Legal
Privacy Policy
Effective date: April 16, 2026
1. Who We Are
Leewou ("we," "us," or "our") operates an influencer marketing discovery platform at leewou.com (the "Platform"). The Platform provides services for brands, agencies, and marketing teams to discover, analyze, and manage relationships with social media creators.
This Privacy Policy describes how we collect, use, share, and protect personal data when you use our Platform, interact with us, or when we process data about social media creators. It also explains your rights and choices regarding your personal data.
By using our Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Platform.
2. Personal Data We Collect
We collect personal data in the following ways:
2.1 Information You Provide
| Category | Data Collected |
|---|---|
| Account Data | Email address, full name, password (stored in hashed form only). |
| Team Data | Team name, team member roles, and invitation details when you create or join a team. |
| Communications | Content of messages you send to us via email or support channels, including your name, email, and message content. |
2.2 Information Collected Automatically
| Category | Data Collected |
|---|---|
| Device Data | Device fingerprint (generated via FingerprintJS for security purposes), IP address, browser type and version, operating system. |
| Usage Data | Operational telemetry such as authentication events, security logs, request metadata, rate-limit events, and error diagnostics used to secure and operate the Platform. We do not currently use third-party analytics cookies. |
| Cookies | Essential cookies for session management, authentication, and device fingerprinting. See the Cookies section below for details. |
2.3 Payment Information
All payment processing is handled by our Merchant of Record, Paddle. We do not directly collect or store your full payment card details. For display purposes only, we may store limited payment information provided by Paddle, such as the card brand, last four digits, and expiry date. For details on how Paddle processes your payment data, see Paddle's Privacy Policy.
2.4 Creator Data
We collect and process information about social media creators and their audiences from third-party data providers and publicly available sources. This data is described in detail in Section 6 below.
3. How We Use Your Data
| Purpose | Description |
|---|---|
| Service Provision | To create and manage your account, provide Platform features, process subscriptions, and deliver customer support. |
| Security | To detect and prevent unauthorized access, fraud, and abuse through device fingerprinting, session management, and account verification. |
| Creator Insights | To process and present Creator Data to our users, enabling influencer discovery, analytics, and campaign management. |
| Communication | To send you service-related notifications (e.g., account verification, security alerts, billing updates) and respond to your inquiries. |
| Improvement | To analyze usage patterns, diagnose technical issues, and improve the Platform's features and performance. |
| Legal Compliance | To comply with legal obligations, enforce our Terms of Service, and protect our rights and the rights of others. |
4. Legal Basis for Processing
Where the EU General Data Protection Regulation (GDPR) or UK GDPR applies, we process your personal data based on the following legal grounds:
| Legal Basis | When We Rely on It |
|---|---|
| Contract Performance | Processing necessary to provide the Services you signed up for - account creation, subscription management, and Platform access. |
| Legitimate Interest | Processing necessary for our legitimate business interests, including: Platform security and fraud prevention, service improvement and analytics, processing publicly available Creator Data to provide insights to users. These interests are balanced against your rights and freedoms. |
| Legal Obligation | Processing required to comply with applicable laws, such as tax and billing recordkeeping requirements. |
| Consent | Where required by law, we rely on your consent for specific processing activities, such as optional analytics cookies or marketing communications. You may withdraw consent at any time. |
5. How We Share Your Data
We do not sell your personal data. We may share your data with third parties in the following circumstances:
| Recipient | Purpose |
|---|---|
| Paddle | Our Merchant of Record for payment processing, subscription billing, invoicing, and tax compliance. |
| Infrastructure Providers | Cloud hosting, database, and content delivery services necessary to operate the Platform. |
| Creator Data Providers | Third-party APIs that supply creator and audience data (e.g., for discovery and analytics features). Data flows primarily from these providers to us, not vice versa. |
| Legal Requirements | When required by law, court order, or governmental authority, or when necessary to protect our rights, safety, or property. |
| Business Transfers | In connection with a merger, acquisition, sale of assets, or similar transaction, subject to the acquiring party accepting the commitments in this Policy. |
6. Creator Data Processing
6.1 What Creator Data We Process
Through our Platform, we process publicly available information about social media creators and their audiences, sourced from third-party data providers. This may include:
- Profile information: username, display name, avatar, biography, verified status, platform account type, language
- Engagement metrics: follower counts, average likes, comments, views, engagement rate
- Content data: recent and top-performing content, hashtags, mentions, content categories
- Audience demographics: geographic distribution, age and gender breakdown, language, interests (aggregated and anonymized)
- Contact information: email addresses (where made publicly available by the creator)
- Estimated pricing: per-content-type pricing estimates
6.2 Legal Basis for Creator Data
We process Creator Data under the legitimate interest basis. The data is publicly available information that creators have chosen to make accessible on social media platforms. Processing this data enables our users to identify suitable creators for their marketing campaigns, which also benefits creators by providing visibility for business opportunities.
6.3 Your Role as a User
When you access Creator Data through the Platform, you become an independent data controller under applicable data protection laws. You are responsible for ensuring your use of Creator Data complies with all applicable laws, including notifying creators of your processing where required and respecting opt-out requests.
6.4 Creator Rights
If you are a social media creator and wish to exercise your data protection rights regarding your data on our Platform (including access, rectification, or deletion), please contact us at support@leewou.com. We will respond to your request in accordance with applicable data protection laws.
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account Data | Retained while your account is active. If you request deletion, your account is immediately deactivated and retained in a soft-deleted state for up to 30 days before permanent deletion, except where longer retention is required by law. |
| Billing & Invoice Data | Retained for the period required by applicable tax and accounting laws (typically 7 years). |
| Device Fingerprints | Retained for as long as reasonably needed for security and fraud prevention purposes. |
| Usage Data | Operational and security telemetry is retained for a limited period based on operational and security needs. |
| Support Communications | Retained for up to 2 years after resolution of your inquiry. |
| Backups | Retained for a limited period (typically 90 days) as part of our disaster recovery procedures. |
You can request account deletion from your account Danger Zone. Once requested, your account is immediately deactivated and you are logged out on all devices. We retain account data in a soft-deleted state for up to 30 days before permanent deletion, unless longer retention is required for legal obligations (for example, billing and tax records).
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit using TLS/HTTPS
- HTTP-only, secure cookies for authentication tokens
- SameSite=Lax cookie settings and an origin allowlist (CORS) to reduce cross-site request risks
- Device fingerprinting for unauthorized access detection
- Password hashing using industry-standard algorithms
- Access controls based on least-privilege principles
- Regular security reviews and updates
Despite these measures, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security of your data.
10. International Data Transfers
Your personal data may be transferred to and processed in countries other than your country of residence, including countries that may not provide the same level of data protection. These transfers are necessary to operate the Platform and provide the Services.
Where we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries without adequate data protection, we rely on appropriate safeguards, including:
- European Commission adequacy decisions
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Supplementary technical and organizational measures where appropriate
Our payment processor, Paddle, also transfers data internationally. See Paddle's Privacy Policy for details on their transfer safeguards.
11. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you. |
| Rectification | Request correction of inaccurate or incomplete personal data. |
| Erasure | Request deletion of your personal data, subject to legal retention requirements. |
| Portability | Request your data in a structured, commonly used, machine-readable format. |
| Restriction | Request that we restrict the processing of your personal data in certain circumstances. |
| Objection | Object to processing of your personal data based on legitimate interest grounds. |
| Withdraw Consent | Withdraw any consent you previously gave, without affecting the lawfulness of prior processing. |
To exercise any of these rights, contact us at support@leewou.com. We will respond within the timeframes required by applicable law (typically 30 days for GDPR requests).
If you are in the EU/EEA, you have the right to lodge a complaint with your local data protection authority. A list of EU supervisory authorities is available at edpb.europa.eu. If you are in the UK, you may contact the Information Commissioner's Office. We would appreciate the opportunity to address your concerns before you contact a supervisory authority.
12. Children's Privacy
The Platform is not directed at individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe that a child has provided us with personal data, please contact us at support@leewou.com and we will take steps to delete such data.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. When we make changes, we will update the "Effective date" at the top of this page.
For material changes that significantly affect your rights or our processing of your data, we will notify you via email or a prominent notice on the Platform before the changes take effect.
14. Contact Us
If you have questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about our data practices, please contact us: