Privacy Policy

How 9TOMARKETING LTD (ClipRaise) processes personal data under the EU General Data Protection Regulation (GDPR, 2016/679) and Cyprus Law 125(I)/2018.

1. Data Controller

Controller
9TOMARKETING LTD
Address
Griva Digeni 32, Kalamanos Court Block B, Office 36, 8220 Chlorakas, Paphos, Cyprus
Registration
HE 481809
VAT
CY60232022J
Contact
info@clipraise.com

We have not appointed a Data Protection Officer (DPO) at this time, as we are not yet subject to a mandatory DPO designation under Art. 37 GDPR. Data-protection enquiries should be addressed to the contact above.

2. Categories of data processed

  • Creator applications — full name, email address, public social-media handles (TikTok, Instagram, YouTube, Facebook), submission timestamp, application status.
  • Brand call requests — company name, contact name, work email, website, vertical, indicative budget range, timeline and free-text message.
  • Account & authentication — for approved users only: email address, hashed sign-in token, session cookies. Issued and stored via our processor Supabase Inc. (Supabase Auth). We do not store passwords — authentication runs on one-time email codes.
  • Content submissions— post URLs, view counts, and platform analytics provided by the creator from their own dashboard (which may incidentally include the creator's display name and aggregate audience data).
  • Technical & server logs — IP address, user agent, request path, timestamp. Generated by our hosting provider Vercel and retained for security and abuse prevention.

3. Purposes & legal bases

  • Operating the platform (matching creators with brand campaigns, processing submissions, calculating payouts) — Art. 6 (1)(b) GDPR (performance of contract).
  • Reviewing applications and call requests — Art. 6 (1)(b) GDPR (pre-contractual measures) and Art. 6 (1)(f) GDPR (legitimate interest in vetting counterparties).
  • Communication (replying to enquiries, sending operational email about your account or submission) — Art. 6 (1)(b) GDPR.
  • Security, fraud prevention & abuse handling — Art. 6 (1)(f) GDPR (legitimate interest in a secure service).
  • Compliance with legal obligations (tax, accounting, KYC where applicable) — Art. 6 (1)(c) GDPR.

4. Recipients & processors

We use the following data processors. Each is bound by a Data Processing Agreement (Art. 28 GDPR) and, where data is transferred outside the EU/EEA, by the EU Standard Contractual Clauses (Art. 46 GDPR).

  • Vercel Inc. — application hosting and edge delivery (United States; EU-U.S. Data Privacy Framework / SCCs in place).
  • Supabase Inc. — database, storage, authentication (email one-time codes) and email delivery for sign-in (United States; SCCs in place).
  • Google LLC — YouTube Data API (campaign view verification), Search Console (site verification). United States; adequacy decision / SCCs as applicable.
  • Namecheap / Vercel DNS — domain and DNS handling.

We do not sell personal data and do not share it with third parties for their own marketing purposes.

5. Storage duration

  • Creator applications and brand call requests: kept for as long as needed to process the enquiry and afterwards for up to 24 months for legitimate-interest record-keeping, unless deletion is requested earlier.
  • Account data: kept for the lifetime of the account, then deleted within 90 days of closure (longer where statutory retention applies, e.g. invoicing records — 6 years under Cyprus tax law).
  • Content submissions and payout records: retained for accounting purposes for the legally required period (currently 6 years).
  • Server logs: 30–90 days, depending on the processor.

6. Your rights

Under the GDPR you have the right to:

  • Request access to your personal data (Art. 15);
  • Request rectification of inaccurate data (Art. 16);
  • Request erasure ("right to be forgotten", Art. 17);
  • Request restriction of processing (Art. 18);
  • Receive your data in a portable format (Art. 20);
  • Object to processing based on legitimate interest (Art. 21);
  • Withdraw consent at any time, where processing is based on consent (Art. 7 (3));
  • Lodge a complaint with a supervisory authority (Art. 77).

To exercise any of these rights, email info@clipraise.com. We respond within one month of receipt (Art. 12 (3) GDPR).

7. Supervisory authority

The supervisory authority for 9TOMARKETING LTD is the Office of the Commissioner for Personal Data Protection (Cyprus). Visitors from other EU member states may also lodge a complaint with their local supervisory authority.

8. Cookies & similar technologies

We use a tiered consent model in line with the EU ePrivacy Directive 2002/58/EC, as transposed into Cyprus law. Categories:

  • Strictly necessary (always on) — required for the site to function and cannot be turned off. Includes the Supabase Auth session cookie (sign-in), the cr_admin HMAC-signed cookie (admin password gate), and the cr_cookie_consent_v1entry in your browser's local storage that remembers your cookie choices.
  • Analytics (off by default) — anonymous usage measurement. No analytics scripts are loaded today. Your choice is recorded for any future use.
  • Marketing (off by default) — personalisation and ad-attribution. No marketing cookies are set today. Your choice is recorded for any future use.

You can review or change your choice at any time via the “Cookie settings” link in the footer of any page. We do not run third-party advertising or analytics cookies without an opt-in via the consent banner. Refusing non-essential cookies is as easy as accepting them and does not affect your ability to use the site.

9. International transfers

As listed in section 4, some processors are based in the United States. We rely on the EU Standard Contractual Clauses approved by the European Commission and, where available, on adequacy decisions, to provide an essentially equivalent level of protection for transferred data.

10. Automated decisions

We do not make decisions based solely on automated processing within the meaning of Art. 22 GDPR. Application approvals and submission reviews always involve a human reviewer.

11. Children

ClipRaise is not directed at persons under 18 years of age. We do not knowingly collect personal data from minors.

12. Changes to this policy

We may update this policy to reflect changes in our processing or in the legal framework. The current version is identified by the "Last updated" date at the bottom of this page.