Last updated: April 1, 2026
Effective Date: April 1, 2026
BigFame Inc. ("BigFame," "we," "us," or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your personal information when you use the BigFame.ai website, mobile applications, APIs, and related services (collectively, the "Services").
This Privacy Policy applies to all users of the Services, including creators, brands, advertisers, website builders, e-commerce merchants, and visitors. It covers information collected through the BigFame.ai platform, our TikTok creator marketplace, AI brand matching tools, website builder, CRM, marketing automation features, e-commerce storefront, domain registration services, and all integrations accessible through the platform.
By accessing or using the Services, you acknowledge that you have read, understood, and agree to the collection and use of your information as described in this Privacy Policy. If you do not agree with our data practices, please discontinue your use of the Services. This Privacy Policy should be read in conjunction with our Terms of Service, available at bigfame.ai/terms.
For individuals in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, BigFame Inc. is the data controller for the personal data we process. For California residents, additional rights and disclosures are provided in Sections 14 and 17 of this Policy.
We collect several categories of information depending on how you interact with the Services:
Information that identifies or can be used to identify you as an individual, including:
Information about how you interact with the Services, including:
Information collected through cookies, web beacons, pixel tags, and similar tracking technologies, as described in detail in Section 9 of this Policy.
When you create an account or log in using Google Firebase Authentication, we collect your Firebase UID, authentication token data, email address associated with your authentication provider, display name, and profile photo URL. This data is used solely for authentication, account management, and security purposes.
When you connect your TikTok account to BigFame.ai, we collect data through the TikTok API, including:
We access this data in accordance with TikTok's API Terms of Service and only with your explicit authorization. You may revoke TikTok access at any time through your TikTok account settings or your BigFame.ai account settings.
Payment processing is handled by Stripe, Inc. When you make a payment or receive a payout, Stripe collects and processes your payment card details, bank account information, and billing address. BigFame.ai does not directly store your full payment card numbers or bank account details. We receive from Stripe limited payment information, including the last four digits of your card, card brand, expiration date, billing address, and transaction history, which we use for account management, invoicing, and fraud prevention.
We collect information through the following methods:
We use the information we collect for the following purposes:
For individuals in the European Economic Area (EEA), United Kingdom (UK), and other jurisdictions that require a legal basis for processing personal data, we rely on the following legal bases under the General Data Protection Regulation (GDPR) and equivalent laws:
Where you have given clear, informed, and freely given consent for specific processing activities. This includes consent for marketing communications, connecting third-party accounts (such as TikTok), enabling optional integrations, and sharing your creator profile data with brands. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
Where processing is necessary to perform our contract with you (the Terms of Service), including providing the Services, managing your account, processing payments, facilitating campaigns, and delivering the features included in your subscription plan.
Where processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Our legitimate interests include platform security and fraud prevention, service improvement and analytics, business administration and operations, enforcing our terms and policies, and marketing to existing customers. We conduct balancing tests to ensure our interests do not override your rights.
Where processing is necessary to comply with our legal obligations, including tax reporting, financial regulations, anti-money laundering laws, court orders, and law enforcement requests.
If you use BigFame.ai as a creator, we collect and process additional categories of data specific to the creator experience:
When you connect your TikTok account, we access your public profile information and content metrics through the TikTok API. This data is refreshed periodically (typically daily) to provide up-to-date analytics. We store historical performance data to generate trend analyses and growth reports. You can disconnect your TikTok account at any time, which will stop future data collection. Previously collected data may be retained in accordance with Section 11 (Data Retention Periods).
We process audience demographic data (including age ranges, gender distribution, and geographic locations) to generate audience insights, power our AI matching algorithm, and provide brands with aggregated audience information. Individual audience member data is not collected; we only process aggregate statistics provided by platform APIs.
Our AI matching system uses your content categories, audience demographics, engagement rates, brand affinity scores, prior campaign history, and stated preferences to recommend brand partnerships. Your creator profile (including selected metrics) may be visible to brands browsing the marketplace, subject to your privacy settings. You can control what information is visible to brands through your Creator Hub privacy settings.
We process data related to your earnings from brand campaigns, including payment amounts, payment dates, campaign identifiers, tax withholding information, and payout details. This data is used for payment processing, tax reporting (including generation of 1099 forms where applicable under US law), platform fee calculations, and earnings analytics. Earnings data is retained for a minimum of seven (7) years to comply with tax and financial regulations.
BigFame.ai integrates with numerous third-party services to provide comprehensive functionality. The following are key third-party services and their data practices:
Stripe processes all payment transactions on our platform. When you provide payment information, it is collected and processed directly by Stripe in accordance with Stripe's Privacy Policy (stripe.com/privacy). Stripe is PCI-DSS Level 1 certified, the highest level of payment security compliance.
We use Google Firebase for user authentication, real-time database services, and cloud functions. Firebase processes authentication data, session tokens, and application performance data in accordance with Google's Privacy Policy and Firebase Terms of Service.
We use Google Analytics to collect and analyze website usage data, including page views, session duration, bounce rates, and traffic sources. Google Analytics uses cookies and may collect IP addresses (which are anonymized). You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
Our integration with TikTok uses the TikTok API to access creator profiles and content metrics with creator authorization. Data accessed through the TikTok API is used in accordance with TikTok's API Terms of Service and this Privacy Policy. We do not access private messages, unpublished content, or login credentials from TikTok.
BigFame.ai offers over 207 integrations with third-party services including social media platforms, email marketing providers, e-commerce tools, CRM systems, analytics platforms, and productivity applications. Each integration you enable may share data between BigFame.ai and the third-party service. We recommend reviewing the privacy policies of any third-party services you connect to your BigFame.ai account. We are not responsible for the privacy practices or data handling of third-party services.
We take the security of your personal information seriously and implement appropriate technical, administrative, and physical safeguards to protect your data from unauthorized access, alteration, disclosure, or destruction.
BigFame.ai is committed to achieving and maintaining SOC 2 Type II compliance, which demonstrates our commitment to security, availability, processing integrity, confidentiality, and privacy. Our infrastructure is hosted on SOC 2 and ISO 27001 certified cloud platforms.
We maintain a documented incident response plan that includes procedures for detecting, containing, investigating, and remediating security incidents. In the event of a data breach that affects your personal information, we will notify you and the relevant supervisory authorities within the timeframes required by applicable law (72 hours under GDPR). Notifications will include a description of the breach, the data affected, the measures taken, and recommendations for protecting yourself.
While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to continuous improvement of our security posture.
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, to provide the Services, and to comply with legal obligations. Specific retention periods are as follows:
| Data Type | Retention Period |
|---|---|
| Account profile information | Duration of account + 30 days after deletion |
| Website content & files | Duration of account + 90 days after deletion |
| Payment & billing records | 7 years (tax and financial compliance) |
| Creator earnings & payout data | 7 years (tax and financial compliance) |
| TikTok analytics data | Duration of account + 30 days after disconnection |
| Campaign & brand deal records | 3 years after campaign completion |
| Customer support communications | 3 years after last interaction |
| Usage & analytics data | 26 months in aggregated form |
| Server logs | 90 days |
| Cookie data | Up to 13 months (varies by cookie type) |
| Marketing consent records | Duration of consent + 5 years |
| Domain registration records | Duration of registration + 1 year after expiry |
After the applicable retention period expires, we will securely delete or anonymize your data. Aggregated and anonymized data that can no longer identify you may be retained indefinitely for statistical and research purposes.
BigFame Inc. is based in the United States, and your personal information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from the laws of your jurisdiction.
For transfers of personal data from the EEA, UK, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we rely on the European Commission's Standard Contractual Clauses (SCCs) as a lawful transfer mechanism. These contractual provisions ensure that your data receives equivalent protection regardless of where it is processed. We use the most current version of the SCCs adopted by the European Commission, supplemented by additional safeguards where required.
BigFame Inc. is committed to complying with the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework, as applicable, for the transfer of personal data from the European Union, United Kingdom, and Switzerland to the United States.
In addition to SCCs and the DPF, we implement supplementary technical and organizational measures to protect transferred data, including encryption in transit and at rest, access controls, data minimization, and regular assessments of the legal framework of recipient countries. We ensure that our sub-processors are contractually obligated to maintain equivalent data protection standards.
If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and equivalent local laws:
You have the right to request a copy of the personal data we hold about you, along with information about how we process it. We will respond to your request within one (1) month, which may be extended by two additional months for complex or numerous requests.
You have the right to request correction of inaccurate or incomplete personal data. You can update much of your information directly through your account settings, or contact us for assistance with data that cannot be self-corrected.
You have the right to request the deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when you object to processing and there are no overriding legitimate grounds. Please note that we may need to retain certain data for legal compliance, dispute resolution, or the exercise or defense of legal claims.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format (such as JSON or CSV), and to transmit that data to another controller without hindrance, where processing is based on consent or contract and carried out by automated means.
You have the right to request restriction of processing of your personal data in certain circumstances, including when you contest the accuracy of the data, when processing is unlawful, or when we no longer need the data but you require it for legal claims.
You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will stop processing your data for that purpose immediately. For other objections, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
Where processing is based on your consent, you have the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with your local supervisory authority (Data Protection Authority). We would appreciate the opportunity to address your concerns before you approach the supervisory authority, so please contact us first at privacy@bigfame.ai.
To exercise any of these rights, please contact us at privacy@bigfame.ai or through your account settings. We will verify your identity before processing your request. Requests are generally processed free of charge, though we may charge a reasonable fee for manifestly unfounded or excessive requests.
If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with the following rights regarding your personal information:
You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected the information, the business or commercial purpose for collecting or selling the information, and the categories of third parties with whom we share the information. You may make a verifiable request up to twice within a 12-month period.
You have the right to request the deletion of your personal information that we have collected, subject to certain exceptions as provided by law (such as data needed to complete a transaction, detect security incidents, comply with a legal obligation, or exercise free speech).
BigFame.ai does not sell your personal information to third parties as defined by the CCPA. If our practices change in the future, we will update this Policy and provide an opt-out mechanism. We may share personal information with service providers for business purposes, which is not considered a "sale" under the CCPA. For cross-context behavioral advertising, you have the right to opt out of the sharing of your personal information by contacting us at privacy@bigfame.ai or through the "Do Not Sell or Share My Personal Information" link on our website.
You have the right to request correction of inaccurate personal information that we maintain about you, taking into account the nature of the personal information and the purposes of processing.
BigFame.ai will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, provide a different level or quality of service, or suggest that you may receive a different price or quality of goods or services as a result of exercising your rights.
To exercise your CCPA/CPRA rights, contact us at privacy@bigfame.ai or call (617) 401-7650. We will verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf, subject to proper verification.
BigFame.ai is not intended for use by children under the age of 13 (or under the age of 16 in the EEA/UK). We do not knowingly collect, use, or disclose personal information from children under 13.
In compliance with the Children's Online Privacy Protection Act (COPPA) and equivalent international regulations, if we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take immediate steps to delete that information from our servers.
If you are a parent or guardian and believe that your child under 13 has provided personal information to us, please contact us immediately at privacy@bigfame.ai. We will promptly investigate and take appropriate action, including deletion of the child's information.
Users between the ages of 13 and 17 may only use the Services under the supervision of a parent or legal guardian who agrees to be bound by these Terms and this Privacy Policy. BigFame.ai reserves the right to require age verification at any time.
Some web browsers transmit "Do Not Track" (DNT) signals to the websites and other online services with which the browser communicates. There is currently no universally accepted standard for how companies should respond to DNT signals. At this time, BigFame.ai does not respond to DNT signals. However, you can manage your tracking preferences through the cookie settings described in Section 9 of this Policy.
We honor the Global Privacy Control (GPC) signal as a valid opt-out of the sale or sharing of personal information for California residents, in accordance with the CCPA/CPRA. If we detect a GPC signal from your browser, we will treat it as a request to opt out of the sale or sharing of your personal information associated with that browser.
Under California Civil Code Section 1798.83 ("Shine the Light" law), California residents who have an established business relationship with BigFame Inc. may request information about our disclosure of personal information to third parties for their direct marketing purposes during the preceding calendar year.
To make such a request, please send an email to privacy@bigfame.ai with the subject line "Shine the Light Request" or write to us at: BigFame Inc., Attn: Privacy Team, 33 Arch St, Boston, MA 02109.
Please include your name, mailing address, and a clear statement that you are making a request under the Shine the Light law. We will respond within thirty (30) days of receiving your request. Please note that BigFame.ai does not currently disclose personal information to third parties for their direct marketing purposes.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or business operations. When we make changes, we will:
Your continued use of the Services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree to the changes, you should stop using the Services and contact us to delete your account.
We encourage you to review this Privacy Policy periodically to stay informed about our data practices. Prior versions of this Privacy Policy are available upon request.
BigFame Inc. has appointed a Data Protection Officer (DPO) to oversee compliance with data protection laws and to serve as a point of contact for data subjects and supervisory authorities.
You may contact our Data Protection Officer for any questions or concerns about our data processing practices, to exercise your data protection rights, or to submit a complaint about our handling of your personal information:
Our DPO will respond to all inquiries within thirty (30) days. For complex requests, we may extend this period by an additional sixty (60) days, in which case we will notify you of the extension and the reasons for the delay.
If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or your personal information, please contact us through any of the following channels:
By using BigFame.ai, you acknowledge that you have read this Privacy Policy, understand it, and agree to the collection, use, and disclosure of your information as described herein.
Copyright 2026 BigFame Inc. All rights reserved.