Privacy
Policy.

1.1 Information You Provide. We collect information you provide directly, including when you request a demo, create a client portal account, submit a campaign brief, or communicate with our team. This includes your name, work email, phone number, company details, payment information, and any brand assets or creative guidelines you share.

1.2 Automatically Collected Information. When you use our website or client portal, we automatically collect technical data including your IP address, browser type, operating system, pages visited, session duration, and referring URLs. This data helps us maintain and improve the Services.

1.3 Information from Third Parties. We may receive information about you from business partners, marketing platforms, and analytics providers. This may include firmographic data, advertising interaction data, and publicly available business information.

2.1 Deliver Services. We use your information to onboard your brand, execute creator campaigns, match creators to your briefs, deliver performance reports, and operate the client portal.

2.2 Billing and Payments. We use payment and account information to process invoices, manage subscriptions, and fulfil our contractual obligations.

2.3 Communications. We may send you campaign updates, performance reports, product announcements, and marketing communications. You may opt out of promotional emails at any time via the unsubscribe link in each message.

2.4 Analytics and Improvement. We analyse usage patterns to improve platform performance, develop new features, and personalise your experience. This analysis is performed on aggregated or pseudonymised data where possible.

2.5 Security and Compliance. We use your information to detect and prevent fraud, unauthorised access, and other harmful activity, and to comply with our legal obligations.

3.1 Creator Partners. We share anonymised or approved campaign briefs with creators in our network solely for the purpose of executing your campaigns. Creators do not receive your personal account information without your consent.

3.2 Service Providers. We share information with trusted third-party vendors who help us operate the Services, including payment processors, cloud infrastructure providers, analytics platforms, and customer support tools. These providers are contractually bound to handle data in accordance with this Policy.

3.3 Legal Requirements. We may disclose your information when required by applicable law, court order, or governmental authority, or when necessary to protect the rights, property, or safety of Cohort, our clients, or the public.

3.4 Business Transfers. If Cohort is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

4.1 Publicly Available Profiles. Cohort uses publicly available creator data — including profiles, follower counts, engagement metrics, and content — to match creators to brand campaigns. This data is sourced from public social media platforms and third-party data providers.

4.2 Platform Compliance. All creator data accessed through third-party platforms (including TikTok, Instagram, YouTube, Twitch, and LinkedIn) is handled in accordance with each platform's terms of service and applicable data protection laws. Clients accessing creator data through the portal agree to use it solely for authorised campaign purposes.

5.1 Account Data. We retain your account and campaign data for as long as your account is active or as needed to provide the Services. Upon account deletion, personal data is removed or anonymised within 90 days, except where retention is required by law.

5.2 Financial Records. Billing and payment records are retained for a minimum of seven years in accordance with applicable financial regulations in the United States and United Kingdom.

6.1 GDPR (UK and EU). If you are located in the UK or European Economic Area, you have the right to access, rectify, erase, restrict, or object to the processing of your personal data, and the right to data portability. To exercise these rights, contact us at hello@wearecohort.com.

6.2 CCPA (California). California residents have the right to know what personal information we collect, to request deletion of that information, and to opt out of the sale of personal information. Cohort does not sell personal information.

6.3 Marketing Opt-Out. You may opt out of promotional communications at any time by clicking unsubscribe in any marketing email or contacting hello@wearecohort.com. Transactional and account-related messages are not affected.

7.1 Security Measures. Cohort maintains industry-standard technical and organisational measures to protect your information, including encryption in transit and at rest, access controls, and regular security assessments. Our platform is designed to meet SOC 2, HIPAA, and GDPR compliance standards.

7.2 No Absolute Guarantee. No method of transmission over the internet or electronic storage is completely secure. While we take data security seriously, we cannot guarantee absolute security. In the event of a data breach affecting your rights and freedoms, we will notify you in accordance with applicable law.

8.1 Cross-Border Transfers. Cohort is registered and operates in both the United States and the United Kingdom. Your data may be processed and stored in either jurisdiction and may be transferred to other countries where our service providers operate.

8.2 Safeguards. For transfers of personal data from the UK or EEA to countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms approved by relevant data protection authorities.

9.1 Age Restrictions. The Services are intended for business use and are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a person under 16, we will take immediate steps to delete it.

10.1 Updates. We may update this Privacy Policy from time to time. Material changes will be communicated by email or by displaying a prominent notice on our website at least 30 days before they take effect. The date at the top of this page reflects the most recent revision.

11.1 Data Controller. wearecohort Ltd. is the data controller for personal information processed in connection with the Services. If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at hello@wearecohort.com. We are registered in the United States and the United Kingdom, and are headquartered in Miami, FL.