[go: up one dir, main page]

Last updated: 1 March 2026

Privacy Policy

This privacy policy explains how PlutoBa collects, uses, stores, and protects your information. We believe in transparency and have written this in plain English so you can understand exactly what happens with your data.

1. Who We Are

PlutoBa is a creator partnership platform. If you have any questions about this policy or your data, you can reach us via our contact form.

2. Information We Collect from Account Holders

Account Information

When you create an account, we collect your name, email address, and company name. This is used to identify you within the platform and communicate with you about your account.

Billing Information

Payments are processed by Stripe. We do not store your credit card details directly. Stripe securely handles your payment methods. We store a payment reference and the last four digits of your card for display purposes only.

Usage Data

We collect information about how you use PlutoBa, including features used, assessments run, and pages visited within the app. This helps us improve the service and resolve issues.

Team Information

If you create or join a team, we store team names, member roles, and workspace names to provide the collaborative features of the platform.

Communications

If you contact us for support or provide feedback, we retain those communications to help resolve your enquiries and improve our service.

3. Information We Collect About Creators

PlutoBa analyses publicly available data from social media platforms (TikTok, Instagram, and YouTube) to help our users assess creators for marketing partnerships. This is a core part of our service, and we take this responsibility seriously.

What We Collect

We collect publicly available information from creator profiles, including:

  • Usernames and display names
  • Profile pictures
  • Follower and following counts
  • Post content (text, captions)
  • Engagement metrics (likes, comments, shares, views)
  • Posting frequency and content categories

How We Collect It

This data is collected from public profiles via authorised third-party data services. We do not collect private messages, private account data, or data from non-public profiles.

How We Use It

Creator data is processed to generate assessment reports including partnership scores, engagement analysis, and risk flags. This data is associated with the team that added the creator and is not shared across teams.

Legal Basis

We process creator data under legitimate interest (Article 6(1)(f) GDPR). Our users have a legitimate business interest in assessing the authenticity and suitability of creators for marketing partnerships using publicly available information.

4. Information Collected Automatically

When you visit PlutoBa, we automatically collect:

  • IP addresses
  • Browser type and version
  • Device information
  • Cookies (see our Cookie Policy)
  • Log data for security and debugging purposes

5. How We Use Your Information

We use the information we collect to:

  • Provide and improve the PlutoBa service
  • Process payments and manage subscriptions
  • Send transactional emails (account, billing, and product notifications)
  • Generate creator assessment reports
  • Detect and prevent fraud and abuse
  • Comply with legal obligations

6. Third-Party Services

To operate PlutoBa, we share data with a limited number of third-party services. We only share the minimum data necessary for each function.

Payments are processed by Stripe - you can review their privacy policy at stripe.com/privacy. Beyond that, we use third-party services for transactional email delivery, public social media data collection for creator assessments, AI-powered analysis features, analytics and performance monitoring, and infrastructure hosting. All services are bound by data processing agreements and appropriate safeguards for international data transfers where applicable.

A full list of our sub-processors is available on request by contacting us via our contact form.

7. Data Retention

  • Account data: retained while your account is active, deleted within 90 days of account deletion
  • Creator data: retained while associated with an active team. When a creator is removed by the user, assessment data is retained for 30 days then deleted.
  • Billing records: retained for 7 years as required by UK tax and accounting regulations
  • Log data: retained for 90 days

8. Your Rights

Under UK and EU data protection law, you have the right to access, correct, or delete the personal data we hold about you. You can also request a portable copy of your data, object to how we process it, or ask us to restrict processing in certain circumstances. Where we rely on your consent to process data, you can withdraw that consent at any time.

To exercise any of these rights, contact us via our contact form. We will respond within 30 days.

9. Creator Rights

If you are a creator whose public data appears on our platform, you may contact us via our contact form to request removal of your data. We will process such requests within 30 days.

10. International Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers in accordance with applicable data protection laws.

11. Children

PlutoBa is not directed at individuals under 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will promptly delete it.

12. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be notified via email or in-app notification. Continued use of PlutoBa after changes are published constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this privacy policy or how we handle your data, you can reach us via our contact form.

We use cookies to keep PlutoBa running and to help us improve your experience. Read our cookie policy.