1. Controller and scope
PT Teamfluencer Media Utama is responsible for the processing described here.
This policy covers Teamfluencer websites, applications, Brand and KOL dashboards, campaign services, customer support, transaction communications, and AI-assisted features.
Third-party services opened from the platform have their own notices. Teamfluencer remains responsible for selecting and managing processors that act on our instructions, subject to contracts and applicable law.
2. Data we process
We limit collection to data needed to provide, secure, and comply with the service.
- Identity and account data: name, email, phone, role, company, location, profile image, and account or business verification information.
- Creator and social data: handles, niche, followers, engagement, audience demographics, portfolio, content, insights, and post links.
- Campaign and contract data: briefs, messages, proposals, deliverables, approvals, revisions, content licences, disputes, and completion records.
- Payment and tax data: transaction value, invoice, payment channel, Xendit identifiers, refund status, payout account or wallet, and legally required documents.
- Technical and security data: IP address, user-agent, device, cookies, session identifiers, hashed fingerprints, access logs, user actions, and security events.
- AI and support data: prompts, briefs, text, images or files submitted, AI outputs, scores or recommendations, feedback, tickets, emails, and support communications.
- Consent and legal evidence: marketing/analytics choices, accepted document versions, timestamps, method, IP, and consent history.
3. Purposes and legal bases
Where consent is the basis, it may be withdrawn without affecting prior lawful processing. Withdrawal can limit optional features but does not stop processing required for a contract or law.
| Purpose | Example data | Primary basis |
|---|---|---|
| Accounts and campaigns | Identity, profile, briefs, deliverables | Contract or pre-contract steps |
| Payments, payouts, invoices, tax | Transaction and financial data | Contract and legal obligation |
| Security, fraud prevention, audit | IP, device, logs, hashed fingerprint | Legal obligation and proportionate legitimate interests |
| Requested AI and analytics features | Prompts, files, outputs, usage | Contract; consent where required or optional |
| Optional marketing and analytics | Email, cookies, usage events | Withdrawable consent |
| Claims, disputes, enforcement | Contracts, communications, logs | Legal obligation and legitimate interests |
4. AI features and automated decisions
AI features help draft briefs, analyse content, or produce recommendations. Inputs may be sent to contracted AI providers. Do not submit sensitive data or third-party data you have no right to share.
Outputs, quality scores, and recommendations may be inaccurate and are not legal, financial, or professional decisions. Material campaign decisions should be reviewable by a person. You may request an explanation or human review through our privacy contact.
We do not sell personal data. Access is limited by role and purpose. Vendors may change; material providers are assessed for contract, security, location, and deletion capabilities.
- Payment providers such as Xendit for invoices, payments, payouts, reconciliation, fraud, and refunds.
- Identity, authentication, cloud, hosting, storage, email, security, and analytics providers configured for the service.
- AI providers such as Google Gemini when you use a feature that requires it.
- Social platforms when you connect an account, submit links, or request an integration.
- Brands, KOLs, campaign administrators, professional advisers, auditors, regulators, or authorities where needed for campaigns, rights, security, or law.
6. International transfers and security
Some providers may process data outside Indonesia. Before those transfers, we assess protection levels, contractual duties, and any mechanism required by law.
We use HTTPS, role-based access, logging, administrative controls, and AES-256-GCM encryption for selected PII fields such as encrypted email and digital-wallet information. No system is risk-free; incidents are handled through response and legal notification procedures.
7. Retention and deletion
We follow the Data Retention Policy. Periods are extended only for documented legal, tax, dispute, fraud, security, or legal-hold needs.
Deletion may be delayed while campaigns, payouts, chargebacks, or other obligations remain active. Once eligible, unnecessary data is deleted or anonymised, including through the applicable backup cycle.
8. Your rights
We may verify identity and request proportionate information to prevent disclosure to the wrong person. We will explain if a request is refused, limited, or delayed by law or another person's rights.
- Request information, access, copies, correction, updating, portability, restriction, cessation, or deletion where the law provides.
- Withdraw optional marketing or analytics consent.
- Object to or request human review of material automated processing.
- Make a complaint and exercise other rights available under applicable law.
9. Minimum age
The platform is intended for users aged 18 or older. If we learn that a child account or child data was processed without the required basis or permission, we will restrict the account and take appropriate deletion steps. A parent or guardian may contact us.
10. Contact, complaints, and changes
Send privacy requests to hello@teamfluencer.id. State the request type and account email; never email a password or complete financial details.
We may update this policy when the product, vendors, or law changes. Material changes will be notified through the platform or email and, where required, require new consent. The version and effective date appear above.
Document history
- Current version
- 2.0 · 11 July 2026
- Material changes
- Clarified data, AI, retention, deletion, contract, and refund terms.