Privacy Policy

Fuelify is operated by Tim Murray, trading as part of GOamplify, a Bahrain-registered marketing services business. We act as the data controller for personal data processed through fuelify.co. Contact us at tim@goamplify.agency.

We collect the following categories of personal data:

• Account data — email address, password hash, display name, company name (for brands and agencies), country, role (creator / brand / agency).
• Profile data (creators) — bio, photos and videos you upload, primary location, content categories, audience tags, languages, rate card.
• Social media data — when you connect Instagram, TikTok, or YouTube via OAuth, we receive your handle, public profile URL, follower count, engagement rate, average view count, audience demographics aggregates (gender, age, top countries), and an access token used to refresh that data on a recurring schedule.
• Messaging data — the content of messages you send through Fuelify, plus the contact channels you choose to reveal to each conversation partner.
• Saved creators — for brand accounts, the list of creators you have bookmarked. This is private to your account; creators are not told who saved them.
• Technical data — IP address, browser user-agent, device type, pages visited, errors encountered. Used for security, debugging, and aggregate analytics.

• To operate the marketplace — display verified creator profiles, route messages, surface availability, populate audience insights for brands you have accepted.
• To verify that a connected Instagram, TikTok, or YouTube account is authentically yours and to keep follower and engagement metrics on your profile current.
• To send transactional emails (sign-up confirmation, message notifications, account approval).
• To improve the product — aggregate analytics on which features are used, where users drop off, and which errors occur in production.

We process your personal data under one or more of the following legal bases:

• Contract — operating the marketplace you have signed up for.
• Consent— connecting a social account via OAuth and pulling its analytics requires your explicit consent via the platform's permission screen. You can revoke consent at any time from the platform's account settings or by disconnecting on Fuelify.
• Legitimate interest — security, fraud prevention, basic site analytics, and product improvement.

We do not sell your personal data. We share it only with the following categories of recipients, strictly for the purposes described above:

• Other Fuelify users — verified social handles, follower counts, and audience analytics on your public profile are visible to signed-in users (brands, agencies, admins). Signed-out visitors see your photos, bio, and rate card but not analytics or socials.
• Infrastructure providers — Supabase (database + auth, EU), Vercel (web hosting, EU), Resend (transactional email).
• Analytics + error monitoring — PostHog (product analytics, EU) and Sentry (error tracking).
• CRM — GoHighLevel, used to manage marketing communications with creators who opt in.
• Authorities — only when required by applicable law or to protect Fuelify or others from harm.

Our primary data processing happens in the European Union (London, eu-west-2). Some processors (Sentry, GoHighLevel) may process data in the United States under standard contractual clauses.

• Account data — for as long as your account is active, plus 30 days after account deletion to allow recovery.
• Social OAuth tokens — until you disconnect the platform on Fuelify, or until they expire (Instagram long-lived tokens expire after 60 days unless refreshed).
• Messages — retained for as long as both parties' accounts are active.
• Aggregate analytics — retained indefinitely in anonymised form.

You have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate data.
• Erase your account and associated data.
• Object to or restrict certain processing.
• Receive a copy of your data in a portable format.
• Withdraw consent for social-platform connections at any time.

To exercise any of these rights, email tim@goamplify.agency. We respond within 30 days.

We use TLS for all data in transit. OAuth tokens for connected social accounts are encrypted at rest with AES-256-GCM. Passwords are hashed using industry-standard algorithms. Access to production data is restricted to authorised personnel and logged.

We use only essential cookies for authentication and session management. We do not use third-party advertising cookies. Our product analytics (PostHog) is configured to identify users only after sign-in.

Fuelify is not directed at people under 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has signed up, contact us and we will delete the account.

We may update this policy from time to time. Material changes will be communicated by email to registered users at least 30 days in advance.