Privacy Policy

• Introduction
• Data We Collect
• How We Use Data
• OAuth Connection
• Sharing
• Data Retention
• Your Rights & Choices
• Data Export & Deletion
• Security
• International Transfers
• Cookies
• Automated Moderation
• Children
• Changes
• Contact

1) Introduction

Sponsor Sorter (“we”, “us”) provides tools that connect sponsors with creators and help both parties track offer performance. This Privacy Policy explains what we collect, why we collect it, how we use and share it, and the choices you have. By using our website, dashboards, or APIs (the “Service”), you agree to this Policy and our Terms of Service.

2) Data We Collect

We collect the following categories of information (depending on how you use the Service):

• Account & Profile: name, display name, email, username, phone (optional), organization, role, profile image, preferences.
• OAuth & Social Metrics: limited identifiers and insights from connected platforms (see Section 4).
• Offer & Workflow: offers, deliverables, milestones, comments, attachments, reviews/ratings, dispute notes.
• Payments: payment intent/receipt metadata, subscription status and plan, refunds/chargebacks (processed by Stripe; we don’t store raw card numbers).
• Support & Communications: messages with us, support tickets, moderation reports.
• Device & Usage: IP address, device/browser type, pages/actions, timestamps, authentication logs.
• Cookies/SDKs: necessary cookies for login and security; analytics cookies described below.

3) How We Use Data (and lawful bases)

• Operate the Service & fulfill contracts (create accounts, connect platforms, run offers, process payments, provide support).
• Safety, fraud prevention & dispute handling (moderation, rate limiting, abuse detection, audits) – our legitimate interests and legal obligations.
• Analytics & product improvement using aggregate/anonymous insights – our legitimate interests.
• Communications (transactional emails, important updates). Marketing emails are optional and can be opted out.
• Legal compliance (tax, financial reporting, regulatory requests).

4) OAuth & Connected Platforms

What we access & why (examples):

• YouTube (Google): channel identity and public/video metrics to attribute deliverables and summarize performance for offers you participate in.
• Instagram (via Facebook): business/creator account identity; media metadata/insights to verify posts and provide performance summaries.
• TikTok: basic profile, post metadata, engagement metrics to confirm deliverables and show results.
• Twitch: channel identity and public metrics to verify activations and summarize outcomes.
• Facebook Pages: Page identity and insights if you connect a Page for verification or reporting.

Token storage & security: OAuth tokens and minimal account metadata are stored securely (encrypted at rest) and transmitted over TLS. Access is restricted to systems that perform the features you enable.

Revocation: Disconnect in your account’s Connected Platforms settings or revoke directly in the platform’s security settings. Revocation stops future sync.

Google/YouTube Limited Use: Our use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We use approved scopes only for features you enable, do not sell Google user data, and do not transfer it except as necessary to provide the Service.

5) Sharing & Subprocessors

We don’t sell personal information. We share it only as described:

• With parties to an offer (e.g., sponsor and creator) to operate deliverables, messaging, and performance summaries.
• Service providers/Subprocessors that help us operate the Service:
  • Supabase (hosting, database, authentication, storage).
  • Stripe (payments, billing, receipts, subscription management).
  • Resend (transactional email delivery).
  • Google Analytics (measurement only; no Ads/Remarketing features).
• Legal & safety (compelled disclosures; enforcing our rights; preventing fraud/abuse).
• Business transfers (e.g., merger or acquisition) with protections in place.

6) Data Retention

• Account & profile: for the life of your account; deleted within 30 days after confirmed account deletion, subject to the exceptions below.
• Payments & invoices: retained for 7 years to meet tax and financial record obligations.
• Offer/contracts & disputes: retained up to 6 years for contract and claim purposes.
• Security & audit logs (incl. IP): retained for up to 12 months.
• Moderation/abuse records: retained up to 24 months after case closure to prevent repeat abuse.

7) Your Rights & Choices

Depending on your location (e.g., EU/UK/EEA, California), you may have rights to access, correct, delete, restrict, or object to processing; request portability; and withdraw consent for optional features.

• Marketing opt-out: unsubscribe via any email footer or your settings.
• Analytics opt-out: decline analytics cookies in the banner or update preferences later (see Cookies).
• “Do Not Sell/Share” (CPRA): we do not sell or share your personal information for cross-context behavioral advertising.
• Appeals: if you believe an automated moderation action was incorrect, contact support@sponsorsorter.com.

8) Data Export & Deletion

You can request a copy of your data or account deletion directly from your dashboard using the “Request My Data (GDPR/CCPA)” and “Request Account Deletion” buttons. To stop future data syncing from any connected platform, open Connected Platforms in settings and click Disconnect; this revokes access tokens and halts future pulls. You may also email support@sponsorsorter.com if you prefer. After confirmed deletion, we purge account data within 30 days except where retention is required by law, security, or dispute resolution (see Data Retention).

9) Security

• Encryption at rest for stored data and TLS in transit.
• Least-privileged access, logging, and access reviews.
• Backups and disaster recovery operated by our hosting provider(s).
• No storage of raw payment card numbers on our servers.

10) International Transfers

We and our providers may process data in countries other than yours. Where required (e.g., EEA/UK), we rely on appropriate safeguards such as Standard Contractual Clauses.

11) Cookies

We use (i) strictly necessary cookies for login, security, and preference storage; and (ii) analytics cookies for measurement only (no Ads/Remarketing). You can accept or decline in the banner and update preferences later in your account or browser settings.

12) Automated Moderation

We use automated moderation (e.g., “FamBot”) to detect spam, fraud, and harmful content. Automated decisions may restrict content or accounts; you can request human review via support@sponsorsorter.com.

13) Children

The Service is not directed to children under 13 (or the applicable age of consent in your region). Do not register or connect social accounts if underage.

14) Changes

We may update this Privacy Policy over time. Material changes will be notified via the Service or email. Continued use means you accept the updated Policy.

15) Contact

Questions or requests about this Policy or your data rights?
Email: privacy@sponsorsorter.com or support@sponsorsorter.com
Registered in Australia (Victoria). ABN: 23 801 694 480

Sponsor Sorter © 2025. All rights reserved.