Privacy Policy

1. INTRODUCTION

This Privacy Policy ("Privacy Policy") describes how Marvellous Club ("Marvellous", "we", "us", or "our") collects, uses, shares, and protects personal information when you access or use the Marvellous Club mobile application ("App"), our website at marvellousclub.com ("Website"), and any related services (collectively, the "Services").

Marvellous Club is a creator-brand partnership platform that connects content creators with brands for marketing collaborations. By accessing or using the Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree to this Privacy Policy, you must not use the Services.

2. INFORMATION WE COLLECT

We collect information in several ways depending on how you interact with the Services.

2.1 Information You Provide Directly

By creating an account and using the Services, you may provide the following information.

Account and Profile Information.
Name (first and last), email address, date of birth, gender, phone number, and postal address (street address, city, postcode, and country). You may also choose a display handle and select content niches relevant to your creator profile.

Social Media Information.
Usernames for social media platforms including TikTok, Instagram, and YouTube, used to link and display relevant metrics.

Identity Verification and Legal Agreements.
Electronic signatures, document hashes, IP address, browser user agent string, and timestamp of agreement acceptance during onboarding.

Payment Information.
Creator payments are facilitated via Stripe Connect. Financial information is provided directly to Stripe. Marvellous Club stores only Stripe account identifiers and related metadata, not full banking details.

Communications and Content.
Messages, emails, deal communications, deliverables, uploaded media, comments, and forwarded brand collaboration emails processed through @joinmarvellous.com addresses.

AI Assistant Interactions.
Conversation content with our AI-powered assistant ("Sophia") used to deliver and improve Services.

2.2 Information We Collect Automatically

When you use the Services, we automatically collect:

Device Information.
Device type, operating system, version, unique identifiers, and platform (iOS or Android).

Usage Data.
Pages or screens viewed, features used, and actions taken.

Log Data.
IP address, request timestamps, HTTP method, response codes, and request duration.

Push Notification Tokens.
Device push notification tokens used to deliver platform notifications.

2.3 Information We Collect from Third Parties

Social Media Platform Data.
Publicly available profile data and engagement metrics from linked social accounts.

Authentication Providers.
Basic profile information from Google or Apple when used for sign-in.

3. HOW WE USE YOUR INFORMATION

We use collected information to:

Provide, operate, and maintain the Services
Create and manage accounts and creator profiles
Facilitate brand-creator partnerships and deal workflows
Process payments via Stripe Connect
Deliver notifications and platform updates
Match creators with relevant brand opportunities
Provide analytics, insights, and performance reporting
Power AI-driven features and recommendations
Process forwarded collaboration emails
Prevent fraud, abuse, and security incidents
Improve Services, features, and AI systems
Comply with legal and regulatory obligations

You may opt out of AI training on your content through account settings.

4. HOW WE SHARE YOUR INFORMATION

We do not sell personal information. We share information only in the following circumstances.

4.1 With Brands (for Creators)

Relevant creator profile data and campaign deliverables are shared to facilitate partnerships.

4.2 With Creators (for Brands)

Brand information and deal terms are shared when engaging creators.

4.3 Service Providers

We share information with contracted service providers, including but not limited to:

Supabase (EU-hosted authentication and database infrastructure)
Stripe (payments and subscriptions)
Cloudflare (hosting, CDN, and media storage)
Anthropic via OpenRouter (AI features)
Sentry (error tracking, PII disabled by default)
Expo (push notifications)
Resend (transactional email)
Google and Apple (authentication)

4.4 Legal Requirements

Information may be disclosed to comply with law, legal process, or governmental request.

4.5 Business Transfers

Information may be transferred in connection with a merger, acquisition, or asset sale.

4.6 With Your Consent

Information may be shared for other purposes with your explicit consent.

5. LEGAL BASIS FOR PROCESSING (UK & EU USERS)

We process personal data under the following legal bases:

Performance of a Contract
Legitimate Interests
Consent
Legal Obligation

6. DATA RETENTION

Personal data is retained only as long as necessary:

Account data: duration of account + up to 30 days post-deletion
Financial and transaction records: minimum 6 years
Social media metrics: duration of account
Communications: duration of account
Error logs: up to 90 days
AI conversations: duration of account

Upon account deletion, data is deleted or anonymised within 30 days unless legally required otherwise.

7. YOUR RIGHTS

Depending on your location, you may have the right to:

Access personal data
Rectify inaccurate data
Request erasure
Restrict processing
Data portability
Object to processing
Withdraw consent
Not be subject to solely automated decision-making

Requests can be made via account settings or by contacting us. We respond within 30 days.

8. DATA SECURITY

We implement appropriate technical and organisational safeguards, including:

TLS encryption in transit
Encryption at rest
Server-side access controls
PCI DSS-compliant payment handling via Stripe
Minimal diagnostic data collection

Absolute security cannot be guaranteed.

9. INTERNATIONAL DATA TRANSFERS

Data may be processed outside your country of residence. Appropriate safeguards such as Standard Contractual Clauses and adequacy decisions are used for transfers outside the UK or EEA.

10. CHILDREN’S PRIVACY

The Services are not intended for individuals under 18. We do not knowingly collect data from children.

11. COOKIES AND SIMILAR TECHNOLOGIES

We use cookies and local storage only for:

Session management
Preferences (e.g. dark mode)
Security and error diagnostics

We do not use advertising or cross-site tracking cookies.

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically. Material changes will be communicated via the App, Website, or email. Continued use constitutes acceptance of the updated policy.

13. CONTACT US

Marvellous Club
Email: team@marvellousclub.com
Website: https://marvellousclub.com

UK users may lodge complaints with the Information Commissioner’s Office (ICO).
EU users may contact their local supervisory authority.

14. PLATFORM-SPECIFIC DISCLOSURES

14.1 Apple App Store

Data Used to Track You: None

Data Linked to You:
Contact information, identifiers, financial records, user content, usage data, diagnostics.

Data Not Linked to You:
Anonymised diagnostics.

14.2 Third-Party API Usage

Anthropic (via OpenRouter) and Stripe process data in accordance with their respective data processing terms.

This Privacy Policy was last reviewed and updated in February 2025.

Get in Touch

Privacy Policy

1. INTRODUCTION

2. INFORMATION WE COLLECT

We collect information in several ways depending on how you interact with the Services.

2.1 Information You Provide Directly

By creating an account and using the Services, you may provide the following information.

Account and Profile Information.Name (first and last), email address, date of birth, gender, phone number, and postal address (street address, city, postcode, and country). You may also choose a display handle and select content niches relevant to your creator profile.

Social Media Information.Usernames for social media platforms including TikTok, Instagram, and YouTube, used to link and display relevant metrics.

Identity Verification and Legal Agreements.Electronic signatures, document hashes, IP address, browser user agent string, and timestamp of agreement acceptance during onboarding.

Payment Information.Creator payments are facilitated via Stripe Connect. Financial information is provided directly to Stripe. Marvellous Club stores only Stripe account identifiers and related metadata, not full banking details.

Communications and Content.Messages, emails, deal communications, deliverables, uploaded media, comments, and forwarded brand collaboration emails processed through @joinmarvellous.com addresses.

AI Assistant Interactions.Conversation content with our AI-powered assistant ("Sophia") used to deliver and improve Services.

2.2 Information We Collect Automatically

When you use the Services, we automatically collect:

Device Information.Device type, operating system, version, unique identifiers, and platform (iOS or Android).

Usage Data.Pages or screens viewed, features used, and actions taken.

Log Data.IP address, request timestamps, HTTP method, response codes, and request duration.

Push Notification Tokens.Device push notification tokens used to deliver platform notifications.

2.3 Information We Collect from Third Parties

Social Media Platform Data.Publicly available profile data and engagement metrics from linked social accounts.

Authentication Providers.Basic profile information from Google or Apple when used for sign-in.

3. HOW WE USE YOUR INFORMATION

We use collected information to:

Provide, operate, and maintain the Services

Create and manage accounts and creator profiles

Facilitate brand-creator partnerships and deal workflows

Process payments via Stripe Connect

Deliver notifications and platform updates

Match creators with relevant brand opportunities

Provide analytics, insights, and performance reporting

Power AI-driven features and recommendations

Process forwarded collaboration emails

Prevent fraud, abuse, and security incidents

Improve Services, features, and AI systems

Comply with legal and regulatory obligations

You may opt out of AI training on your content through account settings.

4. HOW WE SHARE YOUR INFORMATION

We do not sell personal information. We share information only in the following circumstances.

4.1 With Brands (for Creators)

Relevant creator profile data and campaign deliverables are shared to facilitate partnerships.

4.2 With Creators (for Brands)

Brand information and deal terms are shared when engaging creators.

4.3 Service Providers

We share information with contracted service providers, including but not limited to:

Supabase (EU-hosted authentication and database infrastructure)

Stripe (payments and subscriptions)

Cloudflare (hosting, CDN, and media storage)

Anthropic via OpenRouter (AI features)

Sentry (error tracking, PII disabled by default)

Expo (push notifications)

Resend (transactional email)

Google and Apple (authentication)

4.4 Legal Requirements

Information may be disclosed to comply with law, legal process, or governmental request.

4.5 Business Transfers

Information may be transferred in connection with a merger, acquisition, or asset sale.

4.6 With Your Consent

Information may be shared for other purposes with your explicit consent.

5. LEGAL BASIS FOR PROCESSING (UK & EU USERS)

We process personal data under the following legal bases:

Performance of a Contract

Legitimate Interests

Consent

Legal Obligation

6. DATA RETENTION

Personal data is retained only as long as necessary:

Account data: duration of account + up to 30 days post-deletion

Financial and transaction records: minimum 6 years

Social media metrics: duration of account

Communications: duration of account

Error logs: up to 90 days

AI conversations: duration of account

Upon account deletion, data is deleted or anonymised within 30 days unless legally required otherwise.

7. YOUR RIGHTS

Depending on your location, you may have the right to:

Access personal data

Rectify inaccurate data

Request erasure

Restrict processing

Data portability

Account and Profile Information.
Name (first and last), email address, date of birth, gender, phone number, and postal address (street address, city, postcode, and country). You may also choose a display handle and select content niches relevant to your creator profile.

Social Media Information.
Usernames for social media platforms including TikTok, Instagram, and YouTube, used to link and display relevant metrics.

Identity Verification and Legal Agreements.
Electronic signatures, document hashes, IP address, browser user agent string, and timestamp of agreement acceptance during onboarding.

Payment Information.
Creator payments are facilitated via Stripe Connect. Financial information is provided directly to Stripe. Marvellous Club stores only Stripe account identifiers and related metadata, not full banking details.

Communications and Content.
Messages, emails, deal communications, deliverables, uploaded media, comments, and forwarded brand collaboration emails processed through @joinmarvellous.com addresses.

AI Assistant Interactions.
Conversation content with our AI-powered assistant ("Sophia") used to deliver and improve Services.

Device Information.
Device type, operating system, version, unique identifiers, and platform (iOS or Android).

Usage Data.
Pages or screens viewed, features used, and actions taken.

Log Data.
IP address, request timestamps, HTTP method, response codes, and request duration.

Push Notification Tokens.
Device push notification tokens used to deliver platform notifications.

Social Media Platform Data.
Publicly available profile data and engagement metrics from linked social accounts.

Authentication Providers.
Basic profile information from Google or Apple when used for sign-in.

Marvellous Club
Email: team@marvellousclub.com
Website: https://marvellousclub.com

UK users may lodge complaints with the Information Commissioner’s Office (ICO).
EU users may contact their local supervisory authority.

Data Linked to You:
Contact information, identifiers, financial records, user content, usage data, diagnostics.

Data Not Linked to You:
Anonymised diagnostics.