Privacy Policy

• Introduction
• Data We Collect
• How We Use Data
• OAuth Connection
• Sharing
• Data Retention
• Your Rights & Choices
• Data Export & Deletion
• Security
• International Transfers
• Cookies
• Automated Moderation
• Children
• Changes
• Contact

1) Introduction

Sponsor Sorter (“we”, “us”) provides tools that connect sponsors with creators and help both parties manage offers, deliverables, timelines, and (where enabled) payments. This Privacy Policy explains what we collect, why we collect it, how we use and share it, and the choices you have. By using our website, dashboards, or APIs (the “Service”), you agree to this Policy and our Terms of Service.

2) Data We Collect

We collect the following categories of information (depending on how you use the Service):

• Account & Profile: name, display name, email, username, phone (optional), organization/company name, role, profile image, preferences.
• Connected Accounts (OAuth) & Social Metrics: limited identifiers and insights from connected platforms (see Section 4).
• Offer & Workflow: offers, deliverables, milestones, comments, attachments, reviews/ratings, dispute notes, and verification links you provide (e.g., “live URL”).
• Payments & Billing: subscription status/plan, payment intent/receipt metadata, refunds/chargebacks, payout records (processed by Stripe; we don’t store raw card numbers).
• Support & Communications: messages with us, support tickets, moderation reports, and privacy requests (e.g., export/deletion requests).
• Device & Usage: IP address, device/browser type, pages/actions, timestamps, authentication and security logs.
• Cookies/SDKs: necessary cookies for login and security; optional analytics cookies described below.

3) How We Use Data (and lawful bases)

• Operate the Service & fulfill contracts (create accounts, run offers, connect platforms, enable deliverable verification, process payments, provide support).
• Safety, fraud prevention & dispute handling (moderation, rate limiting, abuse detection, audits) – our legitimate interests and legal obligations.
• Analytics & product improvement using aggregate/anonymous insights – our legitimate interests.
• Communications (transactional emails, important updates, security notices). Marketing emails are optional and can be opted out.
• Legal compliance (tax, financial reporting, responding to lawful requests).

4) OAuth & Connected Platforms

What we access & why (examples):

• YouTube (Google): channel identity and public/video metrics to attribute deliverables and summarize performance for offers you participate in.
• Instagram (via Meta): business/creator account identity; media metadata/insights to verify posts and provide performance summaries.
• TikTok: basic profile, post metadata, engagement metrics to confirm deliverables and show results.
• Twitch: channel identity and public metrics to verify activations and summarize outcomes.
• Facebook Pages: Page identity and insights if you connect a Page for verification or reporting.

Token storage & security: Access tokens (and refresh tokens where applicable) are stored securely and protected by access controls. Data is transmitted over TLS. Our infrastructure providers may encrypt stored data at rest.

Revocation: Disconnect in your account’s Connected Platforms settings or revoke directly in the platform’s security settings. Revocation stops future sync.

Google/YouTube Limited Use: Our use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We use approved scopes only for features you enable, do not sell Google user data, and do not transfer it except as necessary to provide the Service.

5) Sharing & Subprocessors

We don’t sell personal information. We share it only as described:

• With parties to an offer (e.g., sponsor and creator) to operate deliverables, messaging, reviews, and performance summaries related to that offer.
• Service providers/Subprocessors that help us operate the Service:
  • Supabase (hosting, database, authentication, storage).
  • Stripe (payments, billing, receipts, subscription management, and payouts where enabled).
  • Resend (transactional email delivery).
  • Google Analytics (measurement only; no Ads/Remarketing features).
• Legal & safety (compelled disclosures; enforcing our rights; preventing fraud/abuse).
• Business transfers (e.g., merger or acquisition) with protections in place.

6) Data Retention

• Account & profile: for the life of your account; deleted within 30 days after confirmed account deletion, subject to the exceptions below.
• Payments & invoices: retained for 7 years to meet tax and financial record obligations.
• Offer/contracts & disputes: retained up to 6 years for contract and claim purposes.
• Security & audit logs (incl. IP): retained for up to 12 months.
• Moderation/abuse records: retained up to 24 months after case closure to prevent repeat abuse.

7) Your Rights & Choices

Depending on your location (including Australia, EU/UK/EEA, and some U.S. states), you may have rights to access, correct, delete, restrict, or object to certain processing; request portability; and withdraw consent for optional features.

• Marketing opt-out: unsubscribe via any email footer or your settings (if available).
• Analytics opt-out: decline analytics cookies in the banner or update preferences later (see Cookies).
• “Do Not Sell/Share” (CPRA): we do not sell or share your personal information for cross-context behavioral advertising.
• Appeals: if you believe an automated moderation action was incorrect, contact support@sponsorsorter.com.

8) Data Export & Deletion

You can request a copy of your data or account deletion from within your dashboard (if those tools are available) or by emailing support@sponsorsorter.com. To stop future data syncing from any connected platform, open Connected Platforms in settings and click Disconnect; this revokes access tokens and halts future pulls. After confirmed deletion, we purge account data within 30 days except where retention is required by law, security, or dispute resolution (see Data Retention).

9) Security

• TLS in transit; access controls and least-privileged permissions.
• Logging, monitoring, and abuse prevention controls.
• Backups and disaster recovery operated by our hosting provider(s).
• No storage of raw payment card numbers on our servers.

10) International Transfers

We and our providers may process data in countries other than yours. Where required (e.g., EEA/UK), we rely on appropriate safeguards such as Standard Contractual Clauses.

11) Cookies

We use (i) strictly necessary cookies for login, security, and preference storage; and (ii) analytics cookies for measurement only (no Ads/Remarketing). You can accept or decline in the banner and update preferences later in your account (if available) or browser settings.

12) Automated Moderation

We use automated moderation (e.g., “FamBot”) to detect spam, fraud, and harmful content. Automated decisions may restrict content or accounts; you can request human review via support@sponsorsorter.com.

13) Children

The Service is not directed to children under 13 (or the applicable age of consent in your region). Do not register or connect social accounts if underage.

14) Changes

We may update this Privacy Policy over time. Material changes will be notified via the Service or email. Continued use means you accept the updated Policy.

15) Contact

Questions or requests about this Policy or your data rights?
Email: privacy@sponsorsorter.com or support@sponsorsorter.com
Registered in Australia (Victoria). ABN: 23 801 694 480

Sponsor Sorter © 2026. All rights reserved.