Privacy Policy
Last Updated: April 1, 2026
1. Introduction
Conennect Ltd. ("Conennect," "we," "us," or "our") is committed to protecting the privacy of users of the Conennect platform ("Platform").
We are the data controller for the personal data we process. We are registered in England and Wales and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data We Collect
2.1. Information You Provide
- Account Information: Name, email address, password, country of residence, profile photo.
- Creator Profile Data: Portfolio content, social media handles, niche categories, skills, bio, payment information (processed by Stripe).
- Brand Profile Data: Company name, website, industry, billing information (processed by Stripe).
- Campaign Data: Campaign briefs, content deliverables, messages between Brands and Creators, feedback and reviews.
- Payment Data: Transaction amounts, payout history. We do not store full credit card numbers — all payment processing is handled by Stripe, Inc.
2.2. Information Collected Automatically
- Usage Data: Pages visited, features used, time spent on the Platform, click patterns.
- Device Data: IP address, browser type, operating system, device identifiers.
- Cookies: See our Cookie Policy for details.
2.3. Information from Third Parties
- Social Media Platforms: If you connect social media accounts, we may receive public profile data and content performance metrics.
- Payment Provider: Stripe may provide us with transaction confirmation data.
3. How We Use Your Data
| Purpose | Legal Basis (UK GDPR) |
|---|---|
| Providing and operating the Platform | Performance of contract (Art. 6(1)(b)) |
| Processing payments between Brands and Creators | Performance of contract (Art. 6(1)(b)) |
| AI-powered creator matching and recommendations | Legitimate interest (Art. 6(1)(f)) |
| Sending transactional emails | Performance of contract (Art. 6(1)(b)) |
| Sending marketing communications | Consent (Art. 6(1)(a)) |
| Analytics and Platform improvement | Legitimate interest (Art. 6(1)(f)) |
| Fraud prevention and security | Legitimate interest (Art. 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
4. AI Processing
4.1. Conennect uses artificial intelligence to provide features including campaign brief generation, creator-brand matching, product analysis, and creative strategy recommendations.
4.2. AI features process Campaign data, Creator profile data, and publicly available product information to generate recommendations. These are suggestions only and always subject to human review.
4.3. We do not use AI to make automated decisions that produce legal effects or similarly significant effects on users without human oversight.
5. Data Sharing
We share your personal data only in the following circumstances:
- Between Brands and Creators: When a Creator accepts a Campaign, relevant profile information is shared to facilitate the Campaign.
- Payment Processor: Stripe, Inc. processes all payments.
- Service Providers: We use third-party providers for hosting (Vercel), database (Supabase), analytics, and email services under data processing agreements.
- Legal Requirements: We may disclose data if required by law, court order, or governmental authority.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred.
We do not sell your personal data to third parties.
6. International Transfers
Your data may be processed in countries outside the United Kingdom, including the United States. We ensure appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions.
7. Data Retention
- Account data: Retained until account deletion, plus 12 months for legal compliance.
- Campaign data and Content: Retained for the duration of applicable usage rights, plus 24 months.
- Payment records: Retained for 7 years as required by UK tax and financial regulations.
- Usage and analytics data: Retained for 24 months in identifiable form, then anonymised.
8. Your Rights
Under the UK GDPR, you have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data ("right to be forgotten").
- Restriction: Request restriction of processing in certain circumstances.
- Portability: Receive your personal data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interest.
- Withdraw Consent: Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us at hello@conennect.com. We will respond within 30 days.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS/SSL) and at rest, secure authentication, access controls, and regular security reviews.
10. Children
The Platform is not intended for users under the age of 18. We do not knowingly collect personal data from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Platform.
12. Contact and Complaints
Conennect Ltd.
Email: hello@conennect.com
Website: conennect.com
If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):
Website: ico.org.uk
Phone: 0303 123 1113
Questions? Contact us at hello@conennect.com