Influx MENA
Log inGet started
Influx MENA
Log inGet started

Legal

Privacy Policy

Last updated: 21 April 2026

Draft notice. This policy is a working draft that must be reviewed by legal counsel familiar with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), the GDPR (where EU data subjects are involved), and relevant free-zone regulations before being relied on.

1. Who is the controller

Influx MENA - FZCO (“Influx”) is the data controller for personal data you provide through the platform. We are a Free Zone Company (FZCO) licensed by the Dubai Integrated Economic Zones Authority (IFZA), trade licence number 86452, registered at IFZA Properties, Dubai Silicon Oasis, Dubai, United Arab Emirates. For any privacy question or to exercise your rights, contact us at hi@influxmena.com.

2. What we collect

  • Account data: email, name, role (brand / creator / admin), password hash, 2FA settings, locale, timestamps.
  • Profile data: display name, bio, country, city, photo, languages, niches, platforms, content types, audience size, rates, portfolio items, trade licence details (for licensed Creators).
  • Shipping / delivery data (Creators only, for product-seeding campaigns): name, phone, address, shared with a Brand only when you are selected for that specific campaign.
  • Financial data: campaign budgets, platform fees, payout amounts, and (when wired) payment method identifiers processed by our payment provider. Influx does not store full payment card numbers.
  • Content: campaign briefs, submissions, messages, ratings, comments, portfolio uploads.
  • Usage & technical data: IP address, browser user-agent, approximate timestamps, limited activity logs (admin actions, logins, errors), cookies as described in our Cookies Policy.
  • Support data: the contents of messages you send us via the contact form or support channels.

3. How we use it

  • To provide and improve the platform.
  • To match Creators with relevant campaigns.
  • To process payments and payouts (where applicable).
  • To send transactional emails (verification, password reset, campaign updates, payment notices).
  • To send lifecycle / nurture emails you have opted into (see “Opt-out” below).
  • To prevent fraud, abuse, and keep the platform secure.
  • To comply with legal obligations (tax, KYC, law-enforcement requests).

4. Legal bases

We rely on (a) the performance of a contract with you, (b) our legitimate interests in operating and improving the platform, (c) your consent for marketing communications and optional cookies, and (d) legal obligations we are subject to.

5. Sharing

We share personal data only with:

  • Other Usersas needed for a campaign — e.g. a Creator's public profile is visible to Brands; a Brand's name and campaign brief are visible to matched Creators; shipping details are shared with a Brand only for selected seeding campaigns.
  • Service providers strictly to run the platform: cloud hosting (Railway), database (Neon), email provider (to be wired — Resend or similar), messaging provider (Meta WhatsApp Business API, once wired), payment provider (to be wired). Each is bound by contractual data protection terms.
  • Authorities when required by law, regulation, or a valid legal process in the UAE.

We do not sell personal data.

6. International transfers

Some of our service providers operate outside the UAE. When we transfer personal data internationally, we rely on contractual safeguards and, where required, additional measures appropriate to the destination jurisdiction. The specific list of sub-processors will be published before launch.

7. Retention

  • Account data: while your account is active + up to 24 months after closure.
  • Financial records: as required by UAE tax and accounting law (typically 5 years).
  • Content (submissions, messages): as long as relevant campaigns are active + 12 months.
  • Error logs and security logs: 30 days (error_logs table has enforced retention).
  • Token records: deleted automatically when they expire.

8. Your rights

Subject to applicable law, you have the right to:

  • Access a copy of your personal data — use the “Export my data” feature in your settings or request it via the contact page.
  • Correct inaccurate data — edit directly in your profile.
  • Delete your account — use “Delete account” in your settings (soft delete; financial records retained as required).
  • Object to processing for direct marketing (nurture / broadcast) — toggle off in Notification Preferences.
  • Withdraw consent where we rely on it.
  • Lodge a complaint with the relevant data protection authority.

9. Security

We apply reasonable technical and organisational safeguards including: hashed passwords (bcrypt, cost 12), HTTPS in transit, JWT-based authentication with token revocation, access controls, audit logging of admin actions, and encrypted database backups. No system is perfectly secure — we will notify affected Users of incidents as required by law.

10. Children

Influx is not intended for anyone under 18. If you believe a minor has created an account, please contact us so we can remove it.

11. Changes

We may update this policy. Material changes will be notified by email and in-app notice with reasonable advance notice.

12. Contact

Privacy questions or rights requests: via the contact page. A dedicated privacy email address will be published before launch.