Skip to main content

Legal

Privacy Policy

Last updated 17 May 2026

This policy explains what personal information we collect about you when you use Flarr, why we collect it, and what your rights are. The detailed POPIA notice sits on a separate page.

1. Who is the responsible party

Flarr is operated by Starlight Group SA (Pty) Ltd (reg. 2024/181302/07), a South African company. For privacy questions, contact our Information Officer at support@starlightgroupsa.co.za.

2. What we collect

You give us

  • Account information — name, email, password, user type (Creator or Business), profile photo.
  • Creator profile data — username, bio, location, niches, languages, content style, social handles, rate card.
  • Business profile data — company name, industry, website, logo.
  • Verification submissions — analytics screenshots, follower-count screenshots, and any platform OAuth connections you authorize.
  • Communications — messages between Creators and Businesses, brief applications, campaign details.
  • Billing data — handled by our payment processor; we store only the subscription ID and status, never card numbers.

Collected automatically

  • Device & usage data — IP address, browser, device type, pages viewed, referrer, timestamps.
  • Analytics events — profile views, search impressions, unlock actions, application activity.
  • Cookies — see our Cookie Policy.

From third parties

  • Connected platforms — when you link Instagram, TikTok, YouTube or X via OAuth, we receive your handle, follower count, and engagement metrics from the platform's API. We store an encrypted refresh token so we can keep that data up to date.
  • Payment processor — subscription status, plan ID, payment success/failure events.

3. Why we use it

  • To run the platform — show your profile to relevant Businesses, deliver messages, process campaign applications.
  • To verify Creators — confirm follower counts and engagement rates so brands can trust what they see.
  • To process payments — manage subscriptions and credits.
  • To improve Flarr — understand how the platform is used so we can make it better.
  • To keep things safe — detect fraud, fake accounts, manipulated metrics, abuse.
  • To communicate with you — transactional emails (account confirmation, password resets, billing receipts) and, with your consent, occasional product updates.
  • To meet legal obligations — tax records, responses to lawful requests from authorities.

4. Who we share it with

  • Other users — your public profile (everything except private contact details, billing data, and verification submissions) is visible to other signed-in users and search engines. Verified analytics are only visible to Businesses on paid plans.
  • Service providers — trusted third-party processors who help us run the platform (hosting, database and authentication, automated verification analysis, payments, transactional email). Each is bound by a data-processing agreement and only receives the personal information they need to deliver their part of the service.
  • Authorities — if compelled by a court order or to comply with South African law.
  • Buyers — if Flarr is ever sold or merged, your data may transfer to the acquirer. We will tell you before that happens.

5. International transfers

Our service providers process data in countries outside South Africa (mainly the EU and the US). Where data is transferred outside South Africa, we use providers that offer protection that is substantively similar to POPIA, as required by section 72 of POPIA.

6. How long we keep it

  • Active accounts — for as long as your account is open.
  • Closed accounts — most data is deleted within 90 days. Some records (invoices, tax data, security logs) are kept for up to 5 years as required by South African law.
  • Backups — encrypted backups roll off within 30 days.

7. Security

We protect your data with TLS in transit, encryption at rest, row- level security on our database, AES-256-GCM encryption for stored OAuth tokens, and strict role-based access for staff. No system is perfectly secure — if a breach affects your data, we will notify you and the Information Regulator without undue delay, as POPIA requires.

8. Your rights

Under POPIA, you have the right to:

  • Know what we hold about you and ask for a copy.
  • Have inaccurate data corrected.
  • Have your data deleted (subject to retention obligations).
  • Object to processing for direct marketing.
  • Withdraw consent at any time (this won't affect processing already done).
  • Lodge a complaint with the Information Regulator — see our POPIA page for their contact details.

To exercise any of these, email support@starlightgroupsa.co.za.

9. Children

Flarr is not directed at people under 18. If you become aware that a child has given us personal information without parental consent, please contact us and we will delete it.

10. Changes to this policy

If we make material changes, we will email registered users and post a notice on the platform.

11. Contact

Email support@starlightgroupsa.co.za.