Skip to content

Outreach Privacy Notice

Updated 2026-05-12

This notice explains how we identify creators in e-commerce niches and reach out about our affiliate partner program. It is provided under Article 14 of the EU GDPR (information for data subjects when personal data are not obtained directly from the individual).

Controller of record

CREATIVESERVICE EOOD, registered in the Republic of Bulgaria. Company identifier and full registered address are available on request via support@sellercards.com.

Why we are processing your data

We operate an affiliate partner program for SellerCard (sellercards.com), an AI workspace for marketplace sellers. To decide whom we approach about a partnership, we look at publicly available creator profiles in adjacent niches (Etsy print-on-demand, multi-marketplace seller education, Amazon FBA content, etc.) and score them for fit. If you are reading this notice, you most likely received a direct message or email from us referencing this page.

Where your data came from

  • Public profile pages on Instagram, TikTok and YouTube indexed by hashtag and topic relevance. Data is retrieved through Apify actors operating against the public-facing endpoints of those platforms, or in the case of YouTube via the official Data API v3.
  • Public Telegram channels surfaced through standard web search operators (e.g. site:t.me).
  • Information you may have voluntarily added to your public bio (business email, country, niche descriptors, linktree).

We do not buy data from brokers, scrape behind authentication walls, or process content from private accounts.

Categories of data we hold about you

  • Your public handle on the platform where we found you
  • Public display name (if shown on your profile)
  • Approximate follower count and engagement rate (computed from public posts)
  • Niche fit signal derived from the topic of your recent public posts
  • Country/region signal (if your profile indicates one)
  • Public business email or contact link (if you have published one)
  • An internal compatibility score (0–100) derived from the above
  • A timestamp of when we discovered your profile and any contact attempts we made

Legal basis

Our lawful basis for the outreach phase is Article 6(1)(f) GDPR — legitimate interests. The legitimate interest is our commercial interest in identifying creators whose audience is a strong fit for SellerCard's product so we can offer a fair affiliate partnership.

We balanced this interest against your reasonable expectations as someone with a public creator profile by: (a) limiting data collected to what is strictly necessary for the partnership decision, (b) committing to a 24-hour deletion SLA when you reply STOP, (c) not processing any special-category data, and (d) keeping the decision to contact you under human review rather than fully automated. If you accept our partnership offer, processing from that point onward is based on Article 6(1)(b) GDPR (performance of the affiliate contract).

Retention

  • Raw Apify datasets from each discovery run are automatically purged by Apify within 7 days.
  • Derived scoring records (the row about you in our outreach tracker) are kept for up to 90 days from first contact if you do not reply, then automatically purged.
  • If you become an affiliate partner, your data is retained for as long as the partnership is active and for any statutory periods required afterwards (tax, accounting).
  • If you reply STOP, UNSUBSCRIBE or otherwise ask us to stop, we delete your row within 24 hours and add you to our suppression list so we do not re-contact you in the future.

Who we share it with

We use a small number of subprocessors strictly to operate the outreach and the partner program itself — see our Subprocessors list for the canonical inventory. The two most relevant for outreach specifically are:

  • Apify s.r.o. (Czech Republic) — runs the discovery actors against public platform endpoints.
  • Affonso — operates the affiliate program infrastructure (link tracking, commission accounting, payouts) once you accept the partnership.

We do not sell your data and we do not transfer it to any party not listed in the Subprocessors page.

Your rights

Under GDPR Articles 15–22 you have the right to: access the data we hold about you, ask us to correct or erase it, object to processing, request restriction, and request portability where it applies. You may also lodge a complaint with the Bulgarian supervisory authority (Commission for Personal Data Protection) or the supervisory authority in your country of residence.

To exercise any of these rights, email support@sellercards.com. We respond to STOP / opt-out requests within 24 hours and to all other rights requests within 30 days.

No automated decision-making

Although we score profiles for fit, the decision to actually contact you is reviewed by a human (the founder) before any message is sent. We do not make decisions producing legal effects for you on a fully automated basis.

International transfers

Where our subprocessors operate outside the EU/EEA, transfers are covered by EU Standard Contractual Clauses or the EU-US Data Privacy Framework, as indicated per subprocessor on the Subprocessors page.

Contact

For any question, request, or complaint about how we found you or what we are doing with your data: email support@sellercards.com.