Privacy Policy

Last updated: May 8, 2026

⚠️ This document is provided for transparency. It is not a substitute for legal advice; consult counsel for your specific situation.

What Kiki accesses about you

  • Public posts, engagement metrics, brand mentions, and follower demographics (via OAuth from connected platforms).
  • Email inbox — only if you connect it. Read-only. Kiki never sends on your behalf without your approval.
  • Brand contracts you upload — stored encrypted, never shared.
  • Payment info — handled by Stripe. We never see or store your card.

What Kiki NEVER accesses

  • Your DMs, private messages, or password.
  • Personal photos or drafts that you have not posted publicly.
  • Information about your followers beyond aggregate demographics.

Where your data lives

Stored encrypted in Supabase (US-East region) and processed by Anthropic for AI inference only. Not sold to brands. Not used to train shared models. Not shared with third parties except as needed to operate the service (Stripe, Resend, Cloudflare).

Your rights

  • Export all your data anytime: Settings → Privacy → Download my data.
  • Delete your account and all data: Settings → Privacy → Delete account (effective within 30 days).
  • GDPR / CCPA / LGPD compliant.

Cookies and tracking

We use minimal first-party analytics (page views and feature usage). No third-party ad pixels.

Updates to this policy

We'll email you 30 days before any material change.

1. Information We Collect

Account information: name, email, password (hashed), profile photo, social handles, niche, follower counts, business email forwarding address, payment details (processed by Stripe — we don't store card numbers).

Content you create: brand deals, contracts, invoices, link-in-bio pages, media kits, products, courses, AI conversations, uploaded media, and analytics from your connected platforms.

Automatically collected: IP address, browser type, device, pages visited, referrer, and basic usage analytics. We use cookies and localStorage for session, preferences, and (with consent) analytics.

From third parties: public profile data from Instagram, TikTok, YouTube, X, and Facebook when you connect them; payment status from Stripe; email engagement from Resend.

2. How We Use Information

  • Provide the service: run Kiki, generate content, route brand inquiries, deliver pages.
  • Personalize: tailor recommendations, rates, and outreach to your niche and audience.
  • Process payments and payouts.
  • Send service emails (always) and marketing emails (with your consent — opt out anytime).
  • Train and improve our models on aggregated, de-identified data only. We do NOT train on your private brand emails or contracts.
  • Detect abuse, fraud, and policy violations.
  • Comply with legal obligations.

3. Sharing

We share data only with:

  • Brands you choose to engage — your media kit and contact details when you submit them.
  • Subprocessors: Supabase (hosting + database), Stripe (payments), Resend (email), Cloudflare (CDN), OpenAI / Google / Anthropic (AI inference — content sent for processing is not retained for training under our enterprise terms).
  • Legal: when required by law, court order, or to protect rights.
  • Business transfer: if we are acquired, your data transfers under the same terms.

We never sell your personal information.

4. Your Rights

Depending on your jurisdiction (GDPR, CCPA, others) you may: access, correct, delete, port, restrict processing, object to processing, or withdraw consent. Use the in-app account deletion or email privacy@influki.com. We respond within 30 days.

5. Data Retention

Active accounts: as long as you use the service. Deleted accounts: 30 days for backups, then purged. Tax and financial records: 7 years (legal requirement). Anonymized analytics: indefinitely.

6. Security

Encryption in transit (TLS 1.3) and at rest (AES-256). Row-level security on every table. Two-factor authentication available. Annual third-party security review. Incident response within 72 hours of discovery.

7. International Transfers

Data is processed in the US and EU. We use Standard Contractual Clauses for EU→US transfers.

8. Children

Influki is not for users under 16. We delete known underage accounts immediately.

9. Changes

We'll notify you by email and in-app banner at least 14 days before material changes take effect.

Contact

Questions? Email legal@influki.com.