Voltr, a service operated by Voltr, Inc. ("Voltr," "we," "us," or "our"), is committed to protecting your privacy. This policy describes what data we collect, how we use it, your rights, and how to contact us with questions or requests.
1. Scope of This Policy
This policy applies to two categories of individuals:
Users: Businesses and individuals who create Voltr accounts and use the platform directly.
Creators: Individuals whose publicly available profile information, content metrics, and contact data may be accessed through third-party platform APIs (TikTok, TikTok Shop, Meta, and others) in connection with our services, regardless of whether those individuals have a Voltr account.
If you are a creator whose data has been processed by Voltr and you wish to exercise your privacy rights, please contact us at contact@getvoltr.com. We will respond to verifiable requests in accordance with applicable law.
2. Information We Collect
From Users:
Account data: Name, email address, company name, billing information.
Usage data: Platform activity, campaign performance, and feature interactions.
Connected platform credentials: OAuth tokens and permissions for TikTok, TikTok Shop, Meta, and Shopify integrations.
E-commerce data: If you connect a Shopify or similar store, we may receive merchant-level business data and, separately, personal data about your end customers.
Device data: IP address, browser type, and device identifiers for security and fraud prevention.
About Creators (via third-party APIs):
Public profile information (name, handle, biography, profile image).
Publicly available content performance metrics (follower counts, engagement rates).
Contact information made publicly available by the creator on the applicable platform.
Creator data is accessed only through official third-party platform APIs and in accordance with those platforms' developer policies. We do not scrape or collect creator data through unauthorized means.
3. How We Use Your Data
To provide, maintain, and improve the Voltr platform.
To process payments and manage subscriptions.
To send product updates and marketing communications (with your consent).
To prevent fraud and ensure platform security.
To comply with legal obligations and respond to lawful requests.
To facilitate creator discovery and outreach campaigns as directed by Users.
We do not use creator data for purposes beyond those described above and those permitted by the applicable third-party platform's developer policies.
4. Data Sharing
We do not sell your personal information. We do not share personal information for cross-context behavioral advertising as defined under the California Privacy Rights Act (CPRA), and we do not engage in the "sharing" of personal information as defined under CPRA. We may share data with:
Service providers, each contractually bound to use data only as directed by us. Our current sub-processors include: Supabase (database, authentication, and file storage), Vercel (application hosting and edge delivery), Resend (transactional email), Anthropic (AI features for personalization), and Stripe (payment processing). We will update this list as our processors change.
Third-party platforms (TikTok, TikTok Shop, Meta, Shopify) as necessary to operate integrations you have authorized.
Law enforcement or regulatory authorities when required by applicable law or valid legal process.
A successor entity in connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations.
5. End-Customer Data
If you integrate an e-commerce store with Voltr, we may receive personal data about your end customers (individuals who have purchased from your store). End-customer data is treated as a distinct and more sensitive data category. We process end-customer data solely to provide the services you have requested and do not use it for any independent purpose. You are responsible for ensuring that your collection and sharing of end-customer data with Voltr is disclosed in your own privacy notices to those customers.
6. Data Retention and Deletion
We retain different categories of data for different periods, balancing service functionality, legal obligations, and creator privacy:
Creator profile data sourced via TikTok, TikTok Shop, Meta, or other social platform APIs: retained for up to 12 months from the date of the last campaign activity associated with that creator. Deleted within 30 days of campaign closure unless required for legal, audit, or fraud-prevention purposes.
Campaign and outreach records: retained for 24 months for analytics and historical reporting, then anonymized.
User account data: retained for the duration of the account plus up to 7 years after account closure for tax, accounting, and legal compliance.
Marketing and behavioral analytics: retained for 13 months, then aggregated or deleted.
Server logs and security data: retained for up to 12 months for fraud prevention and incident response.
Data obtained through third-party platform APIs (TikTok, TikTok Shop, Meta, Shopify, and others) may be subject to shorter retention or deletion timelines than the periods above when required by those platforms' developer policies. If a third-party platform revokes Voltr's API access, requests deletion of data obtained through its API, or updates its data use restrictions in a way that requires deletion, we will promptly delete or render inaccessible the affected data, typically within 7 days of receiving the request via the contact method described in our Data Deletion Instructions. Such deletion may affect your access to historical analytics or campaign data associated with that integration.
You may request earlier deletion of your data at any time by contacting us at contact@getvoltr.com.
7. Cookies and Consent
We use cookies and similar tracking technologies. These fall into two categories:
Essential cookies: Required for the platform to function (session management, authentication, security). These are set without additional consent as they are strictly necessary.
Non-essential cookies: Analytics and preference cookies that help us understand how the platform is used and remember your settings. Under applicable U.S. state privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, and others), we are required to obtain your opt-in or opt-out consent before placing non-essential cookies.
When you first access the platform, you will be presented with a cookie consent banner that allows you to accept or decline non-essential cookies. You may change your preferences at any time through your account settings or by contacting us.
8. Your Privacy Rights
Depending on your state or jurisdiction of residence, you may have the following rights regarding your personal data:
Right to know/access: Request disclosure of the categories and specific pieces of personal data we have collected about you.
Right to deletion: Request deletion of personal data we have collected, subject to certain exceptions.
Right to correction: Request correction of inaccurate personal data.
Right to opt out of sale or sharing: We do not sell or share personal data as defined under CCPA/CPRA. If this practice changes, we will update this policy and provide an opt-out mechanism.
Right to limit use of sensitive data: To the extent we process sensitive personal data (as defined under applicable law), you may have the right to limit its use.
Right to non-discrimination: We will not discriminate against you for exercising any of the above rights.
These rights apply to residents of California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), and other states with applicable privacy statutes, as well as to creators whose data we process regardless of account status. To exercise any of these rights, contact us at contact@getvoltr.com. We will respond to verifiable requests within the timeframes required by applicable law (generally 45 days).
9. International Users and GDPR
While Voltr is operated from and primarily directed to the United States, we may process personal data of individuals located in the European Economic Area (EEA), the United Kingdom, or other jurisdictions outside the U.S.
Lawful basis under GDPR. Where the General Data Protection Regulation applies, we rely on the following lawful bases under Article 6(1):
Performance of a contract - to provide platform services to Users.
Legitimate interests - to operate, improve, and secure the platform, and to facilitate creator outreach as directed by Users, balanced against creators' privacy interests.
Consent - where required for non-essential cookies and certain marketing communications.
Legal obligation - to comply with applicable law.
Your GDPR rights. If GDPR applies to you, you have the right to access, rectify, erase, restrict processing of, port, and object to processing of your personal data. You may exercise these rights at contact@getvoltr.com. You also have the right to lodge a complaint with your local supervisory authority.
International transfers. Personal data we collect may be transferred to and processed in the United States. Where required, we rely on the European Commission's Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms to safeguard such transfers.
10. Security
We implement security measures consistent with industry standards for SaaS platforms handling personal data, including:
Encryption in transit (TLS 1.2+) for all data exchanged between users, our servers, and third-party APIs.
Encryption at rest for all data stored in our primary database (Supabase PostgreSQL with AES-256 encryption).
Role-based access controls and audit logging on all production systems.
Secrets and OAuth tokens stored in encrypted form using platform-managed key management.
Regular dependency and vulnerability scanning, with timely patching of security advisories.
Incident response procedures including notification to affected users and regulators where required by applicable law.
No system can be guaranteed perfectly secure. If you become aware of a security issue, please report it to contact@getvoltr.com.
11. Third-Party Links
Our platform may contain links to third-party sites. We are not responsible for their privacy practices.
12. Children's Privacy
Voltr is not directed to children under 13. We do not knowingly collect data from children.
13. Changes to This Policy
We may update this policy periodically. We will notify you of material changes via email or platform notification prior to the changes taking effect.
14. Contact
For privacy-related questions or to submit a rights request: contact@getvoltr.com