tokwork

Privacy Policy

Last updated: November 2025

1. Introduction & Controller Details

Tokwork ("we", "our", or "us") provides global social media marketing and content collaboration services. This Privacy Policy explains how we collect, use, share, and protect your personal information and describes your rights and choices under different jurisdictions.

  • Data Controller: [Company legal name], Registered address: [address], Contact: privacy@[your-domain]
  • EU/UK users: Where applicable, we will appoint an EU/UK representative and/or Data Protection Officer (DPO). Representative/DPO contact: [placeholder]

2. Categories of Information We Collect

Account & Identifiers

  • Email (for account creation and magic link authentication)
  • Display name, username, and avatar
  • Business details (brand, website domain, settlement information)

Social Media & Content Data

  • Authorized social account basics (username, follower count, profile image)
  • Posted content and engagement metrics (views, likes, comments, shares)
  • OAuth access tokens (stored securely and never shared)

Usage & Technical Data

  • Site interaction and activity logs
  • Device and browser information, IP address, and approximate location
  • Preference settings and feature usage

We do not intentionally collect special categories of data (e.g., health, religion, racial/ethnic origin). If such data is necessary, we will obtain your explicit consent and implement additional safeguards.

3. Purposes of Processing & Legal Bases

We process data for the following purposes:

  • Providing and maintaining the service (accounts, authentication, campaign management, settlement, and commission calculation)
  • Content suggestions and performance analytics (with appropriate privacy measures)
  • Customer support and service communications
  • Security, fraud prevention, compliance, and audit

In the EU/UK, our legal bases include: performance of a contract, consent, compliance with legal obligations, and our legitimate interests (balanced against your rights and freedoms).

4. Sharing & Disclosure

We share information with:

  • Businesses: Influencer performance metrics and aggregated campaign data
  • Influencers: Campaign details, earnings, and settlement information
  • Service Providers (Processors): Payments, email, cloud, and AI providers—only as necessary to deliver the service
  • Social Platforms: Via official APIs for data retrieval and tracking

We do NOT:

  • Sell your personal information
  • Share your OAuth tokens with anyone
  • Use your data for purposes not disclosed in this policy

We enter into Data Processing Agreements (DPAs) with processors and require appropriate security and confidentiality measures.

5. Security Measures

  • Transport encryption (HTTPS/TLS)
  • Access controls and least-privilege authorization
  • Regular security assessments and updates
  • Restricted employee access and audit trails

6. International Data Transfers

Your data may be transferred and processed outside your country of residence. We use appropriate safeguards such as Standard Contractual Clauses (SCCs) and, for the UK, the IDTA or Addendum, with supplementary measures where needed.

7. Cookies & Local Storage

We primarily use token-based authentication (minimizing reliance on cookies). Where cookies or similar technologies are used, they are limited to:

  • Maintaining login sessions and essential site functionality (strictly necessary)
  • Remembering preferences and improving performance (preferences/performance)
  • Statistics and analytics (subject to consent in certain jurisdictions)

For non-essential cookies (especially in the EU/UK), we obtain consent before enabling them and provide a way to withdraw or manage preferences at any time.

8. Your Rights & Choices

Depending on your jurisdiction, you may have rights including:

  • Access, rectification, erasure, and restriction of processing
  • Data portability and objection to processing based on legitimate interests
  • Withdraw consent (without affecting the lawfulness of processing based on consent before withdrawal)
  • Marketing opt-out and tracking preference management
  • For California and similar jurisdictions: know/delete/correct, opt-out of “sale”/“sharing”, limit use of sensitive information

You can exercise your rights via account settings or by contacting privacy@[your-domain]. We may verify your identity before responding.

9. Data Retention

We retain data for as long as necessary to fulfill the purposes for which it was collected, including providing services, performing contracts, meeting legal retention requirements, and preventing fraud. Once retention ends, we delete or anonymize data unless continued retention is required to comply with legal obligations or protect legitimate interests.

10. Children’s Privacy

Our service is not intended for users under 18. We do not knowingly collect information from children under 13 (consistent with COPPA). If you believe we have collected information from a child, please contact us so we can delete it.

11. Complaints & Supervisory Authorities

You have the right to lodge a complaint with your local data protection authority. In the EU/UK, you may contact the supervisory authority in your Member State/UK; in other regions, contact the relevant authority.

12. Changes & Notices

We may update this policy from time to time. Material changes will be notified via email or in-product notices. Continued use of the service constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact privacy@[your-domain]. Where applicable, you may also contact our EU/UK representative or DPO.