Privacy Policy
This Privacy Policy explains how TATAM collects, uses, stores, and protects your personal data when you visit tatam.com or use the TATAM influencer marketing platform. We are committed to handling your data with transparency and full respect for your rights under applicable data protection law, including the GDPR.
Note: Influencer Funds is a separate legal entity with its own privacy practices. Please refer to Influencer Funds' own privacy policy for information about how that platform handles your data.
Who We Are
TATAM is a global influencer marketing agency and technology company. We provide tools and services that help brands and agencies manage influencer marketing campaigns at scale.
Influencer Funds is a separate legal entity and operates its own platform independently from TATAM. This Privacy Policy does not cover Influencer Funds' data practices.
Data Controller: TATAM
Data Protection Contact: Data & Tech Team
Email: info@tatam.digital
Website: tatam.com
Who This Policy Applies To
This Privacy Policy applies to:
- Website visitors — anyone who browses tatam.com.
- Influencers and content creators — individuals engaged through TATAM's influencer marketing services.
- Contacts — individuals who contact us via email or web forms.
What Personal Data We Collect
| Category | Examples | Who It Relates To |
|---|---|---|
| Identity data | Full name, username, social media handle | Influencers, contacts |
| Contact data | Email address, phone number, mailing address | Influencers, contacts |
| Performance data | Campaign metrics, engagement rates, content performance stats | Influencers |
| Technical data | IP address, device identifiers, browser type, login timestamps | Website visitors |
| Usage data | Pages visited, session duration on tatam.com | Website visitors |
| Communications | Emails and messages sent to or via TATAM | All contacts |
We collect only the personal data necessary for the purposes described in this policy. We do not collect special categories of personal data (such as health data, racial or ethnic origin, or political opinions) unless required by law.
How We Collect Your Data
- Directly from you — when you register on the platform, submit a form, or contact us.
- From our clients — when a client provides your information as part of a campaign they manage through the platform.
- Automatically — through cookies and similar technologies when you visit our website (see Section 9).
- From third parties — such as social media platforms, where you have made information publicly available.
Why We Use Your Data
| Purpose | Legal Basis | Who It Affects |
|---|---|---|
| Delivering influencer marketing services on behalf of clients | Contract (Art. 6(1)(b)) | Influencers, contacts |
| Managing influencer campaigns on behalf of clients | Legitimate interest (Art. 6(1)(f)) | Influencers |
| Communicating with you about our services or your engagement with TATAM | Contract / Legitimate interest | All contacts |
| Security, fraud prevention, and abuse detection | Legitimate interest (Art. 6(1)(f)) | All contacts |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) | All users |
| Improving our platform (using anonymised analytics) | Legitimate interest (Art. 6(1)(f)) | All users |
| Responding to enquiries and support requests | Legitimate interest / Contract | All contacts |
International Data Transfers
Several of our sub-processors are based in the United States. Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission are in place with all US-based sub-processors.
- Where applicable, we also rely on the sub-processor's participation in the EU-US Data Privacy Framework.
- Transfer Impact Assessments have been conducted to confirm that the level of protection is adequate.
How Long We Keep Your Data
| Data Type | Retention Period | Reason |
|---|---|---|
| Platform account & profile data | Duration of active account + 30 days post-closure | Contractual necessity |
| Campaign performance data (anonymised) | Indefinitely (no personal data retained) | Platform analytics |
| Security & audit logs | 90 days hot / 1 year cold | Security operations |
| Email communications | Duration of business relationship | Legitimate interest |
| Website analytics | 26 months | Standard analytics retention |
When data is no longer required, it is securely deleted or anonymised. Upon request, we will provide written confirmation of deletion.
Cookies and Tracking Technologies
Our website (tatam.com) uses cookies and similar technologies:
- Essential cookies — required for the website and platform to function. These cannot be disabled.
- Analytics cookies — help us understand how visitors use our site using anonymised, aggregated data.
- Preference cookies — remember your settings and preferences.
You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect platform functionality.
Your Rights
Under GDPR and applicable data protection law, you have the following rights:
Request a copy of the personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request deletion of your personal data where there is no overriding reason to retain it.
Request that we limit how we use your data in certain circumstances.
Receive your data in a structured, machine-readable format.
Object to processing based on legitimate interests or for direct marketing.
Where processing is based on consent, withdraw it at any time.
Want to exercise your rights? Contact our Data & Tech Team — we'll acknowledge within 1 business day and respond within 30 days. No charge.
Contact UsIf you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority (e.g. the AEPD in Spain, the ICO in the UK, or the relevant authority in your country).
How We Protect Your Data
TATAM implements and maintains the following technical and organisational security measures:
- Encryption of all personal data at rest (AES-256) and in transit (TLS 1.2+).
- Role-based access controls and multi-factor authentication for all system access.
- Endpoint protection on all corporate devices.
- Regular vulnerability scanning and annual third-party penetration testing of our systems.
- Annual security awareness training for all staff.
- Documented incident response procedures with a 72-hour breach notification commitment.
Children's Privacy
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us at info@tatam.digital and we will delete it promptly.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or via the platform.
Contact Us
If you have any questions about this Privacy Policy, how we handle your personal data, or wish to exercise your rights, please contact:
Data & Tech Team, TATAM
Email: info@tatam.digital
Website: tatam.com
This Privacy Policy was last reviewed and approved on April 7, 2026.
