Privacy Policy

This Privacy Policy describes how Munk Media B.V. (“Munk Media”, “we”, “us”, “our”) collects, uses, shares, and protects personal data when you use the Munk Media influencer-marketing platform (the “Platform”), including the operator console (admin app), client dashboards, public APIs, and any related services.

Munk Media is the data controller for personal data processed about tenant users (clients of Munk Media), influencers who connect their social accounts to the Platform, and end-customers who interact with tracked content. Our registered office is [CONFIRM: registered office address, Amsterdam, the Netherlands].

For any privacy questions, contact us at [CONFIRM: privacy@munkmedia.app]. You may also contact our Data Protection Officer at [CONFIRM: privacy@munkmedia.app].

We collect the following categories of personal data.

2.1 Account & tenant-user data

• Name, email address, role on the tenant, and password (stored hashed via Supabase Auth).
• Profile metadata you choose to provide (display name, avatar).
• Authentication events (sign-in time, last-active timestamp, IP address hash for rate-limiting and abuse detection).
• Audit-trail records of significant actions you take in the Platform (e.g. creating a campaign, inviting a user).

2.2 Influencer-provided data

• Display name, primary handle, country code, language codes, category tags, and a free-text bio.
• Manager contact details (email and/or phone) — stored using envelope encryption (per-row data-encryption keys wrapped by a platform key kept in Supabase Vault).
• Tax / payout-relevant identifiers when the workflow requires them.

2.3 Connected social-account data

When you connect an Instagram or TikTok account to the Platform, you grant the relevant tenant permission to read the data the connected account makes available to authorised apps. The exact fields are listed in Sections 9 (Meta) and 10 (TikTok).

OAuth access and refresh tokens are stored using envelope encryption and decrypted only by server-side workers under audited service-role access.

2.4 Campaign performance & tracking data

• Click events on Munk-generated tracking links (timestamp, country, device class, anonymised referrer; we do not persist raw IP addresses).
• Sale and refund events received from connected commerce providers (order id, net amount, currency, customer-id pseudonym; customer email/name/avatar are redacted on receipt).
• Aggregated metrics (impressions, reach, engagement, sales attribution) per campaign and per influencer.

2.5 Technical & usage data

• Request logs, error reports (via Sentry, with PII scrubbing applied to known sensitive fields), and aggregate usage metrics.
• Information about your browser, device type, and operating system to deliver and secure the Platform.

We process personal data on the following legal bases (GDPR Art. 6).

3.1 Performance of contract (Art. 6(1)(b))

• To provide the Platform to tenant clients under the master services agreement.
• To authenticate users, route requests, and deliver campaign analytics.
• To process tracking-link clicks and attribute conversions.

3.2 Legitimate interests (Art. 6(1)(f))

• Security, abuse detection, audit logging, and platform integrity.
• Product analytics in aggregate form for service improvement.
• Communicating service updates and operational notices to tenant users.

3.3 Consent (Art. 6(1)(a))

• Connecting an Instagram or TikTok account (OAuth grant from the influencer).
• Optional marketing communications, where applicable.

Where we rely on consent, you may withdraw it at any time — see Section 6.

3.4 Automated decision-making

Some Platform features (e.g. AI-generated content tagging, fake-engagement detection, narrative summaries) involve automated processing. In line with GDPR Article 22, the Platform applies a human-gate before any automated decision is acted on against a data subject; outputs are surfaced as suggestions for tenant operators to confirm.

We do not sell personal data. We share personal data only with the sub-processors and third parties listed below, each of which is contractually bound to process the data only on our instructions and to maintain confidentiality and security:

• Supabase — primary database, authentication, and storage. Hosting region: [CONFIRM: EU (Frankfurt)].
• Upstash — managed Redis for queue + rate-limit state. Hosting region: [CONFIRM: EU].
• Resend — transactional email delivery (account invitations, deliverable approvals, system notifications).
• Dub — tracking-link creation and click event attribution.
• Sentry — error monitoring. PII scrubbing applied to known sensitive fields before transmission.
• Anthropic, OpenAI, Google — large-language-model providers used by AI features (content tagging, disclosure detection, narrative generation). All inputs pass through a PII redaction layer before dispatch.
• Meta Platforms (Instagram) — only the data the influencer explicitly authorises via OAuth; see Section 9.
• TikTok — only the data the influencer explicitly authorises via OAuth; see Section 10.
• Vercel — application hosting for the admin, dashboard, and API tiers.

We may disclose personal data when required by law (e.g. valid subpoena, regulatory request) or to protect the rights, property, or safety of Munk Media, our tenants, or others.

We retain personal data only for as long as necessary to provide the Platform and to comply with our legal obligations. Bounded retention windows apply across all entity classes; specific windows include:

• Account records: for the duration of your tenant’s contract plus a 24-month archival period.
• Campaign performance data: 36 months from creation, then aggregated.
• Story-format content (Instagram stories): 25 hours from capture, then purged automatically.
• Audit-trail records: 7 years to satisfy financial-audit requirements.
• Server logs: 30 days rolling.
• OAuth tokens: revoked and erased on disconnection or 30 days of inactivity, whichever is sooner.

When personal data is deleted, a tombstone record (without personal data) is retained so deletion can be audited and any backup restores honour the deletion.

Under the GDPR you have the right to:

• Access — request a copy of the personal data we hold about you (Art. 15).
• Rectification — correct inaccurate or incomplete data (Art. 16).
• Erasure — request deletion of your personal data (Art. 17), subject to legal-retention requirements above.
• Restriction — restrict processing in defined circumstances (Art. 18).
• Portability — receive your data in a portable, machine-readable format (Art. 20).
• Objection — object to processing based on legitimate interest (Art. 21).
• Withdraw consent — for processing based on consent (Art. 7(3)).
• Not be subject to a purely automated decision — see automated decision-making above (Art. 22).
• Lodge a complaint — with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.

To exercise these rights, email [CONFIRM: privacy@munkmedia.app]. We aim to respond within 30 days.

We apply appropriate technical and organisational measures, including:

• Default-deny row-level security on every tenant-scoped database table.
• Envelope encryption (per-row data-encryption keys wrapped by a platform key in Supabase Vault) on high-PII fields including manager contact details and OAuth tokens.
• HMAC + length-guarded constant-time signature verification on every inbound webhook.
• Append-only audit logs of significant events.
• Signed-URL-only access to private storage buckets; tenant-prefix isolation on storage objects.
• Bounded-retention enforcement via scheduled jobs (story-retention purge, deletion-tombstone reconciliation).

No system is fully secure. Notify us immediately at [CONFIRM: privacy@munkmedia.app] if you suspect a security incident involving your data.

Personal data is primarily hosted in the European Union. Where a sub-processor processes data outside the EEA (e.g. certain AI providers), transfers rely on:

• Adequacy decisions of the European Commission, where applicable;
• Standard Contractual Clauses (Module 2 or Module 3) executed with the sub-processor;
• Supplementary measures (encryption in transit and at rest, redaction at the source) where required by the Schrems II decision.

Where an influencer connects an Instagram Business or Creator account to the Platform, Munk Media accesses data from the Meta Graph API strictly under the influencer’s consent and within the scopes granted at the time of connection.

9.1 Data accessed

• Account profile metadata (id, username, account_type, followers_count, follows_count).
• Media items posted by the connected account (id, media_type, media_url, permalink, caption, timestamp).
• Insights for the connected account’s media (impressions, reach, replies, engagement metrics).
• Stories published by the connected account, captured during the ≤24-hour live window; story media is purged automatically per Section 5.

9.2 How we use Instagram data

• To populate the tenant’s campaign dashboards with performance metrics for the influencer’s collaborations with that tenant.
• To detect disclosure markers (e.g. #ad, #partner) in captions for compliance reporting.
• To compute aggregated influence and attribution metrics. Aggregated metrics may be retained beyond the windows in Section 5 only in fully anonymised form.

9.3 How we store Instagram data

• OAuth access and refresh tokens are stored encrypted (envelope encryption with keys in Supabase Vault) and accessed only by audited server-side workers.
• Media URLs and insight rows are stored in the tenant-scoped Supabase database with row-level security.
• Story media binaries are cached for processing and purged within 25 hours.

9.4 Sharing of Instagram data

Instagram data is shared only with the tenant on whose campaigns the influencer is engaged, and with the sub-processors listed in Section 4 to the extent strictly necessary to provide the Platform. Instagram data is never sold, never used for advertising targeting, and never shared with third-party data brokers.

9.5 Deletion & revocation

• You may revoke the Instagram connection at any time from your Munk Media account or from your Instagram settings (Apps and Websites).
• Upon revocation, we erase OAuth tokens immediately and purge non-aggregated Instagram-derived rows within 30 days.
• If you delete your Meta account, Meta sends a Data Deletion Request to our callback at /api/integrations/meta/data-deletion; we honour the request within the timeframe required by the Meta Platform Terms. You can also check the status of an active request at /legal/data-deletion-status/<your-reference-code>.
• You can also send a manual deletion request to [CONFIRM: privacy@munkmedia.app].

9.6 Meta Platform Terms compliance

Munk Media’s use of information received from the Meta Platform adheres to the Meta Platform Terms and Developer Policies, including the Limited Use requirements where applicable. We do not transfer Meta-derived data to any data broker; we do not use Meta-derived data for credit, employment, insurance, or housing decisions; we do not use Meta-derived data to build advertising profiles outside the scope of the connected tenant’s campaign analytics.

Where an influencer connects a TikTok account to the Platform, Munk Media accesses data via the TikTok for Developers (Business) API strictly under the influencer’s consent and within the scopes granted at the time of connection.

10.1 Data accessed

• Account profile metadata (open_id, union_id, display_name, avatar_url, follower_count, following_count, likes_count).
• Video posts by the connected account (id, share_url, embed_html, video_description, title, duration, view_count, like_count, comment_count, share_count).
• Insights for the connected account’s posts where the granted scopes permit.

10.2 How we use TikTok data

• Same purposes as Instagram data above — to populate campaign dashboards, detect disclosure markers, and compute attribution.

10.3 Storage, sharing & deletion

• OAuth tokens stored encrypted (envelope encryption); access tokens refreshed on schedule.
• Sharing limited to the connected tenant and the sub-processors in Section 4.
• Revoke the connection at any time from your Munk Media account or your TikTok settings (Manage app permissions).
• Upon revocation, OAuth tokens are erased immediately and non-aggregated TikTok-derived rows are purged within 30 days.

10.4 TikTok Developer Terms compliance

Munk Media’s use of information received from the TikTok Platform adheres to the TikTok Developer Terms of Service and the relevant TikTok Platform policies. We do not sell, license, or transfer TikTok-derived data to any third party other than the connected tenant and the sub-processors strictly required to deliver the Platform. We do not use TikTok-derived data for advertising targeting outside the scope of the connected tenant’s campaign analytics.

The Platform uses strictly-necessary cookies for authentication (Supabase session cookies) and CSRF protection. We do not use third-party advertising cookies. Tenants may operate tracking on their own properties; that tracking is governed by the tenant’s own privacy notice, not this Policy.

The Platform is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

We may update this Policy from time to time to reflect changes in our practices, legal requirements, or sub-processors. The “Last updated” date at the top reflects the most recent revision. Material changes will be notified to tenant administrators by email at least 30 days before they take effect.

Munk Media B.V.
[CONFIRM: registered office address, Amsterdam, the Netherlands]
Privacy: [CONFIRM: privacy@munkmedia.app]
Data Protection Officer: [CONFIRM: privacy@munkmedia.app]