator contact information.
  • Compliance with legal obligations (GDPR Art. 6(1)(c)): For retaining payment records for tax compliance, responding to legal requests, and meeting other legal requirements.
  • Consent (GDPR Art. 6(1)(a)): Where explicitly requested and provided (e.g., optional marketing communications).

Cookies and Tracking Technologies

We use cookies and similar technologies across three categories. You can accept, reject, or change your choice at any time using the "Cookie preferences" link in the footer.

  • Strictly necessary: Required for the site to function — authentication, session management, security, and remembering your cookie choice. Always on; cannot be disabled.
  • Analytics: Help us understand how visitors use the site (aggregate page views, traffic sources, session duration) so we can improve it. Includes Google Analytics 4 (_ga,_gid). Loaded only with your consent.
  • Marketing: Used to measure the performance of our ads and show you relevant campaigns. Includes Google Ads conversion tracking (_gcl_*). Loaded only with your consent.

EU, EEA, and UK visitors (opt-in): no analytics or marketing cookies are set until you explicitly accept them via the banner that appears on your first visit.

US visitors and other regions (opt-out): analytics and marketing cookies are enabled by default, and you can opt out at any time via the "Cookie preferences" or "Do Not Sell or Share My Personal Information" links in the footer. We automatically honour the Global Privacy Control (GPC) browser signal — if GPC is enabled, we treat it as an opt-out request and do not load analytics or marketing cookies.

We implement Google Consent Mode v2, meaning Google services receive your consent signal before any tracking tag fires.

Our primary web analytics provider, Pirsch Analytics (EU‑hosted, Germany), does not use cookies and operates in a privacy-friendly, cookieless manner.

YouTube API Services

Certain features may rely on YouTube API Services. If you use those features, your use is subject to the YouTube Terms of Service and the Google Privacy Policy. You can revoke Influesque’s access to your Google account at any time via your Google Account permissions.

Processors and third parties

We share personal data with the following categories of service providers:

  • Payment processing: Polar.sh processes subscription payments and billing. Polar collects payment card information, billing addresses, and transaction data. Your use of paid Services is subject to Polar's Terms of Service and Privacy Policy. Data may be processed in the United States.
  • Email and contact management: Resend is our email service provider, used to send all emails (transactional and marketing) and manage audience lists (including unsubscribe/suppression lists). Data may be processed in the United States. Resend's privacy policy applies to their processing of email data.
  • Analytics: Pirsch Analytics (EU‑hosted, Germany), which is cookieless and does not use personally identifiable tracking.
  • Authentication (platform): Google OAuth 2.0 for sign‑in. Your use is also subject to Google’s policies.
  • Error monitoring: Sentry (application performance and error reporting). May collect minimal diagnostic data and stack traces to help us fix issues. Data may be processed in the United States.
  • Data enrichment: Brandfetch API for sponsor/company data enrichment (logos, brand information, company metadata). This service processes publicly available company information.
  • Background processing and caching: Sidekiq and Redis for job processing and queues.
  • Data storage: PostgreSQL for primary application data.
  • Hosting: Heroku (platform) and Vercel (marketing site hosting & delivery). Data may be processed in the United States and other regions.
  • DNS/CDN & security: Cloudflare for DNS, CDN, and DDoS protection. Data may be processed globally.
  • AI features: Google Gemini API for AI-powered features including email extraction and content analysis. Data may be processed in the United States.

We engage third‑party providers under data protection terms and appropriate safeguards (e.g., Standard Contractual Clauses for international transfers where applicable).

International transfers

Some providers may process data outside your country (including the United States). Where required, we use appropriate safeguards such as Standard Contractual Clauses and limit data to what is necessary for the stated purposes.

Retention

We retain personal data only as long as necessary for the purposes described above or as required by law:

  • User account data: Retained while your account is active and for up to 30 days after account deletion (to allow for account recovery). Some data may be retained longer if required by law (e.g., payment records for tax compliance, typically 7 years).
  • Payment records: Retained for 7 years as required by tax and accounting laws.
  • Creator data: Retained as long as necessary to provide the Services. Creator data may be updated or refreshed periodically. Creators can request deletion of their data at any time.
  • Marketing data: Contact information for B2B outreach is retained until you opt out or request deletion.
  • Analytics data: Aggregated, anonymized analytics data may be retained indefinitely as it does not identify individuals.
  • Search and usage logs: Platform search queries and usage data are retained for up to 24 months for product analytics, after which they are deleted or aggregated in a form that no longer identifies you. When you delete your account, we delete your search and usage logs as part of your personal data.

We periodically review and delete or anonymize data that is no longer needed. Upon account deletion, we will delete your personal data (including your search and usage logs) within 30 days, except where retention is required by law.

Your rights

Depending on your jurisdiction (particularly if you are in the EU/UK), you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data (subject to legal retention requirements).
  • Restriction: Request that we limit how we process your data.
  • Objection: Object to processing based on legitimate interests (we will assess whether our interests override yours).
  • Data portability: Request your data in a structured, machine-readable format. We can provide your account data, campaign data, and creator lists in JSON or CSV format.
  • Withdraw consent: Where processing is based on consent, you may withdraw consent at any time.
  • Lodge a complaint: File a complaint with your local data protection authority if you believe we have violated your rights.

To exercise these rights, contact us at [email protected]. We will respond within 30 days. We may request verification of your identity before processing certain requests.

Note for creators: If you are a creator whose data appears in our database, you have the same rights listed above. You can request access, correction, or deletion of your creator profile data by contacting us.

Your US state privacy rights

If you are a resident of a US state with a comprehensive privacy law (currently including California, Virginia, Colorado, Connecticut, Utah, and a growing list of others), you have specific rights over your personal information in addition to those listed above.

  • Right to know / access: Request confirmation of whether we process your personal information, the categories we collect, the sources, purposes, categories of third parties we share it with, and a copy of the specific pieces of personal information we hold.
  • Right to delete: Request deletion of the personal information we have collected about you, subject to legal retention exceptions.
  • Right to correct: Request correction of inaccurate personal information.
  • Right to opt out of "sale" and "sharing": Under the CCPA/CPRA and similar state laws, the use of cookies for cross-context behavioural advertising (for example, Google Ads conversion tracking) can qualify as a "sale" or "sharing" of personal information. You can opt out at any time via the "Do Not Sell or Share My Personal Information" link in the footer, or by enabling the Global Privacy Control (GPC) signal in your browser — we automatically honour GPC as a valid opt-out request.
  • Right to limit use of sensitive personal information: We do not use or disclose sensitive personal information for purposes beyond what is permitted without an additional opt-in under CPRA.
  • Right to non-discrimination: We will not deny you services, charge you a different price, or provide a different level of quality because you exercised any of these rights.
  • Authorized agent: You may designate an authorized agent to make a request on your behalf. We may require verification of the agent's authority and your identity.

To exercise any of these rights, email [email protected]. We respond to verifiable requests within 45 days (extendable by an additional 45 days where reasonably necessary, with notice).

Categories of personal information collected and "sold" / "shared" (CCPA/CPRA disclosure): In the preceding 12 months, we have collected the following categories of personal information: identifiers (name, email, IP address), commercial information (subscription and payment records), internet or similar network activity (pageviews, clicks, search queries), geolocation data (approximate location from IP), and professional information (company, role, publicly available business contact details). We "share" internet or network activity with Google (via Google Ads and Google Analytics) for advertising measurement purposes; US visitors can opt out as described above. We do not sell personal information for monetary consideration, and we do not knowingly sell or share the personal information of consumers under 16.

Email preferences and opt‑out

Marketing emails: You can unsubscribe from marketing emails at any time by clicking the unsubscribe link in any marketing email we send you, or by emailing [email protected]. We will remove you from our marketing list immediately.

Transactional emails: Account-related emails (onboarding, password resets, subscription updates) are necessary for your account. To stop receiving these, you can delete your account.

B2B outreach: If we contacted you using a public business email and you prefer not to be contacted, email [email protected] from the address you want us to stop contacting. We will promptly suppress your email for future outreach.

Data Breaches

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (where required by law).
  • Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
  • Provide clear information about the nature of the breach, likely consequences, and measures taken to address it.

Security

We implement reasonable technical and organizational measures to protect personal data against unauthorized access, loss, or misuse, including:

  • Encryption of data in transit (HTTPS/TLS) and at rest where appropriate.
  • Access controls and authentication mechanisms.
  • Regular security assessments and monitoring.
  • Secure hosting infrastructure with reputable providers.
  • Regular backups and disaster recovery procedures.

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Children

Our site is intended for business use and not directed to children under 16.

Changes

We may update this Privacy Policy from time to time. Material changes will be noted by updating the effective date above. Continued use of our site after changes means you accept the updated Policy.

Contact

Questions or requests: [email protected].