Privacy Policy

Version 2026-04-22 · Effective 2026-04-22

1. Data we collect

When you use Influencer Studio we collect:

  • Account data: email address, hashed password, name, avatar, country (derived from IP), payment gateway.
  • Payment data: handled by our payment providers (Stripe, Dodo, Lemon Squeezy, Whop, Creem, Goat). We store card-brand, last 4 digits, card fingerprint (a non-reversible identifier), and the card's country — never the full card number.
  • Fraud-prevention and dispute-evidence data: IP address, user-agent, device fingerprint (a SHA-256 hash of canvas / screen / timezone / UA signals), login history with timestamps, Terms of Service acceptance records (including typed-name e-signature and cryptographic document hash), and a sampled log of authenticated API requests.
  • Usage data: generated images, videos, and audio you create on the Service, and the associated credit ledger.
  • Attribution data: UTM parameters, referrer URL, and anonymous touchpoints captured from marketing links.

2. How we use your data

  • To provide and operate the Service.
  • To process payments and prevent fraud, including verifying card ownership and detecting repeat abuse.
  • To respond to payment disputes and chargebacks — see section 3.
  • To send transactional emails (receipts, security alerts, verification) and, if you opt in, marketing emails.
  • To comply with legal obligations.

3. Sharing during payment disputes

If you file a chargeback or your card issuer initiates a payment dispute, you authorise us to share the following evidence with our payment processor (Stripe/Dodo/Lemon Squeezy/Whop/Creem/Goat), your card issuer, and the card network (Visa, Mastercard, American Express, Discover, etc.):

  • Account email and verification status.
  • Signed Terms of Service acceptance record (version, typed-name signature, IP, user-agent, device fingerprint, document hash, HMAC signature).
  • Signed pre-purchase dispute-policy acknowledgement (same fields) captured seconds before the charge.
  • Purchase details (amount, currency, card brand and last 4, card fingerprint, IP and user-agent at checkout, Stripe charge / payment-intent IDs, receipt URL).
  • Login history with IP, user-agent, and device fingerprint for logins around the time of the disputed charge.
  • Credit-transaction ledger showing credits granted by the purchase and credits consumed after the purchase (including URLs to generated content).
  • A sampled activity log showing authenticated API usage after the purchase.
  • Evidence of prior successful payments on the same card fingerprint, if any.

The full list is published in our Dispute Policy.

4. Data retention

  • Account data: retained while your account is active, deleted 30 days after you request account deletion (longer if legal hold applies).
  • Dispute-evidence data (purchases, ToS acceptance, login events): retained for the lifetime of the account plus the statute of limitations for payment disputes (typically 2–7 years depending on jurisdiction and card network rules).
  • Activity log (sampled API requests): retained for 90 days.

5. Your rights

Depending on where you live, you may have rights under the GDPR, CCPA/CPRA, or similar laws to access, correct, delete, or export your personal data. To exercise these rights, email [email protected]. We may retain certain dispute-evidence records where we have a legitimate interest in fraud prevention.

6. Security

We use industry-standard measures to protect your data, including TLS in transit, encryption at rest for sensitive columns, password hashing with Argon2, HMAC-signed evidence records, and strict access controls for administrators.

7. Changes to this Policy

We may update this Privacy Policy. Material changes will be communicated via an in-app notice and a new acceptance record will be requested. The version string at the top identifies the currently effective Policy.

8. Contact

Privacy questions: [email protected].