
Privacy Policy
Legal | Collebrity
Collebrity โ Privacy Policy (India / DPDPA 2023)
Version 1.0 | Effective Date: 03 June 2026 | Applicable Law: Digital Personal Data Protection Act, 2023 (India)
IMPORTANT NOTICE
This Privacy Policy describes how Collebrity Private Limited collects, uses, stores, and shares your personal data when you use the Collebrity platform. This Policy is published in compliance with Section 5 of the Digital Personal Data Protection Act, 2023 ("DPDPA") and Rule 3 of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. Please read this Policy carefully before using the Platform.
1. Introduction and Identity of the Data Fiduciary
1.1 This Privacy Policy ("Policy") is published by Collebrity Private Limited, a company incorporated under the Companies Act, 2013, bearing Corporate Identification Number U63122KA2025FTC206151, with its registered office at Flat No. 504, Veerasandra, Veerasandra Gollahalli Main Road, Bengaluru, Karnataka โ 560100, India ("Collebrity", "we", "us", "our").
1.2 Collebrity is the Data Fiduciary within the meaning of Section 2(i) of the Digital Personal Data Protection Act, 2023 ("DPDPA") in respect of personal data collected through the Platform at collebrity.com and through the Collebrity mobile applications on iOS and Android.
1.3 This Policy applies to all individuals who use the Platform in any capacity, including Brands, Individuals, Creators / Influencers / Celebrities (used interchangeably throughout this Policy), and Talent Managers, collectively referred to as "Data Principals" or "Users".
1.4 Capitalised terms used but not defined in this Policy shall have the meanings assigned to them in Collebrity's Terms and Conditions, available at collebrity.com/legal/terms-and-conditions.
2. Personal Data We Collect
2.1 We collect personal data that you provide directly to us, data generated through your use of the Platform, and data obtained from third-party sources (including social media platforms via authorised API integrations). The categories of personal data collected are described below.
2.A Data Collected from Creators / Influencers
The following personal data is collected from Users who register on the Platform as Creators:
Data Category | Specific Data Fields | How Collected |
|---|---|---|
Identity Data | First name, last name | Registration form |
Contact Data | Email address, mobile number | Registration form |
Location Data | Country, state, city of residence | Registration form |
Demographic Data | Birth year, gender, preferred language | Registration form |
Professional Data | Business category/content niche | Registration form / Storefront |
Sensitive Data โ Ethnicity | Ethnicity (optional; see Clause 5) | Registration form (opt-in) |
Tax and Financial Data | PAN (Permanent Account Number), GST number (if applicable), bank account details (account number, IFSC code, account holder name) | KYC verification process |
Social Media Data | Verified follower count, engagement rate, audience demographics, content category โ pulled from Instagram and YouTube APIs (and other platforms as added) | Social media API integration (authorised by Creator) |
Platform Activity Data | Orders placed, campaigns participated in, Storefront listings, ratings received, messages sent through the Platform | Automatically generated through Platform use |
Device and Technical Data | IP address, browser type, operating system, device identifier, session data | Automatically collected |
2.B Data Collected from Brands / Agencies / Individuals
The following personal data is collected from Users who register on the Platform as Brands, Advertising Agencies, or individuals (i.e., natural persons placing orders for personal, non-commercial purposes such as personalised greetings):
Data Category | Specific Data Fields | How Collected |
|---|---|---|
Business Identity Data | Brand name, business website URL | Registration form |
Contact Person Data | First name, last name, designation, email address, mobile number | Registration form |
Location Data | Country, state, city | Registration form |
Demographic Data | Birth year, gender of account holder | Registration form |
Business Category Data | Industry/business niche | Registration form |
Tax and Billing Data | PAN, GST Identification Number (GSTIN), billing address | KYC / invoicing process |
Payment Data | Payment card details, bank account details (processed via the Platform's authorised Payment gateway / payment Aggregator; not stored on Collebrity's servers) |
|
Campaign Data | Campaign Briefs, target audience specifications, product information, creative assets uploaded by the Brand | Platform use |
Platform Activity Data | Orders placed, campaigns created, Wallet balance and transaction history, team user actions | Automatically generated |
Device and Technical Data | IP address, browser type, operating system, device identifier, session data | Automatically collected |
Social Media Data | Verified follower count, engagement rate, audience demographics, content category โ pulled from Instagram and YouTube APIs (and other platforms as added) | Social media API integration (authorised by Creator) |
2.C Data Collected from Talent Managers
Talent Managers provide data substantially similar to Creators at registration, including identity data, contact data, location data, demographic data, professional data, PAN, bank details, and platform activity data generated through their management of Creator accounts.
2.D Data Collected Automatically
When you access and use the Platform, we automatically collect the following data:
Log and usage data, including pages visited, features used, search queries, and time spent on the Platform;
Device and browser information, including IP address, browser type and version, operating system, and screen resolution;
Cookie data and tracking data from third-party analytics and advertising tools, including Google Analytics and Meta Pixel, as further described in Clause 11 and our Cookie Policy; and
Social media API data, where a Creator has linked their social media account through the Platform's authorised API integration. The specific data fields pulled from each social media platform are subject to that platform's API permissions and data access policies.
3. Purposes for Which We Process Your Personal Data
3.1 We process personal data only for specific, clear, and lawful purposes as required by Section 4 of the DPDPA. The table below sets out each processing purpose, the data used, and the legal basis under the DPDPA.
Processing Purpose | Data Used | Legal Basis (DPDPA 2023) |
|---|---|---|
Account registration and identity verification | Identity data, contact data, demographic data | Legitimate uses for fulfilment of services โ S.7(a) |
KYC verification for payment processing and TDS compliance | PAN, bank account details, GST number | Compliance with law โ S.7(f); Income Tax Act 1961 |
Order processing and campaign management | Identity data, professional data, platform activity data | Legitimate uses for fulfilment of services โ S.7(a) |
Influencer discovery and brand-creator matching | Professional data, social media data, location data, ethnicity (optional) | Consent โ S.6; and legitimate uses โ S.7(a) |
Payment processing and Escrow management | Payment data (via authorised Payment Aggregator), Wallet transaction data | Legitimate uses for fulfilment of services โ S.7(a) |
TDS deduction and tax compliance | PAN, creator fee amounts, talent manager commission amounts | Compliance with law โ S.7(f); Income Tax Act 1961 |
Platform analytics and performance measurement | Device data, platform activity data, campaign performance data | Legitimate uses for improving services โ S.7(a) |
AI-based search and recommendation engine (Brand-facing) | Professional data, social media data (incl. follower count, engagement, demographics, content category and other API-supplied metrics), platform activity data, ratings data | Legitimate uses for fulfilment of services โ S.7(a); consent for any sensitive-category inputs (including ethnicity) โ S.6 |
AI-based fraud detection and platform safety | Device data, IP address, social media data, platform activity data | Legitimate uses for safety โ S.7(a) |
Marketing communications (email, SMS, WhatsApp, push notifications) | Contact data, platform activity data | Consent โ S.6 |
Dispute resolution | Order data, communications data, Deliverables data | Legitimate uses โ S.7(a); Compliance with legal obligations |
Grievance redressal | Identity data, complaint details | Compliance with law โ S.7(f); IT Rules 2021 |
Safety and security of the Platform | Device data, IP address, platform activity data | Legitimate uses for safety โ S.7(a) |
Legal proceedings and regulatory compliance | All relevant personal data | Compliance with law โ S.7(f) |
Please verify: The two AI-related rows in the table above did not extract cleanly from the PDF โ the columns were jumbled in the source. I've reassembled them as faithfully as I could, and there was also a stray fragment ("Social media data, engagement data, platform activity data โ Consent S.6; legitimate uses S.7(a)") whose row was unclear. Please check these rows against your original document before publishing.
3.2 We do not use your personal data for any purpose incompatible with the purposes disclosed in this Policy. If we intend to process your data for a new purpose, we shall obtain fresh consent or establish a new lawful basis before doing so, and shall update this Policy accordingly.
4. Legal Basis for Processing under the DPDPA 2023
4.1 Under the Digital Personal Data Protection Act, 2023, processing of personal data requires either (a) the consent of the Data Principal, or (b) a legitimate use as specified in Section 7 of the DPDPA.
4.2 Consent (Section 6, DPDPA 2023). Where we rely on your consent, we shall obtain it through a clear, affirmative action (such as clicking a checkbox or a designated consent button) before collecting the relevant data. The consent notice shall be in plain language, specify the personal data to be collected and the purpose for which it will be used, and inform you of your right to withdraw consent at any time. We process the following categories of data on the basis of consent:
Ethnicity data (see Clause 5 for detailed provisions);
Marketing communications via email, SMS, WhatsApp, and push notifications; and
Use of non-essential cookies and tracking technologies (see Clause 11).
4.3 Legitimate Uses (Section 7, DPDPA 2023). We process personal data without consent in the following circumstances recognised as legitimate uses under Section 7 of the DPDPA:
Fulfilment of services requested by the User, including order processing, payment facilitation, and platform feature access โ Section 7(a);
Employer obligations โ not applicable (Users are not employees of Collebrity);
Response to medical emergencies โ not applicable;
Public interest purposes โ not applicable to routine platform operations;
Discharge of functions under law, including TDS deduction and remittance under the Income Tax Act, 1961, and compliance with IT Rules 2021 โ Section 7(f); and
Compliance with any order or judgement of a court or tribunal or any other statutory authority โ Section 7(g).
5. Sensitive Personal Data โ Ethnicity
Special Category Data Notice
Ethnicity is a sensitive category of personal data under the DPDPA 2023 and a Special Category of data under Article 9 of the EU General Data Protection Regulation (GDPR). Its collection and processing requires explicit, informed, purpose-specific, and withdrawable consent. The provisions of this Clause govern all collection and processing of ethnicity data by Collebrity.
5.1 Why We Collect Ethnicity Data. Collebrity collects ethnicity data, on a strictly voluntary opt-in basis, from Creators who wish to be discoverable in culturally targeted campaigns. The purpose is to enable Brands to identify Creators whose identity and audience demographics align with their campaign's target community. Ethnicity data is treated by Collebrity as a sensitive category of personal data in all jurisdictions, regardless of whether the law applicable to a particular Data Principal categorises it as such. For Users to whom the EU General Data Protection Regulation applies, ethnicity data is processed only on the basis of explicit consent within the meaning of Article 9(2)(a) of the GDPR.
5.2 Voluntary Nature. Providing ethnicity data is entirely optional. A Creator may register and use all features of the Platform without disclosing their ethnicity. Declining to provide ethnicity data will not affect a Creator's ability to receive Orders or participate in Campaigns, except in cases where a Brand has specifically applied an ethnicity filter in their search.
5.3 Consent Mechanism. Before any Creator is permitted to record ethnicity data on the Platform, Collebrity shall present a dedicated, in-product consent notice that, in compliance with Section 6(3) of the DPDPA, 2023 (and where applicable, Article 9(2)(a) of the GDPR for EU/EEA Users): (a) identifies ethnicity as a sensitive category of personal data; (b) states the specific purpose for which it will be used (Clause 5.1 above); (c) explains how it will be used in Brand search filters; (d) confirms whether and how it will be shared with Brands; (e) confirms that it will not be displayed publicly on the Creator's Storefront; (f) explains how the Creator may exercise their rights under Sections 6(4)-(6) and 13 of the DPDPA (including the right to withdraw consent); and (g) explains the manner of complaint to the Data Protection Board of India. Collection of ethnicity data shall not commence until the Creator provides explicit affirmative consent through the in-product tick associated with this notice.
5.4 Use of Ethnicity Data. Ethnicity data shall be used solely as a discoverable filter in Brand search queries. When a Brand selects an ethnicity filter, only Creators who have voluntarily provided matching ethnicity data and have consented to its use will appear in the filtered results. Collebrity does not display ethnicity data on the Creator's public Storefront profile.
5.5 Sharing of Ethnicity Data. Ethnicity data is not shared with Brands in a directly identifiable form. It is used by Collebrity's search algorithm to generate filtered results. A Brand using the ethnicity filter will see search results limited to matching Creators, but will not receive a data export of ethnicity values.
5.6 AI-Based Processing of Ethnicity Data. Where ethnicity data is used as an input to Collebrity's AI-based matching algorithm, the Creator consents to such algorithmic processing as part of the ethnicity data consent mechanism under Clause 5.3. The Creator has the right to opt out of algorithmic processing of their ethnicity data by withdrawing consent under Clause 5.7.
5.7 Withdrawal of Consent. A Creator may withdraw consent to the collection and use of their ethnicity data at any time by: (a) updating their profile settings to remove the ethnicity data field; or (b) writing to [email protected]. Upon withdrawal of consent, Collebrity shall cease using the ethnicity data for filtering purposes and shall delete the data within Thirty (30) days of receipt of the withdrawal request. Withdrawal of consent shall not affect the lawfulness of processing carried out before the withdrawal.
6. Retention of Personal Data
6.1 We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law, whichever is longer. We do not retain personal data indefinitely.
6.2 The following retention periods apply to each category of personal data:
Category of Data | Retention Period | Basis for Retention Period |
|---|---|---|
Active user account data (identity, contact, professional data) | Duration of the Account, plus Twenty-Four (24) months from the date of the last Order or transaction on the Account | Platform operations and legitimate interests in resolving post-closure disputes |
Transaction and payment records (Order value, Commission, payout amounts) | Seven (7) years from the date of the transaction | Income Tax Act, 1961; Companies Act, 2013 โ mandatory statutory retention |
KYC documents (PAN, bank details) | Duration of the Account, plus Five (5) years from Account closure | Prevention of Money Laundering Act, 2002 obligations; Tax audit requirements |
Campaign and creative data (Campaign Briefs, Deliverables) | Three (3) years from Campaign completion | Dispute resolution and IP claim defence |
Platform activity and analytics data | Two (2) years from date of generation, then aggregated and anonymised | Platform improvement and analytics |
Social media API data (follower count, engagement data) | Refreshed at each API sync; individual historical snapshots retained for Two (2) years | Analytics and Creator profile accuracy |
Ethnicity data | Until consent is withdrawn or Account is closed, whichever is earlier; deleted within Thirty (30) days of withdrawal | Consent-based processing; mandatory deletion upon withdrawal |
Deleted account data | Account data purged within Thirty (30) days of deletion request being processed, subject to completion of pending Orders and Disputes. Transaction records retained for statutory periods above. | DPDPA Section 8(7); GDPR Article 17 (for EU users) |
Dispute and grievance records | Three (3) years from closure of the dispute or grievance | IT Rules 2021; limitation period for legal claims |
Communications and messages (Platform chat) | Two (2) years from Order completion | Dispute resolution |
Marketing consent records | Duration of the Account plus Two (2) years, or until consent is withdrawn | Evidence of lawful marketing processing |
6.3 Upon expiry of the applicable retention period, we shall securely delete or anonymise personal data such that the individual is no longer identifiable from the retained data. Anonymised data may be retained indefinitely for analytical purposes.
6.4 Notwithstanding the above retention periods, we may retain personal data for longer periods where required by a court order, regulatory investigation, or other legal obligation, for the duration of such requirement.
7. Sharing of Personal Data with Third Parties
7.1 We do not sell your personal data to third parties. We share personal data only in the circumstances described below and only to the extent necessary for the stated purpose.
7.2 Data Processors. We share personal data with the following categories of Data Processors (entities that process data on our behalf under binding data processing agreements), as permitted under Section 8(3) of the DPDPA:
Third Party / Category | Data Shared | Purpose |
|---|---|---|
Payment Gateway Service Providers | Payment card details, bank account details, Order value, User identity data for KYC | Processing brand payments, managing Collebrity Holding, disbursing Creator payouts |
Email marketing service provider | Email address, name, platform activity data (for segmentation) | Sending transactional and promotional emails |
WhatsApp / SMS notification service | Mobile number, name | Sending Order updates, notifications, and promotional messages (with consent) |
Cloud infrastructure provider (authorised cloud infrastructure provider) | All personal data stored on the Platform | Data storage, hosting, and infrastructure services across India, the US, and the EU server regions |
Finance and accounting software | Transaction records, invoicing data, TDS-related data | Bookkeeping, tax filing, and financial reporting |
Analytics service providers (Google Analytics, Meta Pixel) | Device data, IP address, browsing behaviour on the Platform, page visit data | Platform performance analytics and marketing effectiveness measurement |
Social media platforms (Instagram/Meta, YouTube/Google APIs) | Creator's account authorisation token (to pull analytics); data shared back includes verified follower counts and engagement metrics | Creator analytics verification and Storefront data population |
7.3 Sharing of Data between Users and Public Visibility on the Platforms. Certain information shared by Users on the Platform, including information received through authorised API connections with social media platforms, may be visible to other Users or publicly accessible on the Platform, as described below:
(a) Creator Storefronts. A Creator's Storefront may be publicly visible to both registered and non-registered visitors of the Platform. This may include the Creator's display name, username or handle, profile photo, professional category, content niche, service listings and pricing, social media handles, ratings, reviews, authorised sample work or Deliverables, and social media analytics obtained through authorised API connections, such as follower count, engagement metrics, audience demographics, content category, reach, views, impressions, and other platform-provided performance data.
(b) Brand Profiles and Campaign Information. Brand names, campaign categories, campaign details, and related brand profile information may be visible to Creators who receive Campaign invitations or participate in related Orders. Where a Brand connects its social media accounts or other external platforms through authorised API integrations, Collebrity may process and display relevant connected-platform data for campaign verification, profile enrichment, analytics, reporting, and marketplace trust features, subject to the permissions granted by the Brand.
(c) Talent Manager Profiles. Talent Manager profiles and related professional information may be visible to Brands in connection with campaigns or Creator accounts managed by the Talent Manager. Where a Talent Manager connects social media accounts or manages API-connected Creator accounts, Collebrity may process relevant social platform data for Creator management, verification, analytics, reporting, and campaign coordination purposes, subject to the permissions granted through the Platform.
(d) Ratings and Reviews. Ratings, reviews, and feedback submitted by Brands may be displayed on the relevant Creator's Storefront. Similarly, ratings [the source text ends here mid-sentence โ please complete this clause from your original]
7.4 Sharing with Law Enforcement and Regulatory Authorities. We may disclose personal data to government authorities, law enforcement agencies, courts, or tribunals in the following circumstances: (a) in compliance with any applicable law, regulation, court order, or legal process; (b) in response to a valid request from a government or regulatory authority in India; (c) to protect the rights, property, or safety of Collebrity, its Users, or the public; or (d) to detect, investigate, or prevent fraud, security breaches, or illegal activity. We shall endeavour to notify the affected User of any such disclosure to the extent permitted by applicable law.
7.5 Corporate Transactions. In the event of a merger, acquisition, sale of assets, or other corporate restructuring, personal data held by Collebrity may be transferred to the acquiring or successor entity. We shall notify Users of any such transfer in advance to the extent practicable, and shall ensure that the acquiring entity is bound by obligations no less protective than those in this Policy.
8. International Transfers of Personal Data
8.1 International Storage and Processing. Collebrity uses cloud infrastructure and service providers with server locations in India, the United States, and the European Union. As a result, personal data may be processed, transferred, or stored on servers located outside India as part of normal Platform operations.
8.2 India to United States Transfers. Personal data of Users located in India may be processed on servers located in the United States for purposes including platform operations, analytics, infrastructure management, security, and related technical services. Such transfers are subject to the contractual and security protections implemented by Collebrity and its authorised cloud infrastructure providers, including applicable data processing agreements.
8.3 Transfers Involving European Union Data. Where personal data of users located in the European Union or European Economic Area ("EU/EEA") is processed, any transfer of such data between the EU, India, or other jurisdictions shall be carried out in accordance with applicable GDPR requirements, including the use of appropriate contractual safeguards such as the European Commission's Standard Contractual Clauses ("SCCs"), where required.
8.4 EU/EEA Availability and Data Segregation. As of the effective date of this Policy, the Platform is not actively offered, marketed, or intended for residents of the EU/EEA. Collebrity intends to expand services to EU/EEA users only after implementing the infrastructure, operational processes, and compliance measures required under applicable GDPR laws, including appropriate consent management, international transfer safeguards, breach notification procedures, and EU-related compliance roles where applicable. Until such implementation is completed, Collebrity may use reasonable measures, including geographic checks and country selection controls, to limit onboarding by EU/EEA residents.
8.5 International Transfer Safeguards. In all cases involving international transfers of personal data, Collebrity shall implement proper/appropriate contractual, technical, and organisational safeguards to protect personal data to a standard equivalent to/required under the DPDPA 2023 and Applicable Indian law.
9. Security Safeguards
9.1 Collebrity implements appropriate technical and organisational security measures to protect personal data against unauthorised access, disclosure, alteration, loss, or destruction, as required by Section 8(5) of the DPDPA.
9.2 Our security measures include:
Encryption of personal data in transit using industry-standard TLS/SSL protocols;
Restricted access controls ensuring that personal data is accessible only to authorised personnel with a business need;
Payment data security through PCI-DSS compliant payment gateways (authorised Payment Aggregator). Collebrity does not store full payment card numbers on its own servers;
Regular security assessments and vulnerability testing of the Platform infrastructure;
Access logging and monitoring for anomalous activity; and
Secure deletion protocols for data that has reached the end of its retention period.
9.3 Data Breach Notification. In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of Data Principals, Collebrity shall report the breach to the Data Protection Board of India as required under Section 8(6) of the DPDPA, and shall notify the affected Data Principals in the manner and within the timeframes prescribed under the DPDPA and its rules.
9.4 Notwithstanding our security measures, no internet-based platform can guarantee absolute security. Users are responsible for maintaining the confidentiality of their Account credentials and for reporting any suspected unauthorised access promptly to [email protected].
10. AI-Based Processing and Automated Decision-Making
10.1 AI-Based Features and Processing. Collebrity may use AI systems, machine learning models, automated analysis tools, and algorithmic ranking systems in connection with Platform operations and User data for purposes including:
(a) influencer-brand matching and Creator discovery recommendations;
(b) personalised search rankings and content visibility;
(c) Content scoring and campaign suitability assessments;
(d) fraud detection and platform safety measures, including the detection of fake followers, suspicious engagement activity, spam, scams, policy violations, or potentially abusive behaviour;
(e) Pricing recommendations and campaign performance insights for Brands, Creators, and Talent Managers;
(f) Audience demographic analysis and analytics based on authorised social media API data and Platform activity;
(g) Recommendation, filtering, and relevance systems designed to improve marketplace functionality and User experience; and
(h) Improving, testing, monitoring, and maintaining the quality, safety, and performance of the Platform and its recommendation systems.
10.2 Automated Profiling and Human Review. Certain AI-based features may involve automated profiling or ranking of Users based on personal data, Platform activity, social media analytics, engagement metrics, ratings, campaign performance, or related signals. Such processing may affect search visibility, recommendations, fraud-risk assessments, campaign matching, or related Platform functionality.
Collebrity does not rely solely on automated processing to make decisions that produce legal or similarly significant adverse effects on Users without reasonable human oversight where required under applicable law.
Where a User believes that an automated decision or profiling outcome has materially affected them, the User may:
(a) Request a human review of the relevant determination; and
(b) Contest the outcome through the grievance mechanism described in Clause 14.
10.3 Use of Ethnicity Data. Where a Creator voluntarily provides ethnicity data with ex [the source text ends here mid-sentence โ please complete this clause from your original]
11. Cookies and Tracking Technologies
11.1 We use cookies and similar tracking technologies on the Platform to enable essential functionality, measure platform performance, and serve relevant advertising. A detailed description of cookies used on the Platform is set out in our Cookie Policy (available at collebrity.com/cookies).
11.2 The following categories of cookies are currently deployed on the Platform:
Cookie Category | Examples | Purpose | Consent Required |
|---|---|---|---|
Strictly Necessary | Session cookies, login tokens, CSRF tokens | Essential for Platform functionality; cannot be disabled | No |
Analytics | Google Analytics (_ga, _gid) | Measuring Platform traffic, user behaviour, and feature usage | Yes |
Advertising / Retargeting | Meta Pixel, Google Ads remarketing tags | Measuring ad campaign effectiveness; serving targeted advertising to users on social media platforms | Yes |
Functional | Language preference, UI settings | Remembering user preferences for a better experience | No (but may be disabled) |
11.3 When you first access the Platform, you will be presented with a cookie consent banner that allows you to (a) accept all cookies, (b) reject all non-essential cookies, or (c) customize your cookie preferences by category. Strictly Necessary cookies are not subject to consent. The cookie consent banner shall be presented at India launch and shall continue to operate at all subsequent launches.
11.4 Third-Party Cookies. The Google Analytics and Meta Pixel tracking technologies deploy third-party cookies on the Platform. The data collected by these tools is governed by Google's and Meta's respective privacy policies. We recommend that you review those policies for information on how these companies handle data collected through their tracking technologies.
11.5 No Third-Party Advertising on the Platform. Collebrity does not currently permit third-party advertisers to serve advertisements to Users on the Platform. The advertising technologies deployed (including Meta Pixel) are used solely for Collebrity's own marketing measurement and retargeting purposes and not to serve ads from external brands to Platform Users.
12. Marketing Communications
12.1 With your prior consent, Collebrity may send you promotional and marketing communications through the following channels: email, SMS, WhatsApp notifications, and in-app push notifications.
12.2 Consent for marketing communications shall be obtained separately from the consent given for Terms and Conditions acceptance, through a clear opt-in mechanism. You are under no obligation to consent to marketing communications to use the Platform. Transactional communications โ such as Order confirmations, payment receipts, dispute notifications, and Account-related alerts โ are sent regardless of marketing consent and do not require separate consent as they are necessary for the provision of the Services.
12.3 CAN-SPAM Act (United States). For marketing emails sent to Users in the United States, Collebrity complies with the requirements of the CAN-SPAM Act, 2003, including: (a) including a clear identification of the sender; (b) including a valid physical mailing address; and (c) providing a functional and accessible opt-out mechanism in every marketing email. Opt-out requests shall be honoured within Ten (10) business days.
12.4 Withdrawal of Marketing Consent. You may withdraw consent to marketing communications at any time by: (a) clicking the "Unsubscribe" link in any marketing email; (b) adjusting notification preferences in your Account settings; or (c) writing to [email protected]. Withdrawal of marketing consent shall not affect the lawfulness of marketing communications sent before the withdrawal.
13. Your Rights as a Data Principal
13.1 Under Sections 11 to 14 of the DPDPA 2023, you have the following rights in relation to your personal data processed by Collebrity. To exercise any of these rights, please write to [email protected] or use the grievance mechanism described in Clause 14.
Right | What It Means | How to Exercise |
|---|---|---|
Right to Access (Section 11) | You have the right to obtain a summary of the personal data we hold about you and the purposes for which it is being processed. | Submit a request to [email protected] |
Right to Correction (Section 12(a)) | You have the right to correct inaccurate or misleading personal data. | Update in Account settings or submit a request |
Right to Completeness (Section 12(b)) | You have the right to have incomplete personal data completed. | Submit a request to [email protected] |
Right to Erasure (Section 12(c)) | You have the right to have your personal data erased once the purpose for which it was collected is no longer being served, subject to statutory retention obligations (see Clause 6). | Submit a deletion request or initiate Account deletion |
Right to Grievance Redressal (Section 13) | You have the right to lodge a grievance with Collebrity's Grievance Officer regarding any breach of the DPDPA or this Policy, and to have the grievance addressed within the prescribed time. | Contact the Grievance Officer (Clause 14) |
Right to Nominate (Section 14) | You have the right to nominate another individual to exercise your rights in the event of your death or incapacity. | Submit a nomination request to [email protected] |
Right to Withdraw Consent (Section 6(4)) | You may withdraw consent at any time. Withdrawal will not affect processing carried out before withdrawal. For specific consent-based processing (such as ethnicity data and marketing), withdrawal will result in cessation of that specific processing. | Update profile settings or contact us |
Right to Complain to the Data Protection Board (Section 13(3)) | If your grievance is not resolved by Collebrity's Grievance Officer to your satisfaction, you have the right to approach the Data Protection Board of India. | File a complaint at www.dataprotectionboard.gov.in [to be updated when the Board is operational] |
13.2 We shall respond to requests for exercise of rights within such period as may be prescribed under the DPDPA and its rules. Where a request cannot be fulfilled for legal reasons (for example, where data must be retained for statutory compliance), we shall inform you of the reason in writing.
14. Grievance Mechanism
14.1 In accordance with Section 13 of the DPDPA, 2023, Section 8(9) of the DPDPA, and Rule 3(2) of the IT Rules 2021, Collebrity has appointed a Resident Grievance Officer / Data Protection Contact. The current name, designation, and contact details are published at collebrity.com/grievance and shall be promptly updated upon any change. As at the date of this Policy:
Designation: Resident Grievance Officer / Data Protection Contact; Name: Gilbert Doss; Contact Email: [email protected] (monitored by the Resident Grievance Officer); Grievance Portal: https://collebrity.com/contact.
Where the contact details published at collebrity.com/grievance differ from those set out in this Policy, the details published on the Platform's grievance redressal page shall prevail.
Designation | Resident Grievance Officer / Data Protection Contact |
|---|---|
Name | Gilbert Doss |
Contact Email | |
Grievance Portal | https://collebrity.com/contact |
14.2 Grievance Process. If you have any complaint or concern regarding the processing of your personal data, or wish to exercise any of the rights described in Clause 13, please submit your grievance in writing to the Grievance Officer at the email or portal above. Your grievance should include: (a) your name and registered email address; (b) a description of the concern or the right you wish to exercise; and (c) any supporting documentation.
14.3 Response Timelines. Collebrity shall acknowledge receipt of your grievance within Twenty-Four (24) hours and shall endeavour to resolve it within such period as may be prescribed under the DPDPA and its rules (currently proposed at Thirty (30) days from receipt).
14.4 Data Protection Board. If your grievance is not resolved to your satisfaction, you have the right to file a complaint with the Data Protection Board of India, once constituted and operational under the DPDPA. The contact details of the Data Protection Board will be updated in this Policy upon operationalisation.
15. Children's Data
15.1 The Platform is not directed at persons below the age of Eighteen (18) years. Collebrity does not knowingly collect personal data from minors. The Platform enforces a minimum age requirement of 18 years at registration through a birth year selection mechanism.
15.2 If you are a parent or guardian and become aware that a person below the age of 18 has registered on the Platform, please contact us immediately at [email protected]. Upon verification, we shall promptly delete the Account and all associated personal data.
15.3 Collebrity does not engage in behavioural monitoring, targeted advertising, or tracking of users known to be minors, in compliance with Section 9 of the DPDPA and applicable international standards including the Children's Online Privacy Protection Act (COPPA) for US users.
16. Third-Party Links and Services
16.1 The Platform may contain links to third-party websites, social media platforms (including Instagram, YouTube, TikTok, and others), and external services. This Policy applies only to data processed by Collebrity through the Platform. We are not responsible for the privacy practices or content of third-party websites or services.
16.2 When a Creator links their social media account to the Platform through an API integration, such integration is governed by the terms of the relevant social media platform (including Meta's Developer Platform Policy and Google's API Services User Data Policy). Collebrity uses data obtained through social media APIs only in accordance with the applicable API platform's terms and only for the purposes disclosed in this Policy.
17. Changes to This Policy
17.1 We may update this Policy from time to time to reflect changes in our data processing practices, applicable law, or Platform features. Material changes to this Policy shall be communicated to registered Users by email to their registered email address at least Fourteen (14) days before the change takes effect.
17.2 Continued use of the Platform after the effective date of any change to this Policy shall constitute your acceptance of the revised Policy. If you do not agree to a revised Policy, you may close your Account before the effective date.
17.3 The version number and date of last revision of this Policy are displayed in the header and footer of this document and on the Platform's privacy page.
18. Contact Us
For all queries, requests, or concerns relating to this Policy or the processing of your personal data, please contact us through any of the following channels:
General Support | |
|---|---|
Privacy and Data Protection | |
Grievance Officer | |
Grievance Portal | |
Registered Office | Collebrity Private Limited, Flat No. 504, Veerasandra, Veerasandra Gollahalli Main Road, Bengaluru, Karnataka โ 560100, India |
Schedule A โ Key Definitions
"Data Fiduciary" has the meaning assigned to it in Section 2(i) of the DPDPA โ any person who alone or in conjunction with others determines the purpose and means of processing of personal data.
"Data Principal" has the meaning assigned to it in Section 2(j) of the DPDPA โ the individual to whom the personal data relates.
"Data Processor" has the meaning assigned to it in Section 2(k) of the DPDPA โ any person who processes personal data on behalf of a Data Fiduciary.
"DPDPA" means the Digital Personal Data Protection Act, 2023 (No. 22 of 2023), and includes any rules, regulations, or directions issued thereunder.
"GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
"Personal Data" has the meaning assigned to it in Section 2(t) of the DPDPA โ any data about an individual who is identifiable by or in relation to such data.
"Processing" has the meaning assigned to it in Section 2(x) of the DPDPA โ an automated operation or set of operations performed on digital personal data, including collection, recording, storage, use, sharing, disclosure, or deletion.
"Sensitive Personal Data" under the DPDPA, refers to personal data whose processing is likely to cause significant harm to the Data Principal, as may be specified by the Government of India. For the purposes of this Policy, ethnicity data is treated as sensitive personal data requiring explicit consent.
