MatchLitMatchLit
DashboardCreatorsCampaigns
Log InSign Up
MatchLitMatchLit

© 2024 MatchLit Platform. Precision Made AI.

PrivacyTermsAPI Status

Privacy Policy

Last updated: 2026-07-07

This Privacy Policy explains how MatchLit, Inc. ("MatchLit", "we", "us", or "our") collects, uses, shares, and protects personal information when you use the matchlit.ai website and the services we provide through it (the "Service"). It is incorporated into our Terms of Service. For the purposes of the EU and UK General Data Protection Regulation ("GDPR"), MatchLit is the controller of the personal data described here, except where we act as a processoron your behalf (for example, when a Brand, Creator, or Concierge processes another User's data through the Service in the course of a deal).

1. Who This Policy Covers

This Policy applies to Creators, Brands, Concierges, and visitors to the Service. If you access the Service on behalf of an organization, "you" also refers to that organization. The Service is not directed to children; see Section 13.

2. Information We Collect

Information you provide.

  • Account data — email address, password (stored in hashed form by our authentication provider), account type (Creator, Brand, or Concierge), and your acceptance of our Terms (including the date, IP address, and browser user-agent at acceptance).
  • Profile data — for Creators: display name, avatar, biography, location, categories, portfolio images, media kits, and self-reported audience metrics (such as follower counts and engagement rates); for Brands: company name and logo; for Concierges: display name and commission settings.
  • Deal and content data — deal proposals, budgets, deliverables and uploaded files, clickwrap contract acceptances (including the IP address and timestamp of signing), reviews and ratings, and any other content you submit.
  • Messages and attachments — the content of messages and files you exchange with other Users through the Service.
  • Payment and tax data — we do not store full payment-card numbers; card details are collected and processed directly by our payment processor (Stripe). We store transaction metadata such as amounts, currency, Stripe identifiers, payout and transfer records, and the tax information you provide or that is required for payouts and reporting (for example, W-9 / W-8 or VAT details).
  • Support and communications — information you provide when you contact us or respond to our emails.

Information we collect automatically.

  • Usage and device data — IP address, browser and device type, pages and features used, referring URLs, and approximate location derived from IP.
  • Logs and security data — server logs, error and diagnostic reports, and rate-limiting and abuse-prevention signals tied to your account or IP.
  • Cookies and similar technologies— see Section 4.

3. How We Use Your Information & Legal Bases

We use personal data for the purposes below. Where the GDPR applies, the legal basis for each purpose is shown in brackets.

  • Create and administer your account and provide the Service, including discovery, matching, deals, contracts, messaging, and payouts. [Performance of a contract]
  • Process payments, escrow, payouts, refunds, chargebacks, and fee calculations through our payment processor. [Performance of a contract; legal obligation]
  • Send transactional and service messages (for example, deal updates, payout notices, security alerts). [Performance of a contract; legitimate interests]
  • Prevent, detect, and investigate fraud, abuse, security incidents, and violations of our Terms, and to keep the Service safe. [Legitimate interests; legal obligation]
  • Meet legal, tax, accounting, and regulatory obligations, including tax reporting and anti-money-laundering and sanctions checks performed by us or our processors. [Legal obligation]
  • Operate, maintain, debug, and improve the Service, including error monitoring and analytics. [Legitimate interests]
  • Send optional marketing about features or offers, where permitted; you can opt out at any time. [Consent, or legitimate interests where allowed]

Where we rely on legitimate interests, we have balanced those interests against your rights. You may object to that processing as described in Section 10.

4. Cookies & Similar Technologies

We use strictly necessary cookies and similar technologies to authenticate you, keep you signed in, maintain session state, and protect the Service (for example, security and rate-limiting). These are required for the Service to function. Where we use any non-essential cookies or analytics that require consent under applicable law, we will ask for your consent and you can withdraw it at any time. You can also control cookies through your browser settings, though blocking essential cookies may break the Service.

5. How We Share Information

We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising as those terms are defined under California law. We disclose personal data only as follows:

  • With other Users, to run a deal. Creator profiles (name, avatar, bio, portfolio, categories, ratings) are visible to Brands and Concierges. When you enter a deal, the parties to that deal (Brand, Creator, and any brokering Concierge) can see the deal terms, deliverables, messages, and related information necessary to perform it.
  • With service providers (sub-processors).We share data with the vendors listed in Section 6 who process it on our behalf under contract and only on our instructions.
  • For legal reasons. We may disclose data to comply with law, regulation, legal process, or a lawful government request, or to protect the rights, property, or safety of MatchLit, our Users, or the public.
  • Business transfers. If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, personal data may be transferred as part of that transaction, subject to this Policy.
  • With your direction or consent. We share data as you direct or otherwise consent.

6. Sub-Processors

We rely on the following categories of service providers, who may process personal data on our behalf. Each provider's own privacy terms govern their processing.

ProviderPurpose
SupabaseDatabase, authentication, and file storage
Stripe (incl. Connect & Tax)Payments, escrow, payouts, and tax calculation
VercelApplication hosting and delivery
CloudflareDNS, CDN, and DDoS protection
ResendTransactional and notification email
InngestBackground job and workflow processing
SentryError monitoring and diagnostics
UpstashRate limiting and abuse prevention

We keep an up-to-date list of sub-processors and will provide it, or notice of changes, on request to hasan@matchlit.ai.

7. International Data Transfers

We and our sub-processors may process personal data in countries outside your own, including the United States. Where we transfer personal data out of the EEA, the UK, or Switzerland, we rely on a lawful transfer mechanism, such as the European Commission's Standard Contractual Clauses (and the UK Addendum), an adequacy decision, or a provider's certification under the EU-U.S. Data Privacy Framework, together with supplementary safeguards where appropriate. You may request more information about these safeguards using the contact details in Section 16.

8. Data Retention

We keep personal data for as long as your account is active and as needed to provide the Service. After that, we retain data only as long as necessary to comply with our legal, tax, accounting, and regulatory obligations, to resolve disputes, to prevent fraud and abuse, and to enforce our agreements. For example, transaction and tax records are typically retained for the period required by applicable tax and commercial law, and reviews are retained as an immutable record. When data is no longer needed, we delete or anonymize it.

9. Security

We use technical and organizational measures designed to protect personal data, including encryption in transit, row-level access controls, scoped access to files, restricted administrative access, and audit logging. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for notifying us promptly of any suspected compromise (see Terms §2).

10. Your Rights (EEA, UK & Similar Laws)

Depending on where you live, you may have the right to: access the personal data we hold about you; correct inaccurate data; delete your data; restrict or object to certain processing; receive a portable copy of the data you provided; and, where we rely on consent, withdraw that consent at any time (which does not affect processing before withdrawal). Where the Service provides in-app tools to export or delete your account data, you may use those; you may also contact us at hasan@matchlit.ai.

We will respond within the time required by law. You also have the right to lodge a complaint with your local data-protection supervisory authority (in Norway, Datatilsynet; in the UK, the Information Commissioner's Office), though we encourage you to contact us first so we can help.

11. Your Rights (California & U.S. State Laws)

If you are a California resident, the CCPA/CPRA gives you the right to know the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of recipients; to delete personal information; to correct inaccurate personal information; and to be free from discrimination for exercising these rights. We do not sellpersonal information and do not "share" it for cross-context behavioral advertising, so no opt-out of sale or sharing is needed; we do not use or disclose sensitive personal information beyond the purposes permitted without a right to limit. You may exercise these rights, or use an authorized agent to do so, by contacting hasan@matchlit.ai. We will verify your request as required by law. Residents of other U.S. states with comparable laws have similar rights, which we honor where they apply.

12. Automated Decision-Making & Matching

Creator-to-Brand discovery uses simple, weighted matching based on factors such as category relevance, stated audience and budget fit, profile completeness, and activity. We do not use profiling based on special categories of personal data, and we do not make decisions producing legal or similarly significant effects about you based solely on automated processing without a lawful basis and, where required, human review.

13. Children

The Service is intended only for users who are at least eighteen (18) years old. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact hasan@matchlit.ai and we will delete it.

14. Third-Party Links & Services

The Service may link to or rely on third-party sites and services (including the payment processor). We are not responsible for the privacy practices of third parties; their processing is governed by their own policies.

15. Changes to This Policy

We may update this Policy from time to time. If we make a material change, we will notify you by email or through the Service and update the "Last updated" date above. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy, to the extent permitted by law.

16. Contact Us

For questions about this Policy or to exercise your rights, contact our privacy team:

MatchLit, Inc. — Privacy

hasan@matchlit.ai

Legal: hasan@matchlit.ai