Back to home

Privacy Policy

Last updated: Feb 21, 2026

1. Scope and Controller Information

This Privacy Policy explains how Okacrm collects, uses, discloses, stores, and otherwise processes information when you access or use the Okacrm websites, applications, dashboards, client portal, integrations, APIs, and related services (collectively, the "Service"). Depending on your jurisdiction, Okacrm acts as a data controller for account administration, service delivery, product security, billing operations, and legal compliance activities. This policy applies to influencer users, client users, prospective customers, and authorized representatives who interact with the Service.

By creating an account, connecting third-party platforms, sending content through workflows, or using the client portal, you acknowledge the data practices described in this Privacy Policy. If you do not agree with this policy, do not use the Service.

2. Information We Collect

We collect information directly from you, automatically through use of the Service, and from connected partners you authorize. Categories of information we process may include:

  • Account and identity data: name, username, email address, password hash, profile image, timezone, account role, organization associations, and authentication metadata.
  • Connected platform data: Instagram and TikTok account identifiers, profile metadata, media objects, engagement and audience insights, demographic summaries, account sync status, token expiry metadata, and related integration logs.
  • Content and collaboration data: campaign records, content links, scheduling plans, proposal drafts and status history, revision notes, internal workspace references, and client-portal scoped data views.
  • Financial and transaction data: invoices, invoice line items, currency and pricing context, payment status and related transaction references.
  • Support and communications data: service inquiries, legal and privacy requests, troubleshooting details, and correspondence records.
  • Technical and usage data: IP address, device and browser characteristics, session activity, approximate geolocation inferred from IP, referral source, and operational diagnostics used for reliability and security.

3. Sources of Data

We receive information from multiple sources:

  • Information you submit through registration, profile setup, billing workflows, support forms, proposal collaboration, and portal interactions.
  • Information from integrations you authorize, including Instagram and TikTok.
  • Information generated by system processes such as sync jobs, analytics summarization, account security monitoring, and audit events.
  • Information from service providers supporting hosting, authentication, monitoring, messaging, and transactional operations.

4. How We Use Information

We process personal information to operate and improve the Service, including to:

  • Authenticate users, manage sessions, and enforce guard-specific access boundaries for influencer and client roles.
  • Connect authorized social accounts and run profile, media, insights, demographics, and token refresh workflows.
  • Generate and manage proposals, invoices, campaign associations, scheduling plans, and client collaboration portals.
  • Track invoice payment outcomes and maintain required accounting records.
  • Detect fraud, abuse, security incidents, suspicious authentication behavior, and integration misuse.
  • Provide service communications, product notices, policy updates, and legal or regulatory notifications.
  • Perform analytics and aggregate reporting to improve product quality, reliability, and workflow performance.
  • Comply with legal obligations, enforce contractual rights, and protect the safety and rights of users and third parties.

5. Legal Bases for Processing

Where required by law, we rely on one or more legal bases for processing personal information: contractual necessity to provide the Service you request, legitimate interests in operating and securing the Service, compliance with legal obligations, protection of vital interests, and consent where specifically requested. If consent is the legal basis, you may withdraw consent at any time, subject to processing already performed and legal retention requirements.

6. Cookies, Similar Technologies, and Analytics

We use cookies and similar technologies to maintain authenticated sessions, remember settings, secure interactions, and measure performance. Disabling certain cookies may limit core functionality, including login persistence, dashboard state, and workflow continuity. Browser or device-level controls may allow you to manage cookie preferences, but such controls may not affect all service-side storage and logging used for security and fraud prevention.

7. Data Sharing and Disclosures

We do not sell personal information. We disclose information only as reasonably necessary for business operations, legal compliance, and rights protection, including with:

  • Infrastructure, hosting, logging, communications, and support vendors under contractual safeguards.
  • Integration providers you authorize, such as Instagram and TikTok, each of which has independent privacy practices.
  • Professional advisors, insurers, and auditors under confidentiality obligations.
  • Government authorities or counterparties where legally required or where necessary to investigate misuse, fraud, or security incidents.
  • Successors in merger, financing, acquisition, reorganization, bankruptcy, or asset-transfer events, subject to applicable legal constraints.

When client-portal collaboration is enabled, information scoped to a client relationship may be visible to authorized client users designated by the influencer workspace owner.

8. International Data Transfers

The Service may operate across multiple regions. Information may be transferred to and processed in countries other than your own, including where data protection laws may differ. Where required, we implement transfer mechanisms and contractual protections intended to address cross-border processing risks.

9. Data Retention

We retain information for as long as necessary to provide requested services, maintain product integrity, resolve disputes, enforce agreements, and satisfy legal, tax, accounting, and audit obligations. Retention periods vary by data type, user role, security necessity, and regulatory requirements. We may retain de-identified or aggregated information for analytics and service improvement where permitted by law.

10. Security Measures

We apply administrative, technical, and organizational safeguards designed to protect information in transit and at rest, including access controls, role-based boundaries, logging, and security monitoring. No method of transmission or storage is guaranteed to be absolutely secure. You are responsible for maintaining credential confidentiality, controlling account access, and promptly notifying us of suspected unauthorized use.

11. Your Rights and Choices

Subject to applicable law and verification, you may have rights to request access, correction, deletion, restriction, portability, or objection to certain processing. You may also request information about disclosures and, where applicable, designate an authorized agent. We may deny or limit requests where exemptions apply, where identity cannot be verified, or where fulfillment would infringe legal obligations or rights of others.

To exercise privacy rights, contact us using the details below. We may request additional information to verify identity and request scope.

12. Third-Party Services and External Policies

The Service integrates with or links to third-party products and services. Their data practices are governed by their own terms and policies. Okacrm is not responsible for third-party privacy, security, operational, or compliance practices, including platform changes, API limitations, account suspensions, or independent processing performed by those providers.

13. Children's Privacy

The Service is intended for professional users and is not directed to children under the age required by local law to independently consent to data processing. If you believe a child has provided personal information in violation of this policy, contact us and we will take commercially reasonable steps to investigate and address the report.

14. Policy Updates

We may revise this Privacy Policy from time to time to reflect changes in law, technology, service functionality, integrations, and risk controls. Updated versions become effective when posted unless a different effective date is stated. Continued use of the Service after an update constitutes acknowledgment of the revised policy.

15. Contact

For privacy questions, rights requests, or data-protection concerns, contact info@okacrm.net. We may require verification details before fulfilling sensitive requests.