Privacy Policy

We collect the following categories of information:

• Account info — email, password (hashed), display name, account type, niche tags, location city/region/country.
• Brand info (if you're a brand) — company name, industry, website, logo, contact email, description.
• Profile content — bio, vibe tags, pinned posts, social account handles and follower counts pulled from public APIs you connect, audience demographics you provide.
• Connected platform data (OAuth) — when you choose to connect a social platform through OAuth (for example YouTube via Google, or Twitch), we read your account’s statistics (subscriber or follower count) and basic identity (your channel ID, handle, or username) for the sole purpose of showing a verified follower count on your Plug profile. We store only that count and handle. We do not read your videos, comments, messages, email, or any other private data, and we never post, change, or delete anything on your connected account. You can disconnect a platform at any time from your profile.
• Deal activity — offers sent and received, messages exchanged in deals, posts submitted for verification, ratings and testimonials.
• Payment info — handled by Stripe; we store identifiers (Stripe account IDs, payment intent IDs) but never card numbers or bank details.
• Usage data — pages visited, features used, IP address, browser and device info, error logs.
• Precise location (in-person deals only) — when you check in at an event venue or capture an event photo, we record your device’s GPS location and the time at that moment to confirm attendance. We collect this only when you actively check in or take a photo, and only for in-person appearance deals. It becomes part of that deal’s private record, visible to you, the other party to the deal, and Plug (for dispute review). The receipt and dispute views show your distance from the venue, not a map or street address.
• Push notifications — if you enable them, we store the push subscription your browser issues so we can deliver alerts. You can revoke it any time in your browser or notification settings.

We use your data to:

• Operate the marketplace — show profiles, match creators with brands, process deals
• Verify post delivery and trigger automatic refunds when posts come down early
• Process payments through Stripe and remit creator payouts
• Send transactional emails (offer received, deal accepted, payment events, etc.)
• Send product updates if you opt in
• Prevent fraud, abuse, and violations of our Terms
• Improve the product through aggregated analytics

We share data only as needed to operate the Service:

• With other users — your public profile (display name, bio, niche tags, social handles, ratings) is visible to other users of the marketplace.
• With Stripe — to process payments and manage creator payouts. See Stripe's privacy policy for how they handle data.
• With Supabase — our database and authentication provider. They process data on our behalf under their data processing agreement.
• With Vercel — our hosting provider, which handles HTTP traffic and deployment logs.
• With Resend (or our equivalent email provider) — to deliver transactional emails.
• With Cloudflare — for security, bot detection, and spam prevention, including the verification challenge on signup. This may process your IP address and request metadata.
• With our error-monitoring provider (Sentry) — to capture diagnostic and crash data, which can include IP address and device/browser details, so we can fix problems.
• With browser push services (such as Apple, Google, or Mozilla) — if you enable notifications, to deliver them to your device.
• With a mapping / geocoding provider — for in-person deals, venue addresses you enter are sent to a maps provider to validate and locate them.
• For legal reasons — when required by law, court order, or to investigate fraud or abuse.

We do not sell your personal data.

We use essential cookies to keep you signed in and to remember UI preferences. We may use minimal analytics cookies to understand product usage in aggregate. We do not run advertising trackers.

We retain your account data for as long as your account is active. After you close your account, we retain the minimum needed to comply with legal, tax, and dispute obligations (typically up to seven years for financial records). Deal history may be retained in anonymized form for analytics.

Depending on your jurisdiction, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your data (subject to legal retention requirements)
• Export your data in a portable format
• Object to certain processing
• Withdraw consent for marketing communications

To exercise any of these, email support@getplug.io. We'll respond within 30 days.

Deleting your data: you can delete your account yourself any time in Settings → Account → Delete account, or disconnect an individual platform in Profile → Platforms. Full step-by-step instructions — including data obtained from connected accounts like Facebook, Instagram, and Threads — are on our Data Deletion page.

Plug is not directed to children under 18. We do not knowingly collect personal data from minors. If you believe a minor has signed up, contact us and we'll remove the account.

Plug operates from the United States. If you access the Service from outside the U.S., your data will be transferred to and processed in the U.S. We rely on standard contractual clauses or equivalent safeguards where required by law.

We use industry-standard safeguards: encrypted connections (HTTPS), encrypted storage for sensitive fields, row-level security on the database, and limited access by Plug staff. No system is perfect; we'll notify affected users in the event of a breach that materially affects their data.

We may update this Privacy Policy over time. Material changes will be announced via email or in-app notice. Continued use of the Service after a change constitutes acceptance of the updated policy.

Privacy questions? Email support@getplug.io.