GDPR Compliance

Last updated: 5/24/2026

1. Your Rights Under GDPR

Brandfluence acts inherently as a Data Controller for your platform profile, and as a Data Processor scaling across Stripe components. Your explicit rights allow you to:

• The right to access: You may request a complete JSON payload of your internal database metrics (Campaigns, Transactions, Messages).
• The right to erasure (Right to be Forgotten): Requesting account deletion will systematically sever your OAuth binds across YouTube/Instagram/TikTok and terminate your Cloudinary CDN creative assets. *Note: Stripe dictates that payment history must be legally retained for financial compliance. This data cannot be forcefully purged.
• The right to object to processing: You may instantaneously revoke OAuth scopes blocking Brandfluence from reading live Social Metric algorithms via your individual settings portal.

2. Financial Data Retention

To adhere to global Money Laundering (AML) standards, transactions executed on the Brandfluence Master Ledger generating a Stripe PaymentIntent or Payout Transfer will be retained locally and within Stripe for a minimum of 7 years, circumventing standard Right-to-Erasure protocols.

3. Data Protection Officer (DPO)

If you have any questions regarding how your Social Auth Tokens are hashed, how your KYC identity verification routes securely through Stripe Connect, or how to invoke your GDPR rights, please contact our assigned Data Protection Officer at privacy@brandfluence.com.