CCPA Compliance Policy

Flinque CCPA Compliance Policy

The short version, for California residents

If you live in California, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) gives you specific rights over your personal information. This page explains what we collect about California residents, what we do with it, whether we sell or share it, and how you can exercise your rights.

Short answer: Flinque does not sell personal information for money and does not share it for cross-context behavioral advertising in the sense defined by CPRA. We process your information to operate our platform, support customers, and market our services, with specific protections for sensitive information and minors.

To exercise your CCPA rights, use the contact page.

1. Scope and Applicability
2. Key Definitions
3. Categories of Personal Information Collected
4. Sources of Personal Information
5. Purposes of Processing
6. Disclosure to Third Parties
7. Sale and Sharing of Personal Information
8. Sensitive Personal Information
9. Minors Under 16
10. Your Rights Under CCPA/CPRA
11. How to Exercise Your Rights
12. Verification Procedures
13. Authorized Agent Requests
14. Non-Discrimination
15. Contact for CCPA Matters

1. Scope and Applicability

This CCPA Compliance Policy explains how Flinque handles Personal Information about California residents under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (collectively, “CCPA/CPRA”), in connection with the Flinque influencer marketing platform.

This policy applies to:

• California residents who visit our website or use our platform
• California residents who interact with our marketing, webinars, or support teams
• California-based creators whose public data appears in our platform
• California-based team members using a customer workspace

This policy supplements and should be read with our Privacy Policy and Data Privacy Policy. Where CCPA/CPRA requires more detail than the general policies, this document governs for California residents.

2. Key Definitions

Understanding CCPA/CPRA is easier with a few defined terms:

• Personal Information (PI): information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household
• Sensitive Personal Information (SPI): a specific subset of PI including government IDs, precise geolocation, racial or ethnic origin, religion, genetic data, biometric data, health data, sex life or sexual orientation data, and certain other categories
• Sale: selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating PI for monetary or other valuable consideration
• Share: disclosing or making PI available for cross-context behavioral advertising, whether for consideration or not
• Business purpose: the operational uses listed in CCPA that do not count as sale or sharing
• Service provider: a third party that processes PI on behalf of a business under a written contract with specific CCPA restrictions
• Contractor: similar to service provider but may have access to PI for broader purposes under CCPA restrictions

We use these terms throughout this policy as defined by CCPA/CPRA.

3. Categories of Personal Information Collected

In the 12 months preceding this policy’s effective date, we have collected the following categories of Personal Information about California residents, mapped to the CCPA/CPRA statutory categories:

We do not knowingly collect CCPA-defined sensitive personal information for operational purposes. See Section 8 for sensitive PI handling.

We retain each category according to our Data Retention Policy.

4. Sources of Personal Information

We collect Personal Information from the following sources:

• Directly from you: account registration, contact forms, webinar signups, support requests, newsletter subscriptions
• Automatically from your interactions: cookies, pixels, server logs, analytics scripts (subject to our Cookie Policy)
• From publicly available sources: social media profiles of creators (usernames, bios, public posts, follower counts)
• From third-party sources: authorized creator data aggregators, payment processor Stripe, integration partners when customers connect their accounts
• From referrals: partners in our Affiliate Program or co-marketing arrangements

Where we obtain data from third parties, we confirm they have authority to provide it to us.

5. Purposes of Processing

We use Personal Information for the following purposes:

• Providing the Service (account management, authentication, billing)
• Supporting customers and responding to inquiries
• Improving our platform and developing new features
• Sending transactional and service communications
• Marketing to existing customers and prospects (with consent where required)
• Security, fraud prevention, and abuse detection
• Auditing, compliance, and legal defense
• Aggregating data for internal analytics and industry research (de-identified)

We do not use Personal Information for purposes that are materially different from those disclosed here without providing additional notice and, where required, obtaining consent.

6. Disclosure to Third Parties

We disclose Personal Information to the following categories of third parties for business purposes:

• Service providers: cloud hosting, payment processing (Stripe), email delivery, customer support tools, analytics platforms, AI service providers, security monitoring vendors
• Contractors: third-party data aggregators who provide creator data under strict contractual restrictions
• Professional advisors: lawyers, accountants, auditors bound by confidentiality
• Legal and regulatory authorities: where required by law, court order, or to protect our rights
• Business transferees: in the event of a merger, acquisition, or sale of assets, subject to this policy’s ongoing protections

All third parties that receive PI from us are contractually required to protect it and use it only for the specified business purposes.

A current categorized list of sub-processors is in our Data Privacy Policy.

7. Sale and Sharing of Personal Information

We provide specific disclosures about whether we sell or share Personal Information as defined by CCPA/CPRA.

7.1 Sale of Personal Information

Flinque does not sell Personal Information for money. We do not exchange PI for monetary consideration with any third party.

7.2 Sharing for cross-context behavioral advertising

We use advertising and analytics cookies from providers such as Google, Meta, and LinkedIn to measure and optimize our marketing. Under CPRA’s expansive definition, the use of these cookies may constitute “sharing” of PI for cross-context behavioral advertising. You can opt out of this at any time using our cookie controls or the “Do Not Sell or Share” link described in Section 7.4.

7.3 Categories disclosed for business purposes

In the past 12 months, we have disclosed the following PI categories to service providers and contractors for business purposes: identifiers, customer records, commercial information, internet/network activity, approximate geolocation, professional information, inferences, and audio/visual content (support calls with notice).

7.4 Do Not Sell or Share My Personal Information

California residents have the right to direct us not to share PI for cross-context behavioral advertising. To exercise this right:

• Use the “Do Not Sell or Share My Personal Information” link in our website footer
• Adjust cookie preferences through our cookie banner
• Enable Global Privacy Control (GPC) in your browser; we treat GPC signals as opt-out requests
• Submit a request through our contact page with category “Do Not Sell/Share”

Opt-out requests take effect within 15 business days and remain in effect for at least 12 months.

8. Sensitive Personal Information

CPRA gives California residents the right to limit the use and disclosure of Sensitive Personal Information.

Flinque does not intentionally collect Sensitive Personal Information (as defined by CPRA) for operational purposes beyond what is strictly necessary to:

• Provide the Service you request
• Protect the security and integrity of our platform
• Detect and prevent fraud or illegal activity
• Perform audits or comply with legal obligations

These uses fall within the CPRA exception that does not trigger the right to limit. If we begin using Sensitive Personal Information for purposes outside this exception, we will update this policy and provide a clear mechanism to exercise the right to limit.

If you believe we are processing Sensitive Personal Information about you outside these purposes, contact us through our contact page.

9. Minors Under 16

Flinque is a business-to-business platform intended for users aged 18 and over. We do not knowingly collect Personal Information from children under 16, and we do not sell or share PI of minors under 16.

CCPA requires affirmative opt-in consent before selling or sharing PI of consumers under 16. Specifically:

• Minors aged 13 to 15: must affirmatively opt in before any sale or sharing
• Children under 13: parental consent is required before any sale or sharing, and COPPA protections also apply

Because we do not knowingly collect PI of minors for these purposes, no such consent has been obtained. If we discover that we have inadvertently collected PI of a minor, we delete it promptly.

For full details on our approach to minors’ privacy, see our Children’s Privacy Policy.

10. Your Rights Under CCPA/CPRA

California residents have the following rights:

10.1 Right to know

You can request disclosure of the categories of PI we have collected, the sources, the purposes of collection, the categories of third parties with whom we share PI, and the specific pieces of PI we hold about you.

10.2 Right to delete

You can request that we delete PI we have collected about you, subject to CCPA exceptions (for example completing a transaction, security, legal compliance).

10.3 Right to correct

You can request that we correct inaccurate PI we hold about you.

10.4 Right to opt out of sale and sharing

You can direct us not to sell or share your PI. See Section 7.4 for the mechanisms.

10.5 Right to limit use of Sensitive Personal Information

You can request that we limit our use of Sensitive Personal Information to purposes permitted under CPRA. See Section 8.

10.6 Right to data portability

When exercising your right to know, you can request PI in a portable, machine-readable format.

10.7 Right to non-discrimination

We will not discriminate against you for exercising your CCPA rights. See Section 14.

11. How to Exercise Your Rights

Submit requests through any of these methods:

• Contact form: our contact page with category set to “Privacy / CCPA”
• Do Not Sell or Share link: footer of our website
• Cookie banner: for cookie-specific opt-outs
• Global Privacy Control: enable GPC in your browser
• Postal mail: write to our address in Section 15

11.1 Response timelines

• Acknowledgment: within 10 business days of receipt
• Substantive response: within 45 calendar days (extendable to 90 days with notice)
• Opt-out of sale/share: effective within 15 business days

11.2 Free of charge

Exercising CCPA rights is free. We may charge a reasonable fee or refuse requests that are manifestly unfounded or excessive.

12. Verification Procedures

To protect your privacy, we verify your identity before fulfilling substantive CCPA requests. Verification is proportionate to the sensitivity and scope of the request.

• For account holders: confirmation of account access (logging in, responding to a confirmation request sent to the account address)
• For non-account visitors: match of submitted information to data we hold about the visitor
• For sensitive requests (deletion, SPI limitation): we may request additional confirmation
• For requests about categories of PI: verification requires at least two pieces of PI we already hold
• For requests for specific pieces of PI: verification requires higher confidence, usually three pieces and a signed declaration under penalty of perjury

If we cannot verify your identity, we will explain why and may still respond to generalized categories of PI without disclosing specific details.

13. Authorized Agent Requests

You can designate an authorized agent to submit CCPA requests on your behalf. We require:

• Written authorization signed by you (the consumer) designating the agent
• Verification of the consumer’s identity using our standard verification procedures
• The agent’s contact information
• Power of attorney is sufficient evidence of authority

We may decline requests where these conditions are not met or where the authority appears fraudulent.

14. Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. We will not:

• Deny you services
• Charge you different prices or rates
• Provide a different level or quality of service
• Suggest you may receive a different price, rate, level, or quality of service

We may offer financial incentives (discounts, extended trials, loyalty rewards) that involve the collection or processing of PI, where permitted by CCPA and clearly disclosed. Participation in any such program is voluntary, and you can opt out at any time without penalty other than loss of the incentive itself.

If we offer a financial incentive that involves PI, we will provide specific disclosures about the terms at the point of offer.

15. Contact for CCPA Matters

For questions about this policy or to exercise your CCPA rights, contact us.