kollab

Entwurf — in rechtlicher Prüfung · v1 · June 12, 2026

Datenschutzerklärung

1. What we collect

Account data (name, email, role), creator profile data (niches, languages, market, content formats, rate card), social account data you connect through platform OAuth (handle, audience metrics reported by the platform API), and client billing details (company, billing email, country).

2. Payments

Card data is processed by Stripe and never touches our servers. Tax identification for creators is collected by Stripe; we store only status flags.

3. Analytics

Public pages may use basic analytics (Google Analytics 4) with a consent banner. Dashboards carry no third-party analytics.

4. What clients see

Clients see creator profiles in anonymized form until a campaign is paid; verified metrics come from platform APIs. See section 6 for how we share data (and what we never share).

5. YouTube API Services

When a creator connects a YouTube channel for verification, Kollab uses YouTube API Services. By connecting, you agree to be bound by the YouTube Terms of Service, and you acknowledge that the Google Privacy Policy applies to data accessed through Google APIs.

What we access. Using the read-only scope youtube.readonly, we read public statistics of your own channel only (channel id, channel title/handle, and public subscriber and video/view counts). We do not access your videos, comments, private data, or any other channel.

How we use it. We display your API-verified audience size to clients in place of self-reported numbers; only API-verified figures are used in campaign offers. A rough engagement estimate is derived from public counts and clearly labelled an estimate.

Storage & refresh. Authorization tokens are encrypted at rest (AES-256-GCM) and never exposed to clients or other creators. We store the channel id, handle and the latest public counts, and periodically refresh the subscriber count using your authorization so it stays current.

Revoking access.You can disconnect a channel at any time from your creator profile, which deletes the stored tokens and channel data and revokes our access. You may also revoke access via Google's security settings. Historical campaign records created before disconnection are retained as a record of the transaction.

Limited Use.Kollab's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

6. Data sharing

We do not sell, rent, or trade your personal data, and we do not share, transfer, or disclose Google user data to third parties for their own purposes. In particular, data obtained through Google APIs (your YouTube channel id, handle, public subscriber and video/view counts, and the OAuth tokens) is used solely to display your verified creator metrics on kollab. It is never sold, used for advertising, or used to train AI/ML models.

The only figures shown to other users are your verified metric numbers (e.g. subscriber count), presented to prospective clients inside kollab as part of a campaign offer. Raw Google data and OAuth tokens are never shared with clients or other creators.

We use a small number of infrastructure service providers strictly to operate kollab — our database and authentication provider Supabase and our cloud hosting/payments providers. These providers process data on our behalf as processors under their data-processing agreements and are not permitted to use it for their own purposes. We may also disclose data where required by law.

7. Data protection

We protect sensitive data, including Google user data, with the following mechanisms:

  • OAuth authorization tokens are encrypted at rest using AES-256-GCM; encryption keys are managed separately from the database.
  • All data is transmitted over encrypted connections (TLS/HTTPS).
  • Access to Google user data is restricted to the minimal automated operations needed to verify and refresh your public metrics; tokens are never exposed to clients or other creators.
  • You can revoke access at any time with Remove / Disconnect on your creator profile, which deletes the stored tokens and revokes our access at Google. You may also revoke via Google's security settings.

8. Live chat (Tawk.to)

Our public pages offer a live chat powered by Tawk.to, a third-party data processor. When the chat loads, Tawk.to may collect visitor data (such as IP address, device/browser information, page activity, and anything you type into the chat) to provide the service. That data is processed by Tawk.to under its own Privacy Policy. The chat loads only after you accept cookies/analytics on this site, and only on our public pages — never inside the signed-in dashboard.

9. Contact

Questions: hello@kollab.vip.