NEXAFLOW INFLUENCER PRIVACY POLICY
Last Updated: December 2025
1. INTRODUCTION
1.1 Overview
This Influencer Privacy Policy explains how Nexaflow ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our platform as an influencer or content creator to participate in brand campaigns.
1.2 Commitment to Privacy
We are committed to protecting your personal information and handling your data with care and transparency. This policy describes our practices in accordance with applicable privacy laws, including the Australian Privacy Act 1988.
1.3 Scope
This Privacy Policy applies specifically to influencer accounts on the Nexaflow platform. It should be read in conjunction with our Website Privacy Policy and Influencer Terms and Conditions.
2. INFORMATION WE COLLECT FROM INFLUENCERS
2.1 Personal Account Information
When you create an influencer account, we collect:
Personal Details: Legal name, date of birth (for age verification), email address, and phone number.
Account Credentials: Username, password (encrypted), and security verification information.
Profile Information: Profile photo, biographical information, location, content niche/specialty, and professional background.
Identity Verification: We may request identification documents to verify you are at least 18 years old.
2.2 Social Media Connection Data
This is essential information for our platform functionality:
Platform Connections: Which social media platforms you connect (Instagram, Facebook, YouTube, TikTok).
Account Identifiers: Social media usernames, handles, account IDs, and profile URLs.
Account Verification Status: Whether your social media accounts are verified or authentic.
Connection Tokens: Secure OAuth tokens that enable us to access your authorized data (these are encrypted and securely stored).
2.3 Social Media Performance Data
When you connect social media accounts, we collect:
Audience Demographics: Location distribution, age ranges, gender distribution, and interests of your followers/audience.
Content Performance Metrics: View counts per post, engagement rates (likes, comments, shares), reach statistics, and historical performance data.
Predicted Views: The view counts you manually enter as your performance guarantee.
Profile Statistics: Follower/subscriber counts, account growth trends, and posting frequency.
2.4 Campaign Participation Data
As you engage with campaigns, we collect:
Campaign Applications: Which campaigns you apply to, your application messages, and availability selections.
Booking Information: Visit dates and times, publish dates, scheduling preferences, and booking confirmations.
Content Submissions: Post URLs, published content links, and collaboration tags.
Performance Tracking: Actual views delivered, engagement metrics, campaign completion status, and timeline adherence.
2.5 Communication Records
We store communications for service quality and dispute resolution:
Platform Messages: Conversations with businesses through our messaging system.
Support Requests: Communications with our support team.
Feedback and Reviews: Feedback you provide about campaigns or businesses.
2.6 Payment and Compensation Information
To process your earnings, we collect:
Bank Account Details: For direct deposit payments through Stripe (stored securely by Stripe).
Payment History: Records of campaign payments, store credit earned, and payment dates.
Tax Information: Tax identification numbers if required for compliance.
Payment Preferences: Your chosen payment methods and settings.
2.7 Usage and Device Data
We automatically collect technical information:
Platform Activity: Features used, campaigns viewed, time spent on platform, and interaction patterns.
Device Information: Device type, operating system, browser type, IP address, and unique device identifiers.
Location Data: General geographic location based on IP address (for matching you with relevant local campaigns).
2.8 Performance and Reputation Data
To maintain platform quality, we track:
Campaign Completion Rate: How many campaigns you complete vs. accept.
Booking Reliability: No-shows, cancellations, and punctuality.
Performance Score: Based on view delivery, engagement quality, and professionalism.
Business Ratings: Feedback and ratings from businesses you've worked with.
Warning History: Any under-delivery warnings or policy violations.
3. HOW WE USE YOUR INFORMATION AS AN INFLUENCER
3.1 Account Management
We use your information to create and maintain your influencer account, verify your identity and age, authenticate your account access, manage your profile and settings, and provide secure login functionality.
3.2 Social Media Integration and Verification
Your social media data enables us to verify your account authenticity and reach, calculate your predicted view capabilities, match you with appropriate campaigns based on audience demographics, track performance metrics for reputation building, and automatically update audience location data monthly.
3.3 Campaign Matching and Discovery
We use your information to show you relevant campaigns in your area and niche, match your audience demographics with business needs, filter campaigns you're eligible for, suggest campaigns aligned with your interests, and provide personalized campaign recommendations.
3.4 Booking and Scheduling
Your data helps us coordinate visit dates with business availability, manage your booking calendar, send reminders about upcoming visits and publish dates, facilitate rescheduling when needed, and track campaign timelines.
3.5 Performance Tracking and Verification
We use your performance data to verify actual views delivered against predicted views, track engagement metrics for quality assurance, maintain your performance score and reputation, identify consistent high-performers for agency recommendations, and provide businesses with reliable performance history.
3.6 Payment Processing
Your payment information enables us to process campaign compensation through Stripe, hold payments in escrow until campaign completion, release payments after verification period, manage store credit balances, and generate payment records for your reference.
3.7 Platform Improvement
We analyze aggregated influencer data to improve campaign matching algorithms, develop new features for influencers, enhance user experience and interface, identify platform usage patterns, and optimize booking and scheduling tools.
3.8 Communication and Support
We use your contact information to send campaign notifications and updates, facilitate communication with businesses, provide customer support and assistance, share platform updates and new features, and respond to your inquiries and feedback.
3.9 Quality Assurance and Compliance
Your information helps us enforce platform Terms and Conditions, monitor for fraudulent activity or fake engagement, maintain platform quality standards, resolve disputes with businesses, and ensure compliance with campaign requirements.
4. HOW WE SHARE YOUR INFLUENCER INFORMATION
4.1 With Businesses on the Platform
When you apply to campaigns or businesses view your profile, they can see:
Public Profile Information: Username/handle, profile photo, bio, location (city/region), and content niche.
Performance Metrics: Predicted views, historical performance score, audience demographics, and engagement quality indicators.
Campaign History: Number of completed campaigns, business ratings, and reliability metrics.
Application Details: Your availability, interest in their campaign, and any application messages.
4.2 With Ruygrok Marketing (Agency)
As the operator of Nexaflow, Ruygrok Marketing has access to your influencer data to verify predicted views and account authenticity, apply agency recommendation badges, provide profile guidance and feedback, ensure platform quality and compliance, and identify opportunities for professional development.
4.3 With Social Media Platforms
We interact with social media platforms through official APIs:
OAuth Authentication: To securely connect your accounts without accessing passwords.
Data Collection: To retrieve audience demographics, performance metrics, and account verification.
Token Refresh: To maintain authorized access to your public data.
This integration operates under each platform's respective privacy policies and terms of service.
4.3 With Payment Processors (Stripe)
We share necessary information with Stripe to process your campaign earnings, verify your bank account details (stored securely by Stripe), transfer payments to your account, handle payment disputes if needed, and maintain payment security. Stripe processes your payment information according to their privacy policy and PCI-DSS compliance standards.
4.4 With Service Providers
We share information with trusted third-party service providers:
Cloud Hosting: For secure data storage and platform infrastructure.
Analytics Services: To understand platform usage (aggregated data only).
Email Services: To send notifications and communications.
Customer Support Tools: To provide efficient support.
These providers are contractually obligated to protect your information and use it only for specified purposes.
4.5 Legal and Regulatory Requirements
We may disclose your information when required to comply with legal obligations and court orders, respond to lawful requests from authorities, protect rights, property, or safety of Nexaflow, businesses, or the public, enforce our Terms and Conditions, or investigate fraud or security issues.
4.6 Business Transfers
In the event of a merger, acquisition, or sale of assets, your influencer information may be transferred as part of that transaction. We will notify you of any such change and provide options regarding your information.
4.7 With Your Consent
We may share your information with other parties when you provide explicit consent for specific purposes, such as featuring your success story or participating in case studies.
4.8 What We Don't Share
We do not sell your personal information to third parties. We do not share your private contact details (email, phone) with businesses without your consent. Your bank account details remain secure with Stripe. Your private messages remain confidential except as required for dispute resolution.
5. SOCIAL MEDIA INTEGRATION - DETAILED EXPLANATION
5.1 OAuth 2.0 Authentication
What is OAuth? OAuth 2.0 is an industry-standard protocol that allows you to grant us limited access to your social media data without sharing your passwords. This is the same secure method used by many trusted applications.
How It Works: You click "Connect" on our platform, you're redirected to the social media platform (Instagram, Facebook, etc.), you log in to your social media account directly on their platform (not ours), you review and approve the permissions we're requesting, the platform provides us with a secure access token, and we use this token to collect only the approved data.
Security: Your social media password is never shared with or accessible by Nexaflow. Tokens are encrypted and securely stored. You can revoke access at any time through your social media settings or our platform.
5.2 Instagram Integration (via Meta)
When you connect Instagram, we collect:
Account Information: Instagram username, handle, account ID, and profile verification status.
Audience Demographics: Geographic distribution of your followers, age ranges, gender distribution, and primary audience locations.
Performance Metrics: View counts per post, reach statistics, engagement rates, and historical performance data.
Profile Statistics: Follower count, account type (personal, creator, business), and posting frequency.
What We Don't Collect: We do not access your direct messages, we do not collect your followers' personal information, we do not access private posts or stories, and we do not post on your behalf.
Data Updates: Audience demographics are automatically refreshed monthly to ensure accurate campaign matching. Performance metrics are fetched only when needed for verification.
5.3 Facebook Integration (via Meta)
When you connect Facebook, we collect:
Page Information: Facebook page name, page ID, and page verification status.
Audience Insights: Geographic distribution, age ranges, gender distribution, and audience interests.
Performance Metrics: Post reach, engagement rates, video views, and page insights.
What We Don't Collect: We do not access personal Facebook profile information (only business pages), we do not collect friend lists, and we do not access private messages.
5.4 YouTube Integration
When you connect YouTube (future functionality), we will collect:
Channel Information: Channel name, channel ID, subscriber count, and verification status.
Video Performance: View counts per video, watch time, engagement metrics, and audience retention.
Audience Demographics: Geographic distribution, age ranges, and viewer interests.
What We Won't Collect: We will not access private videos, will not collect viewer personal information, and will not post videos on your behalf.
5.5 TikTok Integration
When you connect TikTok (future functionality), we will collect:
Account Information: Username, account ID, follower count, and verification status.
Video Performance: View counts, engagement metrics, and video statistics.
Audience Insights: Geographic distribution and audience demographics where available.
What We Won't Collect: We will not access private videos, will not collect follower personal information, and will not post on your behalf.
5.6 Token Management and Security
Token Storage: Access tokens are encrypted using industry-standard encryption and stored in secure databases with restricted access.
Token Refresh: Tokens are automatically refreshed to maintain connection without requiring you to re-authenticate frequently.
Token Expiration: If you don't use the platform for extended periods, tokens may expire and require re-authentication.
Token Revocation: You can disconnect social media accounts at any time, which immediately revokes our access tokens.
5.7 Data Accuracy and Verification
Manual Verification: Our team manually reviews your predicted views by checking your recent posts to ensure accuracy.
Public View Requirement: Your post view metrics must remain public during verification periods for our team to verify your claims.
Conservative Estimates: We encourage you to provide conservative predicted view estimates to ensure consistent delivery.
Performance Tracking: Actual views are automatically fetched 7 days after content publication to verify performance.
5.8 Disconnecting Social Media
You have full control to disconnect social media accounts at any time through your profile settings. When you disconnect, we immediately revoke access tokens, stop collecting new data from that platform, and you become ineligible for new campaigns until reconnection. Some historical data may be retained as outlined in Section 6.
5.9 Platform Policy Compliance
We strictly comply with Meta API Policies (for Instagram and Facebook), YouTube API Services Terms (for YouTube integration), TikTok Developer Terms (for TikTok integration), and all applicable platform privacy policies.
We only request the minimum permissions necessary for our service, use data exclusively for authorized purposes, respect platform rate limits and usage guidelines, and regularly review and update our integrations to maintain compliance.
6. DATA RETENTION FOR INFLUENCER ACCOUNTS
6.1 Active Account Data
While your influencer account is active, we retain all information necessary to provide platform services, including profile information, social media connection data, campaign participation history, performance metrics, and payment records.
6.2 Social Media Data
Connected Account Data: Retained while social media accounts remain connected.
Historical Performance: Retained to maintain your reputation and performance history.
Audience Demographics: Updated monthly with the most recent data replacing old data.
6.3 Campaign and Performance Records
Completed Campaigns: Campaign participation records are retained indefinitely to maintain accurate business records, provide reliable influencer history to businesses, ensure payment accountability, and support dispute resolution.
Performance Scores: Your performance history is retained to maintain platform quality and help businesses make informed decisions.
6.4 Payment Records
We retain payment records for at least seven years to comply with financial record-keeping requirements, tax regulations, and accounting standards.
6.5 Account Closure
If you close your influencer account, we may retain certain information for legal compliance, financial record-keeping, fraud prevention, dispute resolution, and completed campaign obligations to businesses. You may request deletion of eligible data subject to these requirements.
6.6 Data Deletion Requests
You can request deletion of your influencer data at any time. We will honor deletion requests except where retention is required by law, for completed campaign records, for pending payments or disputes, or for fraud prevention purposes.
7. DATA SECURITY FOR INFLUENCER ACCOUNTS
7.1 Technical Security Measures
We implement comprehensive security measures to protect your personal information:
Encryption: All data transmission uses SSL/TLS encryption. Sensitive data (passwords, tokens) is encrypted at rest. Social media access tokens are encrypted using advanced encryption standards.
Secure Authentication: OAuth 2.0 for social media connections (you never share passwords with us). Encrypted password storage for platform accounts. Secure session management.
Access Controls: Influencer data is accessible only to authorized personnel. Role-based access restrictions. Regular access audits and monitoring.
Secure Infrastructure: Enterprise-grade cloud hosting with security certifications. Regular security patches and updates. Continuous monitoring for threats and vulnerabilities.
7.2 Payment Security
All payment information is processed through Stripe (PCI-DSS Level 1 compliant). We never store your complete bank account details. Payment tokens are encrypted and securely transmitted.
7.3 Social Media Token Security
OAuth tokens are encrypted and stored in secure databases. Tokens have limited permissions (read-only access to approved data). Automatic token refresh maintains security. Tokens can be immediately revoked by disconnecting accounts.
7.4 Your Account Security
You can enhance your account security by using strong, unique passwords, not sharing your account credentials, reviewing connected social media permissions regularly, monitoring your account activity for anything unusual, and reporting suspicious activity immediately.
7.5 Data Breach Notification
In the unlikely event of a data breach affecting your personal information, we will notify you promptly in accordance with applicable law, explain the nature of the breach and data affected, and describe steps being taken to address the situation and prevent future incidents.
8. YOUR PRIVACY RIGHTS AS AN INFLUENCER
8.1 Access to Your Information
You have the right to access all personal information we hold about you. You can view and download most information directly through your account dashboard, including profile details, connected social media accounts, campaign history, performance metrics, and payment records.
8.2 Correction and Updates
You can update most personal information directly through your profile settings, including personal details, profile information, and preferences. For social media data, disconnecting and reconnecting updates information. For information you cannot update directly, contact our support team.
8.3 Data Portability
You may request a copy of your influencer data in a structured, machine-readable format to enable transfer to another service if desired.
8.4 Deletion Rights
You may request deletion of your influencer account and associated data, subject to legal retention requirements for financial records, completed campaign obligations, payment processing requirements, and fraud prevention needs.
Campaign history may be retained as necessary for business record-keeping. You can delete your account through account settings or by contacting support.
8.5 Social Media Disconnection
You have the right to disconnect any or all social media accounts at any time through your profile settings or directly through the social media platform's app permissions.
Disconnecting removes our access to your social media data but may affect your eligibility for campaigns. Historical data may be retained as outlined in Section 6.
8.6 Marketing Communications
You can control communication preferences through account settings or unsubscribe links in emails. Transactional emails (campaign notifications, payment confirmations) cannot be disabled as they are essential for platform operation.
8.7 Exercising Your Rights
To exercise privacy rights, contact us at [Privacy Email] or through your account support portal. We will respond to requests within 30 days and verify your identity before processing requests affecting your account.
9. STRIPE PAYMENT INTEGRATION FOR INFLUENCERS
9.1 Payment Processing Overview
All influencer payments on Nexaflow are processed through Stripe, a certified PCI Service Provider Level 1 (the highest level of payment security certification).
9.2 Information Collected by Stripe
When you receive payments through our platform, Stripe collects and processes bank account information (for direct deposit), personal identification information (for identity verification and compliance), transaction details (amounts, dates, currency), device information (for fraud prevention), and IP address and browser information. This information is collected and stored directly by Stripe according to their privacy policy.
9.3 Information We Receive from Stripe
We receive only the information necessary for payment processing and record-keeping:
Payment Confirmations: Notification of successful payments.
Transaction Details: Date, amount, and currency of payments.
Account Status: Whether your payment account is properly set up.
Partial Account Information: Last four digits of account (for your reference).
We do not receive or store your complete bank account details.
9.4 Payment Security
Stripe maintains the highest payment security standards through PCI-DSS Level 1 compliance, encryption of all payment data, secure payment processing infrastructure, fraud detection and prevention systems, and identity verification for payment accounts. We do not have access to your complete bank account information at any point.
9.5 Stripe Connect
We use Stripe Connect to enable direct payments to influencers. This allows campaign payments to be transferred directly to your bank account. Your relationship with Stripe for payment processing is governed by Stripe's Connected Account Agreement and Privacy Policy (stripe.com/privacy).
9.6 Payment Eligibility
To receive monetary payments, influencers must have a predicted view count of 10,000 or more. A 2% processing fee is deducted from campaign budgets to cover payment processing costs. Influencers below 10,000 predicted views can participate in store credit campaigns only.
9.7 Tax Reporting
Depending on your earnings and location, you may need to provide tax identification information to Stripe for compliance with tax reporting requirements. Stripe may issue tax documents (such as 1099 forms in applicable jurisdictions) for your earnings.
10. PERFORMANCE TRACKING AND REPUTATION
10.1 Performance Metrics We Track
To maintain platform quality and help businesses make informed decisions, we track view delivery (predicted vs. actual views), engagement quality (likes, comments, shares), campaign completion rate, booking reliability (no-shows, cancellations), timeliness (meeting publish dates), and professionalism (communication quality).
10.2 Reputation Score
Your reputation score is calculated based on historical performance metrics, business ratings and feedback, campaign completion rate, booking reliability, and consistency of delivery. This score affects your visibility to businesses and agency recommendation eligibility.
10.3 Performance Verification
Actual views are automatically fetched 7 days after content publication using the post URL you provide. This data is compared to your predicted views to verify performance. Verification data is used for reputation scoring (not payment - you are paid based on your bid regardless of actual views).
10.4 Under-Delivery Tracking
While you are paid for completed campaigns regardless of views delivered, consistent under-delivery (actual views below 80% of predicted) affects your reputation through warning system (3 warnings lead to account review), temporary restrictions on new applications, potential adjustment of predicted views downward, and removal of agency recommendation badges.
10.5 Over-Delivery Benefits
Consistently exceeding predicted views results in improved reputation score, higher likelihood of agency recommendations, increased visibility to businesses, and priority for premium campaigns.
10.6 Business Ratings
After campaign completion, businesses may rate their experience working with you. These ratings contribute to your overall reputation and are visible to other businesses considering your applications.
11. THIRD-PARTY INTEGRATIONS SUMMARY
11.1 Social Media Platforms (Meta, YouTube, TikTok)
Purpose: Account verification, audience insights, and performance metrics.
Data Collected: Account details, audience demographics, performance metrics (as detailed in Section 5).
Security: OAuth 2.0 authentication, encrypted token storage, and read-only access.
Your Control: Disconnect at any time through profile settings or platform permissions.
11.2 Payment Services (Stripe)
Purpose: Processing campaign payments to influencers.
Data Collected: Bank account details, transaction information, identity verification (as detailed in Section 9).
Security: PCI-DSS Level 1 compliance, encrypted payment processing.
Your Control: Update payment methods through account settings.
11.3 Cloud Infrastructure
Your influencer data is stored on secure cloud infrastructure provided by trusted enterprise service providers. These providers are contractually obligated to maintain security and privacy standards.
11.4 Analytics Services
We use analytics services to understand platform usage and improve our services. These services receive only aggregated, non-personally identifiable information.
11.5 Communication Services
Email and notification services help us send campaign alerts, payment confirmations, and support communications. These providers are bound by strict data protection agreements.
12. INTERNATIONAL DATA TRANSFERS
12.1 Primary Operations
Nexaflow primarily serves influencers in Australia. However, some service providers (including social media platforms, payment processors, and cloud infrastructure) may store or process data internationally.
12.2 Data Storage Locations
Your influencer data may be stored and processed in countries including the United States (for social media APIs, Stripe, and cloud hosting), Singapore (for cloud infrastructure), Ireland (for social media platform data), and other locations where our service providers operate.
12.3 Safeguards for International Transfers
When transferring data internationally, we ensure appropriate safeguards through standard contractual clauses approved by regulatory authorities, service provider certifications meeting international security standards, and compliance verification through regular reviews.
12.4 Social Media Platform Data
Data collected through social media APIs is processed according to each platform's international data handling policies. Meta, YouTube, and TikTok have their own data transfer frameworks and compliance programs.
12.5 Data Protection Standards
Regardless of where data is stored or processed, we maintain consistent data protection standards aligned with Australian privacy law and international best practices.
13. CHANGES TO THIS PRIVACY POLICY
13.1 Policy Updates
We may update this Influencer Privacy Policy to reflect changes in our practices, legal requirements, social media platform policies, platform features, or industry standards.
13.2 Notification of Changes
For material changes, we will notify you through email to your registered email address, prominent notice on the platform dashboard, notification during your next login, and in-app alerts for significant changes.
The updated policy will show a new "Last Updated" date.
13.3 Review and Acceptance
We encourage you to review this Privacy Policy periodically. Continued use of the platform after changes constitutes acceptance of the updated policy. If you do not agree with changes, you may close your account.
13.4 Social Media Integration Changes
If we add new social media platform integrations or change how we collect data from existing platforms, we will notify you and obtain necessary consent before implementing changes.
14. CHILDREN'S PRIVACY
14.1 Age Requirement
Our influencer platform is designed for adults. Users must be at least 18 years of age. We do not knowingly collect information from individuals under 18.
14.2 Age Verification
We may request identification documents to verify you meet the age requirement. If we discover an account belongs to someone under 18, we will immediately terminate the account and delete associated data.
15. CONTACT INFORMATION AND SUPPORT
15.1 Privacy Inquiries
For questions about this Influencer Privacy Policy or how we handle your personal information: support@nexaflow.com.au
15.2 Data Protection Officer
For specific privacy-related matters, you may contact our Data Protection Officer at [DPO Email].
15.3 Influencer Support
For general influencer account support: support@nexaflow.com.au
15.4 Social Media Connection Issues
For technical issues with social media connections, contact support with details about the platform affected, error messages received, and when the issue started.
15.5 Response Timeframes
We aim to respond to privacy inquiries within 30 days and general support requests within 2 business days.
16. AUSTRALIAN PRIVACY COMPLIANCE
16.1 Australian Privacy Principles
We comply with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth), including principles relating to open and transparent management of personal information, anonymity and pseudonymity where practicable, collection of solicited information, dealing with unsolicited information, notification of collection, use and disclosure, data quality and security, and access and correction.
16.2 Privacy Complaints
If you have a complaint about how we handle your personal information:
Step 1: Contact our Privacy Team using the details in Section 15.
Step 2: We will acknowledge your complaint within 7 days.
Step 3: We will investigate and respond within 30 days.
Step 4: If unsatisfied, you may lodge a complaint with the Office of the Australian Information Commissioner.
16.3 Office of the Australian Information Commissioner
You may contact the OAIC:
- Website: oaic.gov.au
- Phone: 1300 363 992
- Email: enquiries@oaic.gov.au
-
17. ACKNOWLEDGMENT
By creating an influencer account and using the Nexaflow platform, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your personal information as described in this Influencer Privacy Policy.
You specifically acknowledge and consent to our collection and use of social media data through OAuth integrations, processing of payment information through Stripe, tracking of performance metrics for reputation purposes, and sharing of profile information with businesses on the platform.
© 2025 Nexaflow / Ruygrok Marketing. All rights reserved.
.png)