Privacy Policy — Innoverse Platform

Responsible for data processing under the General Data Protection Regulation (GDPR):

Innoverse
Herderstraße 18, 40237 Düsseldorf, Germany
Email: info@innoverse.art

We only collect personal data necessary to use our platform:

A) Creators

• Name / first name
• Email address
• Social media profiles (e.g. Instagram, portfolio)
• Website / portfolio link
• Profile pictures and uploaded content
• Matching information (e.g. interests, categories, skills)

B) Brands

• Name / company name
• Email address
• Social media profiles
• Website
• Profile pictures and logos
• Information for evaluating creators

• Platform access and authentication: Enabling login and use of Innoverse.
• Communication: Sending messages, notifications or information relevant to platform use.
• Matching & selection: Assessing whether a creator or brand fits our platform and potential projects.
• Platform features: Managing your profile, displaying content, internal analyses to improve the platform.
• Legal purposes: Fulfilling legal obligations, e.g. archiving and legal evidence.

• Art. 6 (1)(b) GDPR — performance of the contractual relationship.
• Art. 6 (1)(f) GDPR — legitimate interest in matching creators and brands and operating the platform.
• Art. 6 (1)(a) GDPR — consent for marketing information, where optionally enabled.

Your data is stored on secure servers within the EU. We host the contents of our platform with: HETZNER Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

The use of Hetzner is based on Art. 6 (1)(f) GDPR. Where consent is requested (e.g. for optional features), processing is based on Art. 6 (1)(a) GDPR and § 25 (1) TDDDG. You can request deletion of your account and data at any time.

We work with the following processors who handle personal data on our behalf under data processing agreements (Auftragsverarbeitungsverträge, AVV) in accordance with Art. 28 GDPR:

• Supabase (Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992) — database, authentication and file storage. Data is hosted in the EU. AVV in place; SCCs apply where data leaves the EU.
• Stripe (Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) — payment processing, payouts, invoicing and tax compliance. Stripe acts partly as a separate controller for payment data.
• Resend (Resend, Inc., 2261 Market Street #5039, San Francisco, CA 94114, USA) — transactional and notification emails. SCCs and additional safeguards apply.
• Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany) — hosting infrastructure within the EU.

Beyond these processors we do not share your data with third parties except where we are legally required to do so or where you have given us your explicit consent.

• Right of access to data stored about you.
• Right to rectification of inaccurate or incomplete data.
• Right to erasure of your data ("right to be forgotten").
• Right to restrict processing of your data.
• Right to data portability.
• Right to object to processing based on legitimate interest.
• Right to withdraw consent, where processing is based on consent.

To exercise your rights, please contact us at info@innoverse.art.

All personal data is protected by technical and organizational measures to prevent unauthorized access, loss or misuse. In case of data breaches, we promptly notify the competent data protection authority and, where applicable, affected users.

We reserve the right to adjust this privacy policy, e.g. due to changes in legal requirements or platform features. Changes will be published on the platform.

For privacy questions, contact us at: info@innoverse.art