Last updated: 2026-07-07
This Privacy Policy explains how MatchLit, Inc. ("MatchLit", "we", "us", or "our") collects, uses, shares, and protects personal information when you use the matchlit.ai website and the services we provide through it (the "Service"). It is incorporated into our Terms of Service. For the purposes of the EU and UK General Data Protection Regulation ("GDPR"), MatchLit is the controller of the personal data described here, except where we act as a processoron your behalf (for example, when a Brand, Creator, or Concierge processes another User's data through the Service in the course of a deal).
This Policy applies to Creators, Brands, Concierges, and visitors to the Service. If you access the Service on behalf of an organization, "you" also refers to that organization. The Service is not directed to children; see Section 13.
Information you provide.
Information we collect automatically.
We use personal data for the purposes below. Where the GDPR applies, the legal basis for each purpose is shown in brackets.
Where we rely on legitimate interests, we have balanced those interests against your rights. You may object to that processing as described in Section 10.
We use strictly necessary cookies and similar technologies to authenticate you, keep you signed in, maintain session state, and protect the Service (for example, security and rate-limiting). These are required for the Service to function. Where we use any non-essential cookies or analytics that require consent under applicable law, we will ask for your consent and you can withdraw it at any time. You can also control cookies through your browser settings, though blocking essential cookies may break the Service.
We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising as those terms are defined under California law. We disclose personal data only as follows:
We rely on the following categories of service providers, who may process personal data on our behalf. Each provider's own privacy terms govern their processing.
| Provider | Purpose |
|---|---|
| Supabase | Database, authentication, and file storage |
| Stripe (incl. Connect & Tax) | Payments, escrow, payouts, and tax calculation |
| Vercel | Application hosting and delivery |
| Cloudflare | DNS, CDN, and DDoS protection |
| Resend | Transactional and notification email |
| Inngest | Background job and workflow processing |
| Sentry | Error monitoring and diagnostics |
| Upstash | Rate limiting and abuse prevention |
We keep an up-to-date list of sub-processors and will provide it, or notice of changes, on request to hasan@matchlit.ai.
We and our sub-processors may process personal data in countries outside your own, including the United States. Where we transfer personal data out of the EEA, the UK, or Switzerland, we rely on a lawful transfer mechanism, such as the European Commission's Standard Contractual Clauses (and the UK Addendum), an adequacy decision, or a provider's certification under the EU-U.S. Data Privacy Framework, together with supplementary safeguards where appropriate. You may request more information about these safeguards using the contact details in Section 16.
We keep personal data for as long as your account is active and as needed to provide the Service. After that, we retain data only as long as necessary to comply with our legal, tax, accounting, and regulatory obligations, to resolve disputes, to prevent fraud and abuse, and to enforce our agreements. For example, transaction and tax records are typically retained for the period required by applicable tax and commercial law, and reviews are retained as an immutable record. When data is no longer needed, we delete or anonymize it.
We use technical and organizational measures designed to protect personal data, including encryption in transit, row-level access controls, scoped access to files, restricted administrative access, and audit logging. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for notifying us promptly of any suspected compromise (see Terms §2).
Depending on where you live, you may have the right to: access the personal data we hold about you; correct inaccurate data; delete your data; restrict or object to certain processing; receive a portable copy of the data you provided; and, where we rely on consent, withdraw that consent at any time (which does not affect processing before withdrawal). Where the Service provides in-app tools to export or delete your account data, you may use those; you may also contact us at hasan@matchlit.ai.
We will respond within the time required by law. You also have the right to lodge a complaint with your local data-protection supervisory authority (in Norway, Datatilsynet; in the UK, the Information Commissioner's Office), though we encourage you to contact us first so we can help.
If you are a California resident, the CCPA/CPRA gives you the right to know the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of recipients; to delete personal information; to correct inaccurate personal information; and to be free from discrimination for exercising these rights. We do not sellpersonal information and do not "share" it for cross-context behavioral advertising, so no opt-out of sale or sharing is needed; we do not use or disclose sensitive personal information beyond the purposes permitted without a right to limit. You may exercise these rights, or use an authorized agent to do so, by contacting hasan@matchlit.ai. We will verify your request as required by law. Residents of other U.S. states with comparable laws have similar rights, which we honor where they apply.
Creator-to-Brand discovery uses simple, weighted matching based on factors such as category relevance, stated audience and budget fit, profile completeness, and activity. We do not use profiling based on special categories of personal data, and we do not make decisions producing legal or similarly significant effects about you based solely on automated processing without a lawful basis and, where required, human review.
The Service is intended only for users who are at least eighteen (18) years old. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact hasan@matchlit.ai and we will delete it.
The Service may link to or rely on third-party sites and services (including the payment processor). We are not responsible for the privacy practices of third parties; their processing is governed by their own policies.
We may update this Policy from time to time. If we make a material change, we will notify you by email or through the Service and update the "Last updated" date above. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy, to the extent permitted by law.
For questions about this Policy or to exercise your rights, contact our privacy team: