Data Removal and Right to Erasure Policy

Flinque Data Removal and Right to Erasure Policy

The short version, so you know how to get your data deleted

You can ask us to delete your personal data. Customers submit requests through their dashboard or via our contact page. Creators whose public profiles appear in our platform can submit opt-out requests through a dedicated process. Verified creator requests are typically processed within 48 hours. Customer deletion requests are processed within 30 days, with some exceptions for legal holds, fraud prevention, and billing records we are required to keep.

This page explains exactly how the process works, what we can and cannot delete, how to verify your identity, and how long you should expect to wait.

To submit a request, use the contact page.

1. Purpose and Scope
2. Who Can Request Removal
3. Legal Basis for the Right
4. Customer Deletion Requests
5. Creator Opt-Out and Removal
6. Visitor and Marketing Data Removal
7. Verification Procedures
8. What We Can Delete
9. What We Cannot Delete
10. Exceptions and Legal Holds
11. Response Timelines
12. Sub-processor Deletion Cascade
13. Confirmation and Evidence
14. If Your Request Is Refused
15. Contact for Removal Requests

1. Purpose and Scope

This policy explains how Flinque handles requests to delete or remove personal data from the Flinque influencer marketing platform. It covers:

• Customer deletion requests (your own account and data)
• Creator opt-out and profile removal requests
• Visitor and marketing data removal
• Third-party removal requests made by authorized representatives

This policy works with our Privacy Policy, Data Retention Policy, GDPR Compliance, and CCPA Compliance policies.

2. Who Can Request Removal

The following individuals can request data removal:

• Customers: individuals with active or past Flinque accounts
• Team members: individuals invited to a customer workspace
• Creators: individuals whose public profile data appears in our platform
• Visitors: individuals who interacted with our website, newsletters, or webinars without creating an account
• Authorized agents: individuals or organizations authorized to submit requests on behalf of data subjects
• Parents and guardians: submitting on behalf of minors under applicable child privacy laws
• Legal representatives: submitting on behalf of incapacitated or deceased individuals where permitted by law

Each category has specific verification steps detailed in Section 7.

3. Legal Basis for the Right

The right to data deletion is recognized under multiple legal frameworks. We honor the right under:

• GDPR Article 17: “right to erasure” or “right to be forgotten” for individuals in the EEA, UK, and Switzerland
• CCPA §1798.105: right to deletion for California residents
• Other applicable US state laws: Virginia CDPA, Colorado CPA, Connecticut CTDPA, and similar state privacy laws
• Other applicable international laws: Canadian PIPEDA, Brazilian LGPD, Australian Privacy Act, and equivalent frameworks

Where you have no specific legal right, we still honor reasonable removal requests as a matter of good practice, subject to legitimate business needs.

You do not need to cite a specific legal basis when making a request. We apply the most protective framework available to you.

4. Customer Deletion Requests

Customers can request deletion of their Flinque data in two ways.

4.1 Full account deletion

Close your entire account through your dashboard settings or by submitting a request via our contact page. Full account deletion:

• Removes access immediately on confirmation
• Deletes your account data, User Content, and workspace content from production within 30 days
• Allows content to propagate out of backups during normal rotation (up to 90 days)
• Preserves records we are legally required to keep (see Sections 9 and 10)

Before closing your account, export any content you want to keep. Exports are not available after deletion.

4.2 Partial deletion

You can request deletion of specific items instead of the full account:

• Individual creator lists, campaign notes, or outreach templates through the dashboard
• Specific data categories (for example analytics tracking) through a contact page request
• Marketing subscriber records (via email unsubscribe link or support request)

4.3 Workspace admin actions

Account owners can remove team members from a workspace, which revokes their access. The team member’s personal data (name, email, authentication details) is removed from the workspace context within 30 days, though their personal account data may remain under their personal control.

5. Creator Opt-Out and Removal

Creators whose public profile data appears in our platform have specific rights to opt out or request removal.

5.1 How creators request removal

Creators can submit removal requests through the following channels:

• Use our contact page with category “Creator Data Removal”
• Submit through our Report an Issue page with category “Data Removal Request”

5.2 What to include

• Your social media username(s) and platform(s)
• The URL of your public profile
• Your preferred method for us to confirm your identity
• Scope of the request (full removal, partial removal, or specific data points)

5.3 Identity verification for creators

We verify creator identity through one of these methods:

• DM verification: we send a message through your verified social account
• Email confirmation: we send an email to an address you have published on your profile
• Bio placement: we ask you to temporarily place a verification code in your bio
• Government ID: in specific cases, we may request an ID document (rarely needed)

5.4 Processing timeline

Verified creator removal requests are processed within 48 hours. Complex requests or those requiring additional verification may take longer, in which case we keep you informed.

5.5 What removal means for creator data

When we complete a creator removal:

• Your profile data is removed from active search results and creator views
• Your profile is flagged as opted-out so future data refreshes do not re-index you
• Aggregated statistics derived before removal may persist in anonymized form
• Cached or exported data already in customer workspaces is not centrally removed (see Section 5.6)

5.6 Data already exported by customers

Data that Flinque customers have already exported (to CSV, CRM, or other systems) is outside our direct control once exported. If a customer is handling your data improperly, you can report it through our contact page and we will investigate per our Acceptable Use Policy.

6. Visitor and Marketing Data Removal

Individuals who have interacted with our marketing (newsletters, webinars, content downloads) without creating an account can still request removal.

• Email newsletter unsubscribe: use the unsubscribe link in any marketing email; your email is suppressed immediately
• Full marketing record deletion: submit a request through our contact page with category “Marketing Data Removal”
• Webinar registration data: request removal via the contact page; registration records are deleted within 30 days
• Content download records: include the specific content downloaded so we can locate and remove the record
• Cookie-based tracking: clear cookies through your browser and update preferences through our cookie banner; see our Cookie Policy

Unsubscribing suppresses future marketing without removing existing records. Full deletion removes the record itself.

7. Verification Procedures

To protect your data from unauthorized deletion requests, we verify identity before processing substantive requests. Verification is proportionate to the sensitivity of the request.

7.1 Customer verification

• Logged-in actions through your dashboard are self-authenticating
• Email requests from your registered account email are verified by sending a confirmation link
• Requests from other email addresses require additional verification steps

7.2 Creator verification

See Section 5.3 for creator-specific verification methods (DM, email, bio placement, ID).

7.3 Authorized agent verification

Authorized agents (lawyers, privacy representatives, privacy services) must provide:

• Written authorization signed by the data subject
• Proof of the agent’s identity
• Verification of the data subject’s identity using our standard methods
• Power of attorney where applicable

7.4 Parent and guardian verification

Requests on behalf of minors require verification of the parent or guardian relationship and the minor’s identity, consistent with our Children’s Privacy Policy.

8. What We Can Delete

Subject to the exceptions in Sections 9 and 10, we can delete the following on request:

• Account profile data (name, email, preferences)
• Authentication and session records
• User Content you created in your workspace (lists, notes, templates, exports)
• Support tickets and correspondence
• Marketing records (subscriber status, engagement data)
• Analytics records tied to you as an identifiable individual
• Your creator public data from active search and profile views
• Historical content in our databases once retention exceptions no longer apply

Deletion removes data from production systems. Residual copies in backups are rotated out during normal backup cycles within 90 days.

9. What We Cannot Delete

Some data cannot be deleted on request due to legitimate business or legal needs:

• Billing and tax records: retained for 7 years per our Data Retention Policy to meet tax, accounting, and audit obligations
• Fraud prevention records: minimal identifiers (such as hashed emails) of banned accounts retained to prevent re-registration and repeat abuse
• Legal hold data: data subject to ongoing litigation, regulatory investigation, or law enforcement request
• Anonymized aggregates: data that has been genuinely anonymized and cannot be linked back to you is no longer personal data and is not subject to deletion
• Data held for exercising or defending legal claims: records needed to protect our legal position
• Publicly available information outside our control: content you have posted publicly on social platforms remains on those platforms regardless of what we delete
• Other customers’ data: deletion of your data does not extend to data owned by other Flinque customers who may have independently captured information about you

Where we cannot delete, we explain the specific reason and, where applicable, when the exception expires.

10. Exceptions and Legal Holds

Standard deletion procedures can be suspended where legal or regulatory requirements apply.

10.1 Legal holds

When data is subject to pending or reasonably anticipated litigation, regulatory investigation, law enforcement request, or internal compliance review, we suspend normal deletion and preserve the data until the hold is released.

10.2 Ongoing contractual obligations

Where Enterprise contracts require specific retention periods, those contracts control for the relevant data. Requests affecting Enterprise-held data are coordinated through the Enterprise customer relationship.

10.3 Statutory retention minimums

Tax, accounting, and audit laws impose minimum retention periods that override deletion requests. These apply regardless of where you are based.

10.4 Public interest and journalism

Under GDPR Article 17(3), the right to erasure does not apply where processing is necessary for the exercise of the right of freedom of expression and information, compliance with legal obligation, public interest, or the establishment, exercise, or defense of legal claims.

11. Response Timelines

We respond to deletion requests within these timeframes:

Complex or high-volume requests may require the 90-day extension, with written notice explaining the reason for the delay.

12. Sub-processor Deletion Cascade

When we delete your data, we also instruct our sub-processors to do the same where they hold personal data related to you.

12.1 Which sub-processors receive deletion instructions

Sub-processor categories that may hold your data include:

• Cloud hosting (account and workspace data)
• Email delivery services (marketing and transactional emails)
• Customer support tools (support tickets and chat logs)
• Analytics platforms (product usage data)
• Payment processor Stripe (billing records, subject to PCI DSS retention)

12.2 Cascade timeline

Sub-processors generally complete deletion within 30 days of receiving our instruction, matching our overall 30-day commitment. Some vendors have their own retention obligations that may extend this timeline (for example, payment records held by Stripe).

12.3 Limitations of cascade

Sub-processor cascades apply to data held on our behalf. Sub-processors also hold their own independent records (security logs, fraud prevention data, legal holds) subject to their own retention policies, which we do not control.

13. Confirmation and Evidence

When your deletion request is completed, we confirm it in writing.

Our confirmation includes:

• Date of completion
• Scope of data deleted
• Any data retained under exceptions (with reasons)
• Expected timeline for backup propagation
• Reference number for future correspondence

Enterprise customers may request a formal certificate of destruction for audit purposes; these are issued where reasonably feasible.

14. If Your Request Is Refused

In the small number of cases where we cannot fulfil a deletion request, we provide:

• A clear explanation of why the request was refused or partially fulfilled
• The specific legal or operational basis for the refusal
• Information about your right to lodge a complaint with a data protection authority
• Details of any alternative actions available (for example restriction of processing instead of deletion)

You can request a review of a refused decision through our contact page with additional information or context.

If you are not satisfied with our response, you have the right to lodge a complaint with a relevant data protection authority (for EEA residents, see our GDPR Compliance page for supervisory authorities).

15. Contact for Removal Requests

For data removal requests or questions about this policy, contact us.