444Affiliates is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and your rights regarding your personal data. Please read this policy carefully. By using our platform, you agree to the practices described here.
We collect several categories of information to provide and improve the 444Affiliates platform:
When you register, we collect:
Information about your business that you enter into the platform:
When you connect social media accounts (Meta, Google, TikTok), we store the OAuth access tokens granted by those platforms. These tokens allow our platform to act on your behalf (post content, manage ads, read analytics). All OAuth tokens are encrypted using AES-256-GCM encryption before being stored. We do not store your social media passwords.
Through connected ad platforms, we access and store:
If you use CRM or prospecting features, we may store:
You are responsible for ensuring you have a lawful basis to store and process your contacts' personal data in our platform.
We automatically collect information about how you use the platform:
| Collection Method | What Is Collected |
|---|---|
| Directly from you | Account registration, form inputs, content uploads, support inquiries, billing information |
| Via OAuth authorization | When you connect Meta, Google, or TikTok accounts — we receive access tokens and, if permitted, account data such as pages, ad accounts, and analytics |
| Via Meta APIs | Facebook Graph API, Instagram API, Meta Ads API — campaign data, page insights, audience data |
| Via Google APIs | Google Ads API — campaign performance, keyword data, conversion metrics |
| Via TikTok APIs | TikTok Ads API, TikTok for Developers — campaign data, content performance |
| Via Apollo.io | Prospect and company data through the Apollo enrichment API (when enabled) |
| Automatically (usage tracking) | Cookies, local storage, server logs, and analytics tools to understand platform usage |
We use the information we collect for the following purposes:
We do not use your data to serve you third-party advertising, nor do we sell your data for any purpose.
Where your data is stored. All 444Affiliates data is hosted on US-based infrastructure, including Render (application hosting) and Neon (PostgreSQL database hosting). Both providers maintain SOC 2 Type II compliance and industry-standard security practices.
All stored data encrypted using AES-256
All data in transit protected via TLS 1.2+
OAuth credentials encrypted with AES-256-GCM
OAuth credentials. Social media access tokens and API keys are encrypted before being written to the database using AES-256-GCM authenticated encryption. The encryption key is stored separately from the data and is never logged.
Password hashing. Account passwords are hashed using a strong one-way hashing algorithm (bcrypt) with a unique salt per user. We cannot retrieve your plaintext password.
Access controls. Access to production data is restricted to authorized personnel on a need-to-know basis. We maintain access logs for audit purposes.
Security limitations. While we implement industry-standard security measures, no system is completely immune to security breaches. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.
We do not sell your personal data. We share your data only in the following circumstances:
We transmit data to the following platforms solely to provide the features you use:
We engage trusted service providers who process data on our behalf under contractual obligations that restrict their use of your data:
We may disclose your information if required by law, court order, or government authority, or if we believe disclosure is necessary to protect our rights, prevent fraud, or ensure user safety.
In the event of a merger, acquisition, or sale of all or substantially all of our assets, your data may be transferred to the acquiring entity. We will provide notice before your data is transferred and becomes subject to a different privacy policy.
We do not sell your data. 444Affiliates does not sell, rent, or trade your personal information or your contacts' data to any third party for their own marketing or commercial purposes.
We retain your data for as long as necessary to provide the service and comply with legal obligations:
| Data Category | Retention Period |
|---|---|
| Account information (name, email) | While account is active, plus 90 days after cancellation |
| Business data and content | While account is active, plus 90 days after cancellation |
| OAuth tokens and credentials | While account is active or until you disconnect the integration |
| Contact lists and CRM data | For the duration of your active subscription |
| Ad performance and analytics data | While account is active, plus 90 days after cancellation |
| Server logs and access logs | 12 months from creation |
| Billing records | 7 years (tax and financial compliance) |
| Support communications | 3 years from resolution |
After the applicable retention period, data is permanently deleted or anonymized. You may request early deletion of your data as described in Sections 7 and 8 below, subject to our legal retention obligations.
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following rights:
You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, our business purpose for collecting it, and the categories of third parties with whom we share it.
You may request a copy of the specific personal information we hold about you.
You may request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, security purposes).
You may request correction of inaccurate personal information we hold about you.
We do not sell your personal information, so this right is not currently applicable. If that changes, we will update this policy and provide an opt-out mechanism.
We will not discriminate against you for exercising any CCPA right — no denial of service, different pricing, or different quality of service.
To exercise any of these rights, contact us at 444affiliates@gmail.com. We will respond within 45 days, with one possible 45-day extension for complex requests.
If you are located in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) or UK GDPR grants you the following rights:
Request a copy of the personal data we hold about you and information about how it is processed.
Request correction of inaccurate or incomplete personal data we hold about you.
Request deletion of your personal data ("right to be forgotten") where there is no legitimate reason for us to continue processing it.
Request that we restrict processing of your personal data in certain circumstances (e.g., while accuracy is disputed).
Receive your personal data in a structured, machine-readable format and have it transmitted to another controller where technically feasible.
Object to processing of your personal data where we rely on legitimate interests as the legal basis.
Legal basis for processing. We process your personal data on the following legal bases:
International transfers. Your data is stored on US-based servers. When we transfer data from the EEA/UK to the US, we rely on Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms as required by applicable law.
Right to lodge a complaint. If you believe we have violated your data protection rights, you have the right to lodge a complaint with your national Data Protection Authority (DPA).
To exercise any of the rights described in Sections 7 and 8, please contact us:
Email: 444affiliates@gmail.com
Subject line: "Privacy Rights Request" (please include which right you wish to exercise)
Response time: We will acknowledge your request within 5 business days and respond within 30 days (or as required by applicable law).
To protect your privacy and security, we may require you to verify your identity before processing your request. We will not charge a fee for reasonable requests but may charge for excessive or unfounded requests.
Please note that some data cannot be deleted if it is subject to a legal obligation, needed to complete a transaction you requested, or necessary to detect or prevent security incidents.
We use cookies and similar tracking technologies to operate the platform. For full details, see our Cookie Policy. In summary:
You can control cookies through your browser settings, though disabling essential cookies will prevent you from logging in or using the platform.
444Affiliates is not intended for or directed at children under the age of 18. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe your child has provided personal information to us, please contact us at 444affiliates@gmail.com and we will promptly delete the information.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will:
Your continued use of the platform after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you disagree with the changes, you may close your account before the effective date.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
444Affiliates
Email: 444affiliates@gmail.com
For privacy inquiries, data rights requests, or to report a privacy concern.
You may also review related policies: