Privacy Policy

Last updated: 2026-05-04

This Privacy Policy explains how IGERSLIKE ® (IGERSLIKE FZE LTD) collects, uses and protects the information of Users of the Platform. We respect your privacy and are committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR), the UK GDPR and Data Protection Act 2018, the California Consumer Privacy Act (CCPA/CPRA), Brazil's LGPD, Quebec's Law 25, the Swiss FADP, and other applicable local laws.

You must be at least 18 years of age to use our Service. We do not knowingly collect or process personal data from individuals under 18.

1.1 This document uses the same terminology and abbreviations as our Terms of Service. This Privacy Policy governs the collection, use and storage of Information obtained from Users through the use of our Site.

1.2 Information about Users is divided into personally identifiable Information and non-personally identifiable Information depending on whether it can identify the User as a specific person. Information about legal persons does not fall within the scope of Information as defined in our Terms of Service and Privacy Policy.

1.3 IGERSLIKE FZE LTD, registered at Trading Center, FZE LTD, Dubai, United Arab Emirates, has the position of "Controller" as defined in the GDPR (and the equivalent role of "business" under the CCPA/CPRA, "controller" under the UK GDPR, and "operator" under Quebec Law 25) and is responsible for compliance with the principles relating to the processing of personal data. We can be contacted at [email protected].

Under GDPR Article 6, we process your personal data based on the following legal grounds:

• Contract performance (Article 6(1)(b)) — to provide the Services you ordered;
• Legitimate interest (Article 6(1)(f)) — to improve our Services, prevent fraud and ensure security;
• Consent (Article 6(1)(a)) — for optional features such as marketing communications, non-essential cookies and advertising pixels;
• Legal obligation (Article 6(1)(c)) — to comply with legal requirements (tax, accounting, anti-money-laundering, sanctions screening, law-enforcement requests).

You have the right to withdraw consent at any time where processing is based on consent.

3.1 We may obtain your personal Information to provide our Services. We collect only what is necessary for the nature of the Services. Categories of personal Information collected include:

• Email address
• Username
• IP address
• Phone number
• First and Last Name
• Country, Address and Postal Code
• VAT ID and Company Name (for business accounts)
• Authentication data from third-party OAuth providers (Google, Discord and any other we may add) — limited to what you authorize during the OAuth flow.

(A) Email Address

3.2 We collect your email address on the basis of consent and for the performance of the Services. We collect it when:

• You register an account — to create your account and to send you account, security and service notifications;
• You place an order or make a payment — to process the order, send invoices and confirmations;
• You subscribe to receive notifications — to inform you about Service status, important updates and changes (opt-in only for marketing);
• You contact us — to respond to your inquiry.

3.3 We use Third-Party data processors for email delivery (e.g. Resend, SendGrid). These processors act as data processors within the meaning of the GDPR, while we remain the data controller. They operate under appropriate Data Processing Agreements (DPAs) and recognised cross-border safeguards.

(B) Username

3.4 We collect your username to provide our Services and to execute our contractual obligations:

• Identify your account
• Process your orders
• Provide customer support
• Track Service delivery
• Maintain Service integrity

(C) IP Address

3.5 We log IP addresses on a need-to-know basis (login, registration, order placement, deposits, password resets) to protect the integrity of the Site and our databases. IP addresses help us with:

• Fraud prevention
• Service optimization
• Legal compliance
• Invoice generation
• Detecting multiple password failures, exploit attempts, automated abuse and suspicious traffic patterns.

(D) Order Information and Link Tracking

3.6 Order information, including the links and any data you submit with an order, is used to process the order. Orders are retained as records to prevent abuse, control over-delivery, and provide statistics relating to a particular link or account.

3.7 We track public counters of links submitted in orders only while the order is being delivered (e.g. how many likes, plays, followers, views the link has). Once the order is completed we stop tracking. No other information is scraped.

3.8 Sharing with Suppliers for fulfillment. Some Services are fulfilled, in whole or in part, through third-party Suppliers. To deliver your order we share with the relevant Supplier only the strictly necessary information — typically the public target URL or username and the quantity ordered. We do not share your name, email address, payment data, IP address or other identifiers with Suppliers, unless a specific Service explicitly requires it (in which case it will be disclosed at order time). Each Supplier acts as an independent controller of the data they receive for fulfillment purposes and is responsible for its own processing under their own privacy practices.

(E) Payment and Subscription Data

3.9 Payment processing is handled by our payment processors. We never receive or store full card numbers. We receive transaction confirmations, subscription status and invoice metadata necessary for accounting and tax purposes.

(F) General Information Handling

3.10 Some Services will not be available without providing requested Information. We maintain records of:

• Support interactions
• Service usage
• Complaints and feedback
• Account actions

3.11 We do not sell or share personal Information in the senses defined by the CCPA/CPRA. Information is used for internal purposes only and processed in compliance with the GDPR and applicable local laws. We comply with legal requirements and lawful court orders.

4.1 The Site automatically collects general data when a User or automated system accesses the Site. This data is stored in server log files and includes:

1. Browser type and version
2. Operating system of the accessing device
3. Referrer website (the site from which you arrived)
4. Sub-pages accessed within our domain
5. Date and time of access
6. Internet service provider of the accessing system
7. Screen resolution and device type
8. Language preferences
9. Other technical data necessary for system security

4.2 This non-personal information is collected to:

• Deliver the correct website content and optimize user experience
• Improve Site performance and functionality
• Maintain system security and stability
• Generate statistics for service improvement
• Prevent fraud and monitor security
• Comply with legal requirements
• Investigate and resolve technical issues

4.3 Anonymous server log data is stored separately from personal data and cannot be linked to individual Users.

5.1 Storage and security. Primary servers are located in data centers operated by our infrastructure providers; backups are kept in EU-approved locations. We use industry-standard encryption at rest and in transit, conduct security audits and penetration testing, and restrict access to authorized personnel only with 24/7 monitoring.

5.2 International transfers. Some of our service providers are located in the United States or other countries outside the European Economic Area (EEA), the United Kingdom or Switzerland. Cross-border transfers are made only:

• to countries covered by an adequacy decision of the European Commission, the UK government or the Swiss Federal Council; or
• under the European Commission's Standard Contractual Clauses (SCCs); or
• under the UK International Data Transfer Addendum to the SCCs (or the IDTA, where applicable); or
• under the Swiss-specific addendum to the SCCs;

with regular assessment of supplementary safeguards as required by Schrems II and corresponding UK and Swiss guidance.

5.3 Records of processing. Records are maintained as required by GDPR Article 30, with regular audits of processing activities, documentation of legal bases and impact assessments where relevant.

6.1 Account data.

• Active accounts: data retained while the account is active.
• Deleted accounts: personal data removed within 30 days; backups may retain data for up to 90 days for disaster recovery before complete removal.
• Legal/financial records: retained as required by law (typically 7–10 years for tax purposes).

6.2 Anonymization. We anonymize rather than completely delete certain operational data to prevent fraud, maintain security, prevent banned-User circumvention and protect Platform integrity.

6.3 Anonymization methods.

• Personal identifiers are removed
• Data is transformed into non-reversible hashes
• Behavioral data is aggregated statistically
• Personal and behavioral data are stored separately

6.4 Non-account data.

• Contact form submissions: 2 weeks
• Failed login attempts: 30 days
• Security logs: 90 days
• Analytics data: anonymized after 14 days

6.5 Inactive accounts. Accounts inactive for 3 years or more may be deleted after notice to the registered email address.

7.1 You have the following rights regarding your personal data:

• Right of access (Article 15) — confirmation of processing, access to your personal data and information about purposes, categories and recipients.
• Right to rectification (Article 16) — correction of inaccurate or incomplete data.
• Right to erasure / "right to be forgotten" (Article 17) — deletion when the data is no longer necessary, you withdraw consent, you object to processing without overriding grounds, or processing was unlawful. Subject to legal obligations to retain certain records (e.g. invoices for tax purposes).
• Right to restriction (Article 18) — temporary limitation of processing.
• Right to portability (Article 20) — receive your data in a structured, machine-readable format and transmit it to another controller where technically feasible.
• Right to object (Article 21) — to processing based on legitimate interests or for direct marketing.
• Rights related to automated decision-making (Article 22) — see §7.3.
• Right to withdraw consent — at any time where processing is based on consent.

7.2 To exercise any of these rights, email [email protected] from the email address registered on your account. We respond within 30 days (extendable by 2 additional months for complex requests). We may request additional information to verify your identity. There is no fee for standard requests; we may charge a reasonable fee or refuse manifestly unfounded or excessive requests.

7.3 Automated decision-making and fraud detection. IGERSLIKE ® does not use solely-automated decision-making that produces legal or similarly significant effects on you in the sense of GDPR Article 22. We do, however, run automated risk and fraud-detection signals on transactions, account creation, sign-in activity and orders — for example, rules and scoring that may delay payment capture, place an order on hold, require manual identity verification, or trigger a re-authentication step. You always have the right to contest the outcome of such an automated signal and to obtain human review by contacting [email protected] or [email protected].

7.4 Complaint right. You also have the right to lodge a complaint with your local data protection authority. EU users can find the relevant authority at https://edpb.europa.eu/about-edpb/board/members_en. UK users may contact the Information Commissioner's Office (ICO). Swiss users may contact the FDPIC.

In addition to the GDPR rights described above, you may have additional or equivalent rights depending on your country or state of residence. Where these rights overlap with GDPR rights, exercising one is sufficient.

8.1 California, Virginia, Colorado, Connecticut, Utah and other US states

If you are a resident of California, you have rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). Residents of other US states with comparable consumer-privacy laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, and other states as such laws come into force) have substantially similar rights:

• Right to know what personal information we collect, the categories of sources, the purposes of collection, and the categories of recipients.
• Right to access a copy of the personal information we hold about you, in a portable format.
• Right to delete your personal information, subject to legal exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of "sale" or "sharing" of personal information for cross-context behavioral advertising. IGERSLIKE ® does not sell personal information for money. We do, however, use advertising and analytics technologies that some US laws categorise as "sharing" — see §10.2. You may opt out at any time by emailing [email protected] or, where offered, via the "Do Not Sell or Share My Personal Information" link on the Site, and we honour the Global Privacy Control (GPC) browser signal.
• Right to limit use of sensitive personal information.
• Right to non-discrimination — we will not deny Services, charge different prices, or provide a different level of quality because you exercised a privacy right.
• Authorized agent. California residents may use an authorized agent to make a request, with proof of authorisation.

We do not knowingly sell or share the personal information of consumers we know to be under 16.

8.2 United Kingdom

The UK GDPR and the Data Protection Act 2018 mirror the EU GDPR rights described in §7. Cross-border transfers from the UK are made under the UK International Data Transfer Addendum to the SCCs, the IDTA, or an adequacy decision of the UK government. UK residents may complain to the Information Commissioner's Office (https://ico.org.uk).

8.3 Brazil — LGPD

Residents of Brazil have rights under the Lei Geral de Proteção de Dados (Lei nº 13.709/2018) that substantially mirror the GDPR rights, including confirmation of processing, access, correction, anonymisation/blocking/deletion of unnecessary data, portability, information about sharing, revocation of consent, and review of automated decisions. You may complain to the Autoridade Nacional de Proteção de Dados (ANPD).

8.4 Quebec — Law 25

Residents of the Province of Quebec, Canada have rights under An Act respecting the protection of personal information in the private sector (as amended by Law 25 / Bill 64), including the right to access, correct, withdraw consent, request portability, and the right to be informed about automated decision-making. Complaints may be filed with the Commission d'accès à l'information (CAI).

8.5 Switzerland

Residents of Switzerland have rights under the revised Federal Act on Data Protection (revFADP), including access, rectification, deletion, and portability. The competent authority is the Federal Data Protection and Information Commissioner (FDPIC).

8.6 Australia, Singapore and others

Residents of Australia (Privacy Act 1988 / APPs), Singapore (PDPA), and other jurisdictions with comparable frameworks may exercise similar access, correction and complaint rights by contacting [email protected].

To exercise any regional right, email [email protected] with your request and proof of identity (and, where applicable, proof of authorised-agent status). We respond within the timeframe required by the applicable law.

9.1 We use cookies and similar technologies to:

• Maintain session information
• Remember user preferences
• Analyze Site traffic and usage
• Improve Site performance
• Provide security features
• Enable essential functionality

9.2 Cookie types.

• Essential cookies (always active) — session management, security features, basic functionality, load balancing, user authentication. Disabling them prevents you from using the Site. Loaded without consent under the legitimate-interest / strictly-necessary exception of the EU ePrivacy Directive.
• Functional cookies (optional) — language preferences, theme settings, UI customization, recently viewed items.
• Analytics cookies (optional) — usage statistics, performance monitoring, behavior analysis, error tracking, feature optimization.
• Advertising / marketing cookies (optional) — used by third-party advertising and conversion-tracking services described in §10.2. Loaded only with your prior consent in jurisdictions that require it.

9.3 You can manage cookie preferences through your browser settings or, where offered, through a cookie consent banner. Cookies are typically saved for a period of up to one month.

9.4 Do Not Track and Global Privacy Control. Most web browsers offer a "Do Not Track" (DNT) signal. Industry consensus on how websites should respond to DNT has not been finalised, so IGERSLIKE ® currently does not respond to raw DNT signals. We do honour the Global Privacy Control (GPC) browser signal as an opt-out request from US-state-level "sale" and "sharing" of personal information (see §8.1).

10.1 Operational processors.

• Email delivery. Resend, SendGrid (subject to availability) — transactional and notification emails. Data Processing Agreements in place.
• Analytics and tracking. Google Analytics with IP anonymization enabled, with opt-out options where required by law.
• Payment processors. Stripe, PayPal, Coinbase Commerce, Cryptomus, CoinPayments and other processors as offered. PCI DSS compliant where applicable, separate privacy policies apply, minimal data sharing.
• Customer support. Live chat and ticketing platforms (e.g. Crisp, Intercom, Zendesk where deployed). Your username and email may be shared with these platforms to deliver support, with data minimisation practiced.
• SMS gateways (where used). Phone number used to deliver SMS notifications; only delivery logs retained.
• Fraud and AML / sanctions screening. Third-party tooling and signals used to detect chargebacks, account abuse and screen against sanctions lists.

10.2 Advertising, retargeting and conversion tracking. Where you have given consent (and, in jurisdictions where consent is not legally required, on the basis of legitimate interest), we may use advertising and conversion-tracking services such as Meta (Facebook) Pixel, Google Ads conversion tags, TikTok Pixel, Microsoft Advertising (Bing) UET, X / Twitter Ads tags, and similar services, to measure campaign performance and to display interest-based advertising on third-party platforms. These technologies may be classified as "sharing" of personal information under the CCPA/CPRA and similar US laws — you can opt out via the mechanisms described in §8.1 and §9.4. You can also disable these technologies through our cookie consent banner where offered, through your browser settings, or through industry tools such as https://optout.aboutads.info and https://www.youronlinechoices.eu.

10.3 Suppliers (order fulfillment). As described in §3.8, certain Services are fulfilled through third-party Suppliers. Suppliers receive only the strictly necessary information to deliver the order (typically the public target URL or username and the quantity). Suppliers act as independent controllers for the limited fulfillment data they receive.

10.4 External links. We are not responsible for external websites linked from the Site. Users proceed at their own risk and should review the privacy practices of any external service before submitting information.

10.5 Data Processing Agreements. All third-party processors operate under signed DPAs (or equivalent contractual safeguards), comply with the GDPR and applicable local laws, implement appropriate security measures and undergo regular compliance reviews.

11.1 We send marketing communications (newsletters, product announcements, promotional offers) only to Users who have opted in or for whom such communications are permitted under the "soft opt-in" rules of applicable law (existing customer, similar product/service, with an easy opt-out at every contact).

11.2 Every marketing email contains an unsubscribe link that takes effect immediately. You can also opt out at any time by:

• adjusting notification settings in your account dashboard;
• emailing [email protected]; or
• replying to a marketing email with the word "unsubscribe".

11.3 Opting out of marketing does not affect transactional or service-related communications (order confirmations, security alerts, billing notifications, policy updates, support replies), which we send on the basis of contract performance and legal obligation.

12.1 Technical security. SSL/TLS encryption in transit, encryption at rest for sensitive data, regular security audits, penetration testing, vulnerability scanning, intrusion detection.

12.2 Organizational security. Employee training, role-based access controls, data handling procedures, incident response plan, regular security reviews.

12.3 Data breach procedures. In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and notify affected Users without undue delay, with details of the nature of the breach, potential consequences and mitigation measures.

12.4 Your responsibilities. Keep your password secure, do not share account credentials, use strong unique passwords, maintain the security of your devices, and review account activity regularly. While we implement robust measures, no method of transmission or storage is 100% secure — you use the Service at your own risk.

Our Service is not intended for individuals under 18. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected data from someone under 18 we will delete the account and associated data and take steps to prevent future access. If you believe we have collected data from someone under 18 please contact [email protected] immediately.

If IGERSLIKE ® is involved in a merger, acquisition, asset sale or bankruptcy: your personal data may be transferred to the successor entity; you will be notified by email and through a prominent notice on the Site; the new entity will be bound by this Privacy Policy (or you will be notified of changes); and you may delete your account before the transfer.

15.1 We may update this Privacy Policy from time to time. For material changes we will notify you by email at least 30 days in advance, update the "Last updated" date and provide a summary of changes. For minor changes we will update the "Last updated" date; continued use constitutes acceptance.

15.2 We encourage you to review this Privacy Policy periodically.

• General privacy inquiries: [email protected]
• Data Protection Officer: [email protected]
• Security and data-breach reports (urgent): [email protected]
• Legal: [email protected]
• Support: [email protected]
• Postal address: IGERSLIKE FZE LTD, Trading Center, FZE LTD, Dubai, United Arab Emirates

By using the Service you acknowledge that you have read and understood this Privacy Policy.