Privacy Policy

This Privacy Policy explains how InfluencerMetric (“we”, “us”) collects, uses, stores, and protects your personal data when you use influencermetric.in. We act as a Data Fiduciary under India's Digital Personal Data Protection Act, 2023 (DPDP Act), and you, the user, are a Data Principal. We process your data on the basis of your consent and for the lawful purposes described below.

1. Information We Collect

We collect information you provide directly: name, email address, phone/WhatsApp number, profile information, payment and KYC details (e.g. PAN, last four digits of Aadhaar, bank/UPI details for payouts), and content you create. We also collect usage data automatically, including IP address, browser type, pages visited, and actions taken on the platform.

2. Instagram and Social Account Data

When you connect your Instagram account to InfluencerMetric, we access and store the following data from the Instagram API (via Meta's platform):

• Instagram username and profile information
• Follower count and following count
• Post/media count
• Profile picture URL
• Engagement metrics (likes and comments on recent posts)
• Access tokens required to retrieve the above data

This data is used exclusively to display verified creator statistics to brands on the InfluencerMetric platform and to authenticate your identity as a creator. We do not post, publish, or modify any content on your Instagram account. We do not sell or share your Instagram data with third parties except as described in Section 4.

You can disconnect your Instagram account at any time from your account settings. Upon disconnection, your Instagram access token is deleted from our systems within 24 hours. To request full deletion of all Instagram data we hold, contact us at privacy@influencermetric.in or visit our data deletion page.

3. How We Use Your Information (Purposes)

• To provide, maintain, and improve the platform
• To display verified creator statistics to brands seeking collaborations
• To process orders, escrow, payouts, taxes, and related transactions
• To send transactional and (with your consent) promotional communications
• To monitor and analyse usage patterns to improve the experience
• To detect, prevent, and address fraud and security issues, and to comply with law

We process your data only for these specified purposes. We will seek fresh consent before using your data for any new purpose.

4. Information Sharing

We do not sell your personal data. We share information only with:

• Service providers (Data Processors) who help us operate the platform — e.g. hosting, payments (Razorpay), email, KYC — under contractual data-protection obligations
• Other users as necessary for a transaction (e.g. a brand sees a creator's stats; parties to an order see each other's contact details)
• Law enforcement or regulators when required by applicable law

Our use of Instagram data obtained via Meta's APIs complies with the Meta Platform Policy.

5. Data Security

We use industry-standard encryption (TLS/HTTPS) for all data in transit. Passwords are hashed using Argon2id. Sensitive columns — social access tokens, KYC references, bank details, and two-factor secrets — are encrypted at rest using AES-256-GCM. We implement role-based access controls, an append-only audit log, rate limiting, and follow OWASP security guidelines. Despite reasonable safeguards, no system is perfectly secure; in the event of a personal data breach, we will notify the Data Protection Board of India and affected users as required by the DPDP Act.

6. Cookies

We use essential cookies for authentication and session management. We may use analytics cookies to understand platform usage. You can disable non-essential cookies in your browser settings.

7. Your Rights as a Data Principal

Under the DPDP Act, you have the right to:

• Access a summary of the personal data we process about you
• Correct or update inaccurate or incomplete data (most of this you can do directly in your profile/settings)
• Erase your personal data (you can delete your account from Settings, or request erasure)
• Withdraw consent at any time — as easily as you gave it; this does not affect processing already carried out
• Grievance redressal — raise a complaint with our Grievance Officer (Section 11)
• Nominate another individual to exercise your rights in the event of death or incapacity

To exercise any of these rights, contact privacy@influencermetric.in. We will respond within the timelines required by law.

8. Data Retention

We retain your data only for as long as your account is active or as needed to provide the service. When you delete your account, your personal data is removed within 30 days, except where we are legally required to retain certain records (for example, financial, tax, and transaction records, which we keep for the statutory period). Instagram access tokens are deleted immediately upon account disconnection.

9. Children

InfluencerMetric is intended for users aged 18 and above. By creating an account you confirm that you are at least 18 years old. In line with the DPDP Act, we do not knowingly process the personal data of children (anyone under 18) without verifiable parental or guardian consent, and we do not undertake tracking, behavioural monitoring, or targeted advertising directed at children. If we learn that we have collected a child's data without the required consent, we will delete it.

10. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes via email. Continued use of the platform after changes constitutes acceptance of the updated policy.

11. Grievance Officer & Contact

In accordance with the DPDP Act, 2023 and the Information Technology Act, 2000, you may contact our Grievance Officer for any privacy concern, rights request, or complaint:

• Grievance Officer: Nahid Saleem
• Email: grievance@influencermetric.in
• General privacy queries: privacy@influencermetric.in

We aim to acknowledge complaints promptly and resolve them within the timelines prescribed under applicable law.