CreatorMarkt*Sign up

Privacy Policy · v2026-05-07

Privacy Policy

This policy explains what we collect, why we collect it, who we share it with, and what choices you have. We try to keep it short. If anything here is unclear, email us at privacy@creatormarkt.app.

1. Who is the data controller

CreatorMarkt, operator of creatormarkt.app, is the controller of personal data described below.

2. What we collect

From every user

  • Account info: name, email, password hash (we never see your plain password), profile image, and the role you choose at onboarding.
  • Communications you send us, including support emails.
  • Technical data: IP address, browser, device, pages visited. We use this to keep the service secure and to debug issues.
  • Cookies needed to keep you signed in. We do not run third-party advertising trackers.

From brands

  • Company name, website, industry, billing email, logo.
  • Payment info you put into Paystack's checkout. We do not see or store full card numbers — Paystack handles that and returns us a reference.

From creators

  • Display name, bio, niches, social handles, follower counts.
  • Bank code, account number, account name, and the Paystack recipient code we create from them — used solely to pay you out. We do not collect BVN, NIN, or any other identity documents.
  • The public URLs of posts you submit and the public metrics those posts publish (views, likes, comments, shares, saves).

3. Why we use it

  • Run the marketplace — match briefs to creators, hold escrow, release payouts, verify deliverables.
  • Keep the platform safe — prevent fraud, detect view-manipulation, enforce our Terms.
  • Communicate — transactional notifications about your briefs, applications, escrows, and payouts. We will only send marketing email if you opt in.
  • Comply with law — tax, anti-money-laundering, and lawful requests from regulators.

4. Legal bases (for users in jurisdictions that ask)

  • Performance of the contract you signed up to (running briefs, paying you).
  • Legitimate interest in keeping the service secure, debugging, and product analytics.
  • Consent — for any marketing email you opt into.
  • Legal obligation — KYC, tax, and AML rules.

5. Who we share it with

We only share what each provider needs:

  • Paystack — payment processing, payout transfers, and bank-account name resolution.
  • Apify and the public APIs of Instagram, TikTok, YouTube, X, and Facebook — to read public metrics from posts you submit.
  • Google — only if you sign in with Google, in which case Google sees your sign-in but no marketplace data.
  • Hosting and infrastructure — Hetzner (servers) and our database/queue infrastructure, all running on European servers we operate.
  • Email delivery — our SMTP provider for transactional email.
  • Authorities — if a court order, regulator, or law makes us.

We do not sell personal data. We do not share data with advertising networks.

6. The metrics we read from public posts

When a creator submits a post URL, we periodically read public metrics for that post (views, likes, comments, shares, saves) so we can verify delivery and compute bonus payouts. We do not read DMs, private followers, drafts, or any non-public data. If a post is taken down or made private the scraper will fail and we'll record that.

7. How long we keep it

  • Account data — while your account is active, plus 12 months after closure for dispute and audit windows.
  • Payment records, escrow ledger, and tax-relevant data — 7 years, as required by Nigerian tax law.
  • Bank details — for as long as you have payouts pending and 12 months after the last payout, then deleted unless we're legally required to keep them longer.
  • Logs — typically 90 days.

8. Security

Passwords are hashed with bcrypt. Connections are TLS-only. Access to production data is restricted to a small number of operators. We are progressively encrypting sensitive payout columns at rest. No system is bullet-proof, so we ask you to use a strong unique password and to report anything suspicious to security@creatormarkt.app.

9. International transfers

Our servers are in Europe; some sub-processors (e.g. Google for OAuth) are based in the US. Where we transfer personal data outside Nigeria or the EEA we rely on Standard Contractual Clauses or the sub-processor's own approved transfer mechanism.

10. Your rights

You can:

  • Access the personal data we hold about you.
  • Correct it.
  • Delete your account and the personal data tied to it (subject to the retention rules above for tax/payment records).
  • Export your data in a machine-readable form.
  • Object to processing based on legitimate interest.
  • Withdraw consent (for anything we relied on consent for).
  • Lodge a complaint with the Nigeria Data Protection Commission, or the data-protection authority in your country.

Email privacy@creatormarkt.app to exercise any of these. We respond within 30 days.

11. Cookies

We use first-party cookies for authentication and session management. We do not use advertising cookies. Disabling auth cookies will sign you out.

12. Children

CreatorMarkt is not intended for users under 18. We do not knowingly collect data from children.

13. Changes

We may update this policy. Material changes bump the version stamped above and we will ask you to re-accept on next sign-in.

14. Contact

privacy@creatormarkt.app for any privacy question, request, or concern.