Legal

Privacy Policy

Last updated: June 22, 2026  ·  Effective: January 1, 2024

Summary: Reflyit collects information you provide to run the platform, improve services, and connect influencers with organizations. We do not sell your personal data. You can request deletion of your data at any time.

Table of Contents

  1. Information We Collect
  2. How We Use Your Information
  3. Sharing & Disclosure
  4. Cookies & Tracking
  5. Data Retention
  6. Security
  7. Your Rights
  8. Children's Privacy
  9. International Transfers
  10. Changes to This Policy
  11. Contact Us

1. Information We Collect

Account Information

When you register for Reflyit, we collect:

  • Name, email address, and password (stored as a secure hash)
  • Role type (influencer, organization admin, or super-admin)
  • Profile details you voluntarily provide (bio, social media handles, avatar)

Organization & Campaign Data

Organizations provide additional information including company name, branding assets, product listings, referral codes, commission structures, and campaign details.

Usage & Activity Data

We automatically log activity within the platform including page visits, referral link clicks, QR code scans, commission events, and system actions. This data powers analytics, reporting, and fraud detection.

Communications

Messages sent through Reflyit's communication features (tickets, forum posts, direct messages) are stored to provide the service and support moderation.

Technical Data

IP addresses, browser type, device identifiers, and referring URLs are collected for security, debugging, and attribution tracking.

2. How We Use Your Information

We use the information we collect to:

  • Create and manage your account and provide platform features
  • Process commission calculations and financial reporting
  • Send transactional emails (account confirmations, password resets, notifications)
  • Track referral attribution and campaign performance
  • Improve platform features and fix issues
  • Enforce our Terms of Service and prevent abuse
  • Comply with legal obligations

We do not use your data for third-party advertising or sell your personal information to third parties.

3. Sharing & Disclosure

We share data only in the following circumstances:

Within the Platform

Influencer profile information (name, social handles, performance metrics) is visible to organization admins they are associated with. Organizations control which influencers see their product and campaign data.

Service Providers

We may share data with trusted service providers who help us operate the platform (e.g., hosting, email delivery, payment processing). These providers are bound by confidentiality agreements and may only use data to provide services to Reflyit.

Legal Requirements

We may disclose information if required by law, court order, or to protect the rights, property, or safety of Reflyit, our users, or the public.

Business Transfers

In the event of a merger, acquisition, or sale of assets, user data may be transferred. We will notify affected users via email before any such transfer.

4. Cookies & Tracking

Reflyit uses cookies and similar technologies to maintain sessions, remember preferences, and measure platform performance. See our Cookie Policy for full details.

Essential cookies required for authentication and security cannot be disabled. You can manage optional cookies through your browser settings.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. If you delete your account:

  • Profile and account data is removed within 30 days
  • Commission and financial records may be retained for up to 7 years for legal and audit purposes
  • Anonymized, aggregated analytics data may be retained indefinitely
  • Activity logs are retained for up to 2 years

6. Security

We implement industry-standard security measures including:

  • HTTPS encryption for all data in transit
  • Bcrypt password hashing — plaintext passwords are never stored
  • Role-based access controls limiting data visibility by user role
  • Activity logging and anomaly detection
  • Regular security reviews

No system is completely secure. If you believe your account has been compromised, contact us immediately at privacy@reflyit.com.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you
  • Correction: Update inaccurate or incomplete information via your profile settings
  • Deletion: Request deletion of your account and associated data
  • Portability: Request your data in a portable format
  • Objection: Object to certain uses of your data
  • Restriction: Request that we limit processing of your data

To exercise any of these rights, email privacy@reflyit.com. We will respond within 30 days.

8. Children's Privacy

Reflyit is not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will delete it promptly. Contact us at privacy@reflyit.com if you believe we have inadvertently collected a child's information.

9. International Data Transfers

Reflyit operates globally. Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers in compliance with applicable data protection laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users by email and post an update notice on the platform at least 14 days before material changes take effect. Continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related questions, requests, or concerns:

You may also submit a support ticket if you are a registered user by visiting Support Tickets.