Loading
Loading
How Influencer OS collects, protects, and uses your data. Written to be read — not just to satisfy lawyers.
This policy governs how Influencer OS collects, processes, stores, and protects data belonging to creators, brands, and visitors who interact with our platform.
We have written this document to be genuinely readable — not to hide things in legal language. If something is unclear, email us at sushant@influenceros.in and we will explain it in plain English.
Influencer OS is built on Google Cloud Platform (Firebase and Firestore), inheriting Google's strict security baselines including SOC 2 Type II, ISO/IEC 27001, and enterprise-grade encryption.
Our application is currently under Meta's App Review process and is operated in Development Mode. During this phase, only explicitly approved test accounts can connect their Instagram.
ℹ️ Influencer OS is a creator business management platform — not a messaging automation tool. We do not send automated DMs to Instagram followers. We do not post content on behalf of creators. We exclusively READ data that creators explicitly authorise during Instagram login.
Influencer OS is a product developed and operated by Elivayt Brand Solutions. We build tools exclusively for Indian content creators to manage their brand collaboration business — media kits, deal tracking, contract generation, and invoice management.
We collect three categories of data, each for a specific purpose. We do not collect anything beyond what is listed here.
Collected only when creator explicitly connects their Instagram account. Fetched via official Instagram Graph API.
| Field | Why We Collect It |
|---|---|
| instagram_handle | Display on your media kit |
| follower_count | Media kit + IO Score calculation |
| engagement_rate | Calculated from your last 30 posts |
| top_cities | Audience demographics on media kit |
| male_pct / female_pct | Audience demographics |
| profile_picture_url | Display on media kit |
| meta_access_token | Stored encrypted. Used only to refresh your stats every 15 days. Never exposed to client side. |
✓ What we NEVER collect via Instagram:
Your DMs or message history · Your followers' identities or contact info · Story view identities · Any data not listed in the table above
Collected during onboarding. Stored in your creator profile.
| display_name | From Google account |
| From Google account | |
| whatsapp_number | For invoice contact info |
| bank_account_number | ENCRYPTED — invoice only |
| bank_ifsc | Invoice generation only |
| bank_name | Invoice generation only |
| content_rates | Displayed on your media kit |
| past_brands | Displayed on your media kit |
| niche / location | Displayed on your media kit |
🔒 Bank details are encrypted using AES-256 before storage. They are decrypted only inside Firebase Functions when generating your invoice PDF. They are never returned to the browser.
We use your data for exactly five purposes and nothing else:
Your Instagram stats and profile data are displayed on your public media kit page at influenceros.com/[handle]. Brands visit this page to see your verified audience data.
Your engagement rate, follower count, audience demographics, and deal history are combined into your IO Score — a credibility metric visible to brands on your media kit.
Your bank details and contact information are used exclusively to populate PDF contracts and invoices. They are never shared with brands or any third party.
We use Resend to send you important automated notifications, such as a welcome email upon registration and a confirmation email upon account deletion. These are transactional — not marketing. You cannot opt out of transactional emails while using the platform.
Every 15 days, we use your stored (encrypted) access token to fetch your latest Instagram stats and update your media kit automatically.
🚫 We never:
Influencer OS connects to Instagram exclusively via Meta's official Instagram Graph API. We do not use any scraping tools or unofficial methods.
| Permission | What It Does | What We Access |
|---|---|---|
| instagram_business_basic | Read creator profile | Username, follower count, profile photo, media count |
| instagram_business_manage_insights | Read audience analytics | Engagement rate, audience cities, gender split |
Our app is currently in Development Mode pending Meta's App Review. In Development Mode, only explicitly added Instagram Tester accounts can connect their Instagram. Full public access activates after Meta approves our app.
When you connect your Instagram, Meta provides us with a long-lived access token (valid 60 days). Here is exactly how we handle it:
| Layer | Technology | Standard |
|---|---|---|
| Data in transit | TLS 1.2+ with SHA-256 | All connections encrypted |
| Data at rest | Google Cloud AES-256 | Firestore default encryption |
| Sensitive fields | AES-256-CBC (App Layer) | Tokens + bank details double encrypted |
| Email delivery | SPF + DKIM + DMARC | Anti-spoofing via Resend |
| Authentication | Firebase Auth + Google OAuth | No passwords stored by us |
| File storage | Firebase Storage + signed URLs | PDFs expire after 30 days |
| API security | Firebase App Check | Only verified app can call Firestore |
Influencer OS runs entirely on Google Cloud Platform. Our database (Firestore), serverless functions (Cloud Functions), file storage (Cloud Storage), and authentication (Firebase Auth) all operate within Google's security perimeter, which maintains SOC 2 Type II, ISO/IEC 27001, and PCI-DSS compliance certifications.
Every creator's data is strictly isolated from every other creator's data at the database security rules layer — not just at the application layer.
This means even if there were a bug in our application code, Firestore's security rules would prevent one creator from accessing another's data.
// Creator can only read their own document match /creators/{creatorId} { allow read, write: if request.auth != null && request.auth.uid == creatorId; } // Sensitive fields can never be updated from client side // (tokens, bank details, plan)
Sensitive fields including meta_access_token, bank_account_number, and plan can only be written by Firebase Functions running as Admin SDK — never by the client browser directly.
| Data type | Retention period | Deletion method |
|---|---|---|
| Instagram stats | Until you disconnect Instagram | Automatic on disconnect |
| Access token | 60 days (Meta limit) | Auto-revoked + deleted on disconnect |
| Bank details | Until account deletion | Encrypted until deleted |
| Contracts/Invoices | Until account deletion | Automatic on account deletion |
You can request full deletion of your account and all associated data at any time. Here is exactly what happens:
To request deletion:
Email sushant@influenceros.in with subject: Data Deletion Request
We process all deletion requests within 30 days as required by law.
As a creator on Influencer OS, you have the following rights regarding your personal data:
Request a copy of all data we hold about you.
Update incorrect data directly in your dashboard at any time.
Request complete deletion of your account and all data.
Request your data in a machine-readable format (JSON).
Request we stop processing your data while a dispute is being resolved.
Object to how we process your data for specific purposes.
To exercise any of these rights, email sushant@influenceros.in or use the self-serve options in your account settings.
Influencer OS is an India-first platform. Our primary users are Indian creators and Indian brands. We are designed to comply with India's Digital Personal Data Protection Act 2023 (DPDPA).
Under the DPDPA:
We use the following third-party sub-processors to operate the platform. Each is contractually bound to our data protection standards.
| Sub-processor | Purpose | Data Shared | Location | Compliance |
|---|---|---|---|---|
| Google Firebase | Database, Auth, Storage, Functions | All platform data | Mumbai (asia-south1) | SOC 2, ISO 27001 |
| Resend | Transactional email delivery | Creator email, brand email, PDF attachments | USA (transit only) | SOC 2 Type II |
| Razorpay | Subscription payment processing | Creator name, email, payment amount | India | PCI-DSS, RBI |
| Meta Platforms | Instagram data source | OAuth token exchange only | USA | Meta Terms |
We do not use Google Analytics, Meta Pixel, or any advertising tracking sub-processors.
For any questions about this policy, your data, or our security practices: