Privacy Policy

This Privacy Policy explains what personal data socialz (“socialz,” “we,” or “us”) collects when you use the website at socialz.org, what we do with that data, and the choices you have. socialz is a curated marketplace that matches small and medium businesses (Businesses) with vetted Social Media Managers and UGC Creators (Creators).

We aim to collect only the data we need to operate the matching surface, deliver transactional notifications, and keep the platform safe. We do not sell your personal data.

2.1 Account data

When you create an account, we collect your email address, a hashed password (or an OAuth identifier if you sign in with Google), a chosen role (Business or Creator), and a display name. We rely on Supabase Auth for credential handling and never store raw passwords ourselves.

2.2 Profile data

When you complete the onboarding wizard, we store the answers you provide: niches, content style, work model (REMOTE / ONSITE / HYBRID), country and city, and budget tier. Creators additionally store a headline, optional bio, optional standout metrics, optional tools list, and uploaded portfolio images.

2.3 Marketplace activity

When you contact a Creator we store the message text, sender, recipient, and timestamp. When you write a review we store the ratings, comment, the linked contact record that verifies the review, and a re-derived trust score for the reviewed Creator.

2.4 Technical data

We process basic technical data inherent to operating a web service: IP address, user-agent string, page paths, response codes, and timestamps. This data is processed by our hosting provider (Vercel) for operational and security purposes such as rate-limiting, debugging, and abuse prevention.

• To operate the Service: authenticate you, render your profile, compute matches, store messages and reviews, and serve uploaded portfolio images.
• To send transactional notifications: for example, emails to a Creator when they receive a new contact message or a new review.
• To improve the Service: aggregated, de-identified analysis of how flows are used so we can fix friction and improve match quality.
• To keep the platform safe: detect fraudulent reviews, prevent abuse, and comply with legal obligations.

We use the following processors to operate socialz. Each processes data only on our instructions and under a data processing agreement.

• Supabase (auth, Postgres database, object storage). Hosts your account, profile, messages, reviews, and uploaded portfolio images.
• Vercel (application hosting and edge network). Serves the web application and processes request metadata.
• Resend (transactional email delivery). Delivers notification emails such as new-contact and new-review alerts on behalf of socialz.
• Google (OAuth sign-in, optional). If you choose to sign in with Google, Google shares with us your email, profile name, and a stable identifier.

We use a small number of strictly necessary cookies, primarily authentication cookies set by Supabase to keep you signed in across requests. We also store onboarding wizard answers in your browser’s sessionStorage under the keys socialz.onboarding.draft.v1 and socialz.creator-onboarding.draft.v1 so you do not lose progress when navigating or signing up. We currently do not use advertising or third-party analytics cookies.

Your Creator profile(display name, headline, bio, niches, location, work model, budget tier, portfolio, standout metrics, and reviews) is shown to Businesses that match your hard constraints. Reviews include the reviewer’s display name. Business profiles are not publicly listed; they are used to compute matches.

When a Business contacts a Creator, the Creator sees the sender’s display name, email address, and message body in their leads inbox. This is necessary so the Creator can reply outside the Service.

We retain account, profile, and marketplace data for as long as your account is active. If you delete your account, we delete or anonymize your personal data within a reasonable period, except where we are required to retain certain records to comply with legal obligations, resolve disputes, or enforce our agreements.

Portfolio images deleted from your profile are removed from Supabase Storage shortly after the deletion is recorded.

Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to withdraw consent where processing is based on consent. To exercise any of these rights, email privacy@socialz.org from the email associated with your account. We will respond within the time required by applicable law.

We use industry-standard safeguards to protect your data, including TLS in transit, encrypted storage at rest via our hosting providers, and least-privilege access to our production database. No service can guarantee perfect security; if we become aware of a breach affecting your personal data we will notify you and any relevant regulators as required by applicable law.

Our processors operate from multiple regions. By using socialz you understand that your personal data may be processed in, and transferred to, countries other than the one in which you reside, including the United States. Where required, we rely on transfer mechanisms such as the European Commission’s Standard Contractual Clauses and equivalent safeguards.

socialz is not directed to children under the age of 18 and we do not knowingly collect personal data from anyone under that age. If you believe a child has provided us with personal data, please contact us and we will delete it.

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page and, for material changes, give reasonable additional notice (for example, by email or an in-product notice).

For privacy questions, requests, or complaints, email privacy@socialz.org.