Skip to content
Live
@lxcreative+89%24h@novafit_+1,247%30d@thepaleblueoot+56%24h@velocity_co+421%7d@peaklab.co+34%24h@trendkit.studio+187%7d@momentum.wave+62%24h@raze_studios+214%30d@signalroom+48%24h@pulse.house+312%7d@lxcreative+89%24h@novafit_+1,247%30d@thepaleblueoot+56%24h@velocity_co+421%7d@peaklab.co+34%24h@trendkit.studio+187%7d@momentum.wave+62%24h@raze_studios+214%30d@signalroom+48%24h@pulse.house+312%7d
INFLU
Get Started
Legal

Privacy Policy

Last updated: April 2026

Data Controller

INFLU is operated from London, United Kingdom. For any data-related enquiries, contact us at hello@influ.site.

Information We Collect

We collect three categories of data: (1) Public Instagram data — usernames, post metrics, engagement rates, follower counts, profile pictures, and content metadata. This data is publicly available on Instagram. (2) User account data — email address, name, role, billing information, and preferences you provide when creating an account. (3) Usage analytics — page views, feature usage, and interaction patterns to improve the platform.

Lawful Basis for Processing

We process data under three lawful bases: Legitimate interest for analysing publicly available social media data. Consent for account creation, cookie storage, and marketing communications. Contractual necessity for providing paid subscription services.

How We Process Data

Public Instagram data is collected, normalised, and scored using our proprietary algorithms. We analyse engagement rates, growth velocity, audience demographics, and content performance. We do not access private messages, direct messages, or any non-public content. All scoring is automated — no human reviews individual posts.

Data Storage and Security

Your data is stored across Supabase (primary database, EU-hosted), Vercel (application hosting, US edge network), and Cloudflare (CDN, global edge network). All data is encrypted at rest and in transit using industry-standard TLS 1.3 encryption. We implement role-based access controls, audit logging, and regular security reviews.

Data Retention

Account data is retained while your account is active plus 30 days after deletion. Public Instagram data is retained indefinitely as part of our analytics dataset. Usage analytics are retained for 12 months. You may request earlier deletion by contacting us.

Your Rights (GDPR Articles 13-22)

Under UK GDPR, you have the right to: access your personal data, rectify inaccurate data, erase your data ("right to be forgotten"), restrict processing, data portability, and object to processing. Creators can opt out of tracking via our opt-out page at /opt-out. To exercise any of these rights, contact hello@influ.site. We will respond within 30 days.

Cookies

We use essential cookies only: Supabase authentication session cookies, Cloudflare Turnstile for bot protection, and basic analytics. We do not use advertising cookies, tracking pixels, or third-party marketing cookies. You can control cookie settings through your browser.

Third-Party Services

We share data with the following processors: Supabase (database and authentication), Vercel (application hosting), Cloudflare (CDN and security), Stripe (payment processing), Sentry (error monitoring), and Resend (transactional email). Each processor operates under their own privacy policies and data processing agreements.

International Transfers

Some of our processors are based in the United States. Where data is transferred outside the UK, we rely on Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office to ensure adequate data protection.

Changes to This Policy

We may update this privacy policy from time to time. For material changes, we will notify registered users by email. The updated policy will be posted on this page with a new "last updated" date.

This privacy policy represents our best-effort compliance with UK GDPR. It does not constitute formal legal advice.

Start discovering