Privacy Policy
Last updated: July 7, 2026 · Effective immediately
1. Introduction
Welcome to Love2Collab (“we”, “our”, or “us”). We operate the website at love2collab.com and the associated mobile and web applications (collectively, the “Platform”).
This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our Platform. It also explains your rights under the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000 and the IT (SPDI) Rules, 2011, and applicable international frameworks including the EU General Data Protection Regulation (GDPR).
By accessing or using the Platform, you agree to the collection and use of information in accordance with this Policy.
2. Who We Are (Data Fiduciary)
Love2Collab is an AI-powered influencer-marketing marketplace that connects Direct-to-Consumer (D2C) brands with micro-influencers (“Creators”) for paid collaboration campaigns.
Grievance Officer & Data Protection Officer
As required by the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and DPDPA 2023, our designated officer can be reached at:
- Name: Shuva Naik
- Designation: Grievance Officer & Data Protection Officer
- Email: [email protected]
- Platform: love2collab.com
- Acknowledgement: Within 24 hours of receipt
- Resolution: Within 15 calendar days
3. Data We Collect
3a. Information you provide directly
- Account data: name, email address, password (hashed), phone number, date of birth, and profile photo.
- Brand data: company name, GST number, website URL, industry, campaign budgets, and billing details.
- Creator data: social handles, niche, location, portfolio links, media kit, and bank account details for payouts.
- Communications: messages sent within the platform, support enquiries, and dispute submissions.
3b. Data from Facebook & Instagram (Meta Platforms)
When a Creator connects their Instagram account via Facebook Login for Business / Instagram Business Login, we request the following permissions from Meta:
| Permission / Scope | Why we need it |
|---|---|
| instagram_business_basic | Read your Instagram username, profile picture, follower count, and account type to create your creator profile. |
| instagram_business_manage_messages | Send automated welcome DMs to followers who interact with your campaign posts (only when you explicitly enable the Auto-DM feature). |
We do not access your private messages, post on your behalf without explicit action, or collect data beyond what is listed above.
The access token issued by Meta is stored encrypted and is used solely for the purposes described above.
3c. Usage & technical data
- IP address, browser type and version, device type, operating system.
- Pages visited, time spent, referring URLs, and click events.
- Cookies and similar tracking technologies (see Section 7 for our Cookie Policy).
4. How We Use Your Data
- Operate the platform: match brands with relevant creators, manage campaigns, process escrow payments, and automate payouts.
- Verify creator authenticity: use Instagram follower counts and engagement rates fetched via the API to display on your media kit and in brand discovery.
- Auto-DM feature: when enabled, use your Instagram messaging permission to send one automated DM to a follower who comments on a campaign post, as instructed by you.
- Payments: process campaign funding and creator payouts via Razorpay, using the banking details you provide.
- Fraud & security: detect abuse, enforce rate limits, and investigate disputes.
- Legal compliance: retain transaction records as required by Indian financial regulations (typically 7 years).
- Marketing (opt-in only): send you product updates and newsletters if you have subscribed.
5. How We Share Your Data
We do not sell your personal data. We share it only in the following circumstances:
- Brands & Creators: limited profile data (handle, follower count, niche, media kit) is visible to the other party in a campaign you participate in.
- Service providers: Supabase (database hosting), Vercel (cloud infrastructure), Razorpay (payment processing), SendGrid (transactional email), and Sentry (error monitoring). All processors are bound by data-processing agreements.
- Meta Platforms: we return audience and engagement data to the platform only through approved API calls; we do not share your data with Meta for advertising purposes.
- Legal requirements: if required by law, court order, or government authority.
6. Data Retention
- Active accounts: data is retained for as long as your account is active.
- Deleted accounts: profile data is removed within 30 days of account deletion; financial records are retained for up to 7 years for legal compliance.
- Instagram tokens: access tokens are deleted immediately when you disconnect your Instagram account or when Meta triggers a data-deletion callback.
7. Cookies
We use strictly necessary cookies (for authentication sessions) and optional analytics cookies. You can disable non-essential cookies in your browser settings. We do not use third-party advertising cookies.
8. Your Rights
Under the DPDPA 2023 and GDPR (where applicable), you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete your data (Right to Erasure / Right to be Forgotten).
- Withdraw consent at any time where processing is consent-based (e.g., disconnect Instagram).
- Data portability — request an export of your data.
- Object to processing for direct-marketing purposes.
- Lodge a complaint with the Data Protection Board of India or your local supervisory authority.
To exercise any of these rights, email [email protected]. We will respond within 7 business days.
9. Facebook / Instagram Data Deletion
If you remove the Love2Collab app from your Facebook account, Meta will automatically notify us via a data-deletion callback. We will immediately delete or anonymise all Facebook/Instagram data associated with your account.
You can also check the status of your deletion request or submit a manual request by emailing us.
10. Data Security
We implement industry-standard security controls including TLS encryption in transit, AES-256 encryption at rest for sensitive fields, row-level security on all database tables, rate limiting, input validation, and regular security reviews.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the Platform. Continued use of the Platform after changes constitutes acceptance of the updated Policy.
12. Contact Us
Grievance Officer & Data Protection Officer
- Name: Shuva Naik
- Designation: Grievance Officer & Data Protection Officer
- Email: [email protected]
- Platform: love2collab.com
- Acknowledgement: Within 24 hours
- Resolution: Within 15 calendar days