Privacy Policy

This Privacy Policy describes how Wismify ("we", "our", "us", or "the Company") collects, uses, stores, shares, and protects personal data when you visit our websites (wismify.com, hub.wismify.com), use our applications (Wismify Hub, Wismify CX), or interact with our services (collectively, the "Services").

By accessing or using any of our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this policy, please do not use our Services.

1. Data Controller

The data controller responsible for the processing of personal data is:

• Company name: Wismify
• Website: https://wismify.com
• Application: https://hub.wismify.com
• Contact email: privacy@wismify.com
• Data Protection Officer: dpo@wismify.com

2. Personal Data We Collect

We collect and process different categories of personal data depending on how you interact with our Services:

2.1. Account Information

When you create an account or are registered on Wismify Hub, we collect:

• Full name
• Email address
• Password (encrypted)
• Phone number (optional)
• Profile picture / avatar
• Role type (Administrator, Employee, Brand, Creator)
• Company or brand name (for Brand accounts)
• Artist/creator name (for Creator accounts)
• Location and country
• Professional categories and interests
• Bio and profile description

2.2. Social Media Data

When you connect your social media accounts to Wismify Hub (via OAuth authorization), we may collect the following data from third-party platforms including but not limited to Meta (Instagram/Facebook), TikTok, and YouTube (Google):

• Profile information: username, display name, profile picture, bio, account type (personal/business/creator), follower/following count
• Content data: posts, stories, reels, videos, captions, hashtags, mentions, media URLs, publication dates
• Engagement metrics: likes, comments, shares, saves, views, impressions, reach, engagement rate
• Audience demographics: aggregated data about followers' age ranges, gender distribution, geographic location (city/country), and active hours
• Account insights: account growth metrics, content performance analytics, audience retention data
• Media assets: images, video thumbnails, and media files associated with content posts

We only access data that you have explicitly authorized through the OAuth consent flow of each respective platform. You can revoke access at any time (see Section 9).

2.3. Campaign and Business Data

When using Wismify Hub for campaign management, we collect:

• Campaign details (name, objectives, dates, budgets, briefs)
• Deliverable information (content types, deadlines, status)
• Financial data (rates, invoicing information, payment records)
• Communication records between parties within the platform
• Content submissions and approval workflows
• Contract and agreement status

2.4. Technical Data

When you visit our websites or use our applications, we automatically collect:

• IP address
• Browser type and version
• Operating system
• Device type and screen resolution
• Referring URL
• Pages visited, time spent, and navigation patterns
• Approximate geographic location (city/country level, derived from IP)
• Date and time of access

2.5. Communication Data

When you contact us or submit forms, we collect:

• Email address
• Name
• Message content
• Any attachments you provide

3. How We Use Your Data

We process personal data for the following purposes:

3.1. Service Provision

• Creating and managing user accounts
• Authenticating users and maintaining secure sessions
• Providing the Wismify Hub campaign management platform
• Displaying social media analytics and performance metrics
• Enabling collaboration between agencies, brands, and creators
• Processing campaign workflows, deliverables, and approvals
• Managing billing and financial transactions

3.2. Social Media Integration

• Retrieving and displaying social media metrics to authorized platform users
• Generating analytics reports for campaign performance tracking
• Providing audience insights for campaign planning and optimization
• Verifying creator account authenticity and reach metrics

3.3. Communication

• Sending service-related notifications (campaign updates, deadline reminders)
• Responding to inquiries and support requests
• Sending account security notifications

3.4. Improvement and Analytics

• Understanding usage patterns to improve the platform
• Diagnosing technical issues and ensuring system stability
• Developing new features based on aggregated usage data

3.5. Legal and Security

• Complying with legal obligations
• Protecting against fraud, abuse, and unauthorized access
• Enforcing our Terms of Service

4. Legal Basis for Processing

We process personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

• Consent (Art. 6(1)(a) GDPR): When you explicitly authorize the connection of your social media accounts, submit forms, or opt-in to communications.
• Performance of a contract (Art. 6(1)(b) GDPR): When processing is necessary to provide our Services, manage your account, and fulfill our obligations under the Terms of Service.
• Legitimate interest (Art. 6(1)(f) GDPR): For platform security, fraud prevention, service improvement, and analytics, where such interests are not overridden by your data protection rights.
• Legal obligation (Art. 6(1)(c) GDPR): When processing is required to comply with applicable laws, regulations, or legal proceedings.

5. Social Media Platform Integrations

Wismify Hub integrates with the following social media platforms through their official APIs:

5.1. Meta (Instagram / Facebook)

We use the Instagram Graph API and Facebook Graph API to access data from Instagram Business and Creator accounts that you explicitly connect. Data accessed includes profile information, media posts, engagement metrics, and audience insights.

Our use of information received from Meta APIs adheres to the Meta Platform Terms and Meta Developer Policies, including the Limited Data Use requirements.

5.2. TikTok

We use the TikTok API for Business to access data from TikTok accounts that you explicitly connect. Data accessed includes profile information, video posts, engagement metrics, and audience demographics.

Our use of TikTok data complies with TikTok's API Terms of Service and TikTok's Privacy Policy.

5.3. YouTube (Google)

We use the YouTube Data API and YouTube Analytics API to access data from YouTube channels that you explicitly connect. Data accessed includes channel information, video posts, engagement metrics, and audience demographics.

Our use of YouTube data complies with YouTube API Terms of Service and Google's Privacy Policy. By using our Services that integrate with YouTube, you also agree to be bound by the YouTube Terms of Service.

5.4. Data Access Scope

For each social media platform integration, we request only the minimum permissions necessary to provide our Services. You will be shown the specific permissions requested during the OAuth authorization flow and can choose to accept or decline.

We do not:

• Post content on your behalf without explicit authorization
• Access private/direct messages
• Sell your social media data to third parties
• Use your data for advertising targeting purposes
• Transfer data to data brokers
• Use data for surveillance purposes

6. Data Sharing and Disclosure

We may share your personal data in the following circumstances:

6.1. Within the Platform

• Agency staff (Administrators and Employees) may view creator profiles, brand information, and campaign data necessary for campaign management.
• Brands may view profiles of creators assigned to their campaigns, including public social media metrics.
• Creators may view campaign briefs and brand information for campaigns they are assigned to.

6.2. Service Providers

We use trusted third-party service providers to operate our Services:

• Supabase (Supabase Inc.): Database hosting, authentication, and file storage. Data is stored in secure, encrypted cloud infrastructure.
• Vercel (Vercel Inc.): Application hosting and content delivery.
• Meta Platforms, Inc.: Social media API access for Instagram/Facebook data.
• ByteDance / TikTok: Social media API access for TikTok data.
• Google LLC: Social media API access for YouTube data and fonts delivery.

These providers process data on our behalf and are contractually obligated to protect your data in accordance with applicable privacy laws.

6.3. Legal Requirements

We may disclose your data when required to:

• Comply with applicable laws, regulations, or legal process
• Respond to lawful requests from public authorities
• Protect the rights, property, or safety of Wismify, our users, or others
• Enforce our Terms of Service

6.4. Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

6.5. No Sale of Personal Data

We do not sell, rent, or trade your personal data to third parties for their marketing or commercial purposes.

7. Data Storage and Security

7.1. Data Storage

Your personal data is stored on secure servers provided by Supabase (cloud infrastructure). Data may be stored and processed in the European Union and/or the United States, depending on the infrastructure provider's server locations.

7.2. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure password hashing using industry-standard algorithms
• Role-based access controls (Row Level Security) ensuring users only access authorized data
• Regular security assessments and monitoring
• Secure OAuth 2.0 token management for social media integrations
• HTTP-only secure cookies for session management
• Automatic session expiration and token refresh mechanisms
• Server-side authentication middleware

7.3. Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by GDPR Article 33 and 34.

8. Data Retention

We retain personal data for the following periods:

• Account data: For the duration of your account and up to 30 days after account deletion, to allow for account recovery.
• Social media data: Refreshed periodically while your social accounts are connected. Deleted within 30 days of disconnecting the integration or deleting your account.
• Campaign data: Retained for the duration of the campaign plus 2 years for reporting and legal compliance purposes.
• Financial/billing data: Retained for the period required by applicable tax and accounting regulations (typically 5-7 years).
• Technical logs: Retained for up to 90 days for security and debugging purposes.
• Communication data: Retained for as long as necessary to address your inquiry, plus up to 12 months for quality assurance.

After the applicable retention period, data is securely deleted or anonymized.

9. Your Rights

Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, you have the following rights:

• Right of Access (Art. 15 GDPR): You have the right to obtain confirmation of whether your personal data is being processed and to access a copy of that data.
• Right to Rectification (Art. 16 GDPR): You have the right to request correction of inaccurate personal data or completion of incomplete data.
• Right to Erasure (Art. 17 GDPR): You have the right to request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
• Right to Restriction (Art. 18 GDPR): You have the right to request restriction of processing in certain circumstances.
• Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, machine-readable format.
• Right to Object (Art. 21 GDPR): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory data protection authority.

9.1. Revoking Social Media Access

You can disconnect your social media accounts from Wismify Hub at any time by:

• Going to your profile settings in Wismify Hub and disconnecting the account
• Revoking access directly from the social media platform's settings:
  • Instagram/Facebook: Settings → Security → Apps and Websites → Remove Wismify
  • TikTok: Settings → Security → Manage app permissions → Remove Wismify
  • YouTube/Google: Google Account → Security → Third-party apps with account access → Remove Wismify

Upon disconnection, we will cease accessing new data from that platform and delete the stored data within 30 days.

9.2. Data Deletion Requests

To request complete deletion of your personal data from our systems:

• Send an email to privacy@wismify.com with the subject "Data Deletion Request"
• Visit our Data Deletion page for detailed instructions
• For Meta-specific data deletion, use our automated data deletion callback

We will process your deletion request within 30 days and confirm completion via email.

9.3. Exercising Your Rights

To exercise any of the above rights, contact us at:

• Email: privacy@wismify.com
• DPO: dpo@wismify.com

We will respond to your request within 30 days. We may request verification of your identity before processing your request.

10. Cookies and Similar Technologies

Our Services use cookies and similar storage mechanisms. For detailed information, please refer to our Cookies Policy.

Summary:

• Essential cookies: Required for authentication, session management, and core functionality.
• Functional cookies: Used to remember user preferences and settings.
• We do not use advertising, marketing, or third-party tracking cookies.

11. International Data Transfers

Your personal data may be transferred to and processed in countries outside of the European Economic Area (EEA), including the United States, where our infrastructure providers operate. When such transfers occur, we ensure adequate protection through:

• EU Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission
• The EU-U.S. Data Privacy Framework, where applicable
• Binding Corporate Rules of our service providers

12. Children's Privacy

Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data promptly.

If you believe we have inadvertently collected data from a child under 16, please contact us at privacy@wismify.com.

13. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you. Any analytics or metrics displayed in the platform are informational and do not constitute automated decisions about individuals.

14. Third-Party Links

Our Services may contain links to third-party websites and services. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party services you access through our platform.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes:

• We will update the "Last updated" date at the top of this policy
• For significant changes, we will notify registered users via email
• Continued use of our Services after changes constitutes acceptance of the updated policy

16. Contact Us

For any questions, concerns, or requests related to this Privacy Policy or our data processing practices, please contact us at:

• General inquiries: privacy@wismify.com
• Data Protection Officer: dpo@wismify.com
• Legal department: legal@wismify.com
• Website: https://wismify.com