Privacy Policy

Inlook is a marketplace that connects brands with verified YouTube creators for product-launch sponsorships. You can reach us at support@inlookdeals.com.

Information you give us directly. When you apply as a creator we collect your name, email address, primary platform and niche, channel or profile URL, and follower range. When you apply as a brand we collect your business name, business email, product URL, and (optionally) a social URL and a short bio. When you send a message through the Service we collect the body of that message.

Account and authentication data. We use Clerk for account sign-in, sign-up, and role management. Clerk provides us with a Clerk user ID, your primary email address, first/last name, and profile image URL so we can link your account to your creator or brand record.

YouTube data. When a creator clicks “Connect YouTube Account,” we use Google OAuth to request read-only access to the YouTube Data API (youtube.readonly) and YouTube Analytics API (yt-analytics.readonly). We store the resulting OAuth access token and refresh token server-side so we can pull your channel ID, display name, profile picture, channel bio, subscriber count, total channel views, total videos, and 30-day engagement and view metrics. We never post on your behalf and we never request write scopes. You can revoke our access at any time at myaccount.google.com/permissions.

TikTok data. When a creator clicks “Connect TikTok Account,” we use TikTok Login Kit (OAuth 2.0 with PKCE) to request read-only access under the user.info.basic, user.info.profile, user.info.stats, and video.list scopes. We store the resulting access token and refresh token server-side so we can pull your TikTok open ID, display name, public profile URL (profile_deep_link), avatar URL, follower count, total likes, total video count, and per-video metrics (views, likes, comments, shares, and creation time) that we aggregate into lifetime and 30-day engagement totals. We never post on your behalf, we never request write or publish scopes, and we never access private videos. You can revoke our access at any time from your TikTok account at tiktok.com/setting/connected-apps (on mobile: Settings and privacy → Security and permissions → Apps and services permissions → choose Inlook → Remove access). See Section 5 for how to also have Inlook delete the stored tokens and cached TikTok data.

Automatically collected data. Our hosting provider and infrastructure vendors log IP addresses, user-agent strings, and request timestamps for security and abuse prevention. We do not operate a third-party analytics or advertising tracker today; if we add one in the future we will update this Policy.

Categories of personal information (CCPA). In the last 12 months we have collected the following categories of personal information: identifiers (name, email, Clerk user ID, IP address), commercial information (application details, deal history), internet activity (request logs, messages sent within the Service), and professional information (YouTube and TikTok channel/account statistics and metadata that the creator has chosen to connect). We do not sell or “share” personal information as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA). See Section 8 for how California residents may exercise their rights.

• To provide and operate the Service (account setup, verification, messaging, brand discovery).
• To verify creator analytics via the YouTube and TikTok APIs so brands see accurate engagement data.
• To send transactional emails: application confirmations, welcome / verification emails, first-message and first-reply notifications, and agreement notifications.
• To respond to support requests sent to support@inlookdeals.com.
• To prevent fraud, abuse, and violations of our Terms of Service.
• To comply with legal obligations.

We do not sell your personal information. We do not use your personal information for advertising.

We share information with service providers that help us operate the Service, under contract and only for the purposes we direct:

• Clerk — authentication, invitations, and role management.
• Supabase — database and storage for creator, brand, conversation, and message records.
• Google / YouTube — OAuth and read-only analytics, used only when a creator chooses to connect their channel.
• TikTok — Login Kit OAuth and read-only user/video data, used only when a creator chooses to connect their TikTok account.
• Our SMTP email provider — transactional email delivery.
• Stripe (planned) — payment processing once paid transactions launch. We will update this Policy before enabling Stripe.

We may also disclose information if required by law, to protect our rights or the safety of users, or in connection with a merger, acquisition, or asset sale.

What brands see. Approved brands signed in to the Service can see a creator’s display name, niche, profile picture, social links, bio, pricing, and verified engagement metrics. Brands never see a creator’s email through the Service. Similarly, creators viewing a brand profile see the business name, bio, product URL, and social URL — never the brand’s email.

What Inlook administrators see. Inlook administrators can view all creator and brand profile data, including verified engagement and analytics metrics (e.g. subscriber counts, subscriber growth, average view rate, engagement rate, view totals), pricing, contact emails, and message content, in order to operate the Service, verify accounts, moderate the marketplace, resolve disputes, and comply with legal obligations. Administrator access is limited to authorized personnel and protected by authentication and access controls.

YouTube. Inlook’s use of information received from YouTube APIs adheres to the YouTube API Services Terms of Service and the Google Privacy Policy. You can revoke Inlook’s access to your YouTube data at any time at https://myaccount.google.com/permissions.

TikTok. Inlook’s use of information received from TikTok Login Kit and the TikTok for Developers APIs adheres to the TikTok Terms of Service, the TikTok API Terms of Service, and the TikTok Privacy Policy.

How to revoke Inlook’s permissions and delete your TikTok data from Inlook. You can disconnect Inlook from your TikTok account in two steps:

1. Revoke authorization on TikTok’s side by visiting tiktok.com/setting/connected-apps (or, in the TikTok mobile app: Settings and privacy → Security and permissions → Apps and services permissions → choose Inlook → click “Remove access”). This immediately invalidates the access and refresh tokens Inlook holds for your account.
2. To have Inlook delete the tokens and cached TikTok data (display name, avatar URL, follower count, video aggregates, profile deep link) from our records as well, email support@inlookdeals.com from the address on file. We will remove the stored TikTok fields from your creator record within 7 days and purge them from encrypted backups within 90 days. If you also want your full Inlook account deleted, say so in the email (see Section 7 — Data retention, and Section 8 — Your choices and rights).

Revoking TikTok access will remove your TikTok metrics from the creator network and, if TikTok is your only connected platform, will unpublish your profile until you reconnect another platform.

Inlook itself does not set advertising or analytics cookies today. Our authentication provider (Clerk) sets session cookies that are strictly necessary for you to stay signed in. Google may set cookies during the OAuth flow when you connect your YouTube account. TikTok may set cookies during its Login Kit OAuth flow when you connect your TikTok account. You can clear or block cookies in your browser; doing so may prevent sign-in from working. We do not currently use advertising or third-party analytics cookies. If we add any non-essential cookies in the future, we will update this Policy and, where required by law, present a consent banner before any non-essential cookies are set.

We retain creator and brand records for as long as the account is active. Messages are retained for the life of the conversation. If you ask us to delete your account, we will delete your personal data from our active systems within 30 days and from encrypted backups within 90 days, except where we are required to keep records for legal, accounting, or fraud-prevention reasons.

You can update your profile information from your dashboard or by emailing us. You can revoke YouTube access at any time from your Google account, and TikTok access at any time from your TikTok account (see Section 5 for step-by-step instructions). To request access, correction, or deletion of your personal data, email support@inlookdeals.com from the address on file. We will respond within 45 days, extendable once by an additional 45 days where reasonably necessary with notice to you.

California residents (CCPA/CPRA). You have the right to (i) know what personal information we have collected about you and how we use and share it; (ii) request deletion of your personal information; (iii) request correction of inaccurate personal information; (iv) opt out of the “sale” or “sharing” of personal information (we do not sell or share personal information, so there is nothing to opt out of); and (v) not receive discriminatory treatment for exercising any of these rights. To exercise any of these rights, email us from the address on file. We may need to verify your identity before fulfilling a request. An authorized agent may submit a request on your behalf with written proof of authorization.

We encrypt data in transit over HTTPS and rely on Supabase and Clerk for at-rest encryption of our database and authentication records. Access to production systems is limited to Inlook administrators and is protected by strong authentication. No system is 100% secure; we cannot guarantee the security of information you transmit to us.

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact support@inlookdeals.com and we will delete it.

The Service is operated from the United States and is currently intended for users located in the United States. If you access the Service from outside the US, you understand that your information will be transferred to, stored in, and processed in the United States, where data-protection laws may differ from those in your jurisdiction. By using the Service from outside the US, you consent to that transfer and processing.

We may update this Privacy Policy from time to time. If we make material changes, we will notify registered users by email or by posting a prominent notice on the Service. Continued use of the Service after changes take effect means you accept the updated Policy.

Questions or privacy requests: support@inlookdeals.com.