Rumoo — Legal

Privacy Policy

Last updated: 21 April 2026

1. Introduction

Rumoo ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Rumoo platform ("Platform"), in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable EU data protection laws.

The data controller for your personal data is Rumoo. You can contact us at info@moodglobalservices for any privacy-related inquiries.

2. Data We Collect

2.1 Data You Provide Directly

  • Registration data: name, email address, password (hashed), user type (Brand or Influencer);
  • Profile data: business name, industry vertical, content niche, portfolio information;
  • Communication data: messages exchanged between Brands and Influencers on the Platform;
  • Transaction data: subscription and payment information (processed by third-party payment providers — Rumoo does not store raw payment card data).

2.2 Data Collected from Instagram / Meta APIs

When you connect your Instagram account as an Influencer, we collect the following data through Meta's authorized APIs:

  • Public profile data: Instagram username, profile picture, follower count, following count;
  • Engagement metrics: average likes, comments, engagement rate on posts;
  • Content performance data: reach, impressions, story views (where authorized via Instagram permissions);
  • Audience insights: aggregate demographic data (age ranges, location by city/country, gender distribution) — this data is never attributed to individual followers.

This data is collected solely to enable Rumoo's matching and analytics features. It is never sold to third parties or used for advertising targeting outside the Platform.

2.3 Data Collected Automatically

  • Usage data: pages visited, features used, session duration, clicks;
  • Device and technical data: device type, operating system, browser type, IP address;
  • Cookies and similar technologies: as described in our Cookie section below.

3. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases:

  • Contract performance (Art. 6(1)(b) GDPR): to provide the Platform's services to you;
  • Legitimate interests (Art. 6(1)(f) GDPR): for fraud prevention, security, and improving the Platform;
  • Consent (Art. 6(1)(a) GDPR): where you have given explicit consent, such as connecting your Instagram account;
  • Legal obligation (Art. 6(1)(c) GDPR): where processing is required to comply with applicable law.

4. How We Use Your Data

We use your personal data to:

  • Create and manage your account;
  • Match Brands with relevant Influencers based on audience and content fit;
  • Display campaign analytics and campaign ROI data;
  • Facilitate communication between Brands and Influencers;
  • Process payments and subscriptions;
  • Send service-related notifications and updates;
  • Comply with legal obligations and Meta's Platform Policies;
  • Improve the Platform's features and user experience.

5. Meta Platform Data — Specific Obligations

Data obtained through Meta's Instagram APIs is subject to Meta's Platform Terms in addition to this Privacy Policy. Specifically:

  • We use Meta API data only for the purposes described in this Policy and within the functionality of the Rumoo Platform;
  • We do not transfer Meta API data to third-party advertising networks, data brokers, or analytics providers that use data for ad targeting;
  • We do not use Meta API data to build user profiles for purposes unrelated to the Platform's core matching and analytics features;
  • We do not allow third parties to access Meta API data obtained through the Platform, except for service providers acting on our behalf under appropriate data processing agreements;
  • Instagram account connections can be revoked at any time through Instagram's settings, and upon revocation, Rumoo will cease accessing new data and will delete previously collected Instagram API data within 90 days, unless retention is required by law.

6. Data Sharing and Third Parties

We do not sell your personal data. We may share your data with:

  • Service providers: cloud hosting, payment processors, email services, and analytics tools acting on our behalf under GDPR-compliant data processing agreements;
  • Business counterparties: when a Brand-Influencer collaboration is confirmed, limited profile data (name, metrics, content links) is shared between the parties involved;
  • Legal authorities: when required by applicable law, regulation, or court order;
  • Meta / Instagram: as required to operate the API integration (subject to Meta's own privacy policies).

All third-party processors are contractually bound to process data only on Rumoo's instructions and in accordance with applicable data protection laws.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

  • Account data: retained for the duration of your account plus 12 months after closure, unless a longer period is required by law;
  • Instagram API data: retained for the duration of the Instagram connection plus 90 days after disconnection;
  • Communication data: retained for 24 months to facilitate dispute resolution;
  • Financial/transaction data: retained for 10 years as required by EU accounting regulations.

8. Your Rights (GDPR)

As a data subject under GDPR, you have the following rights:

  • Right of access (Art. 15): to request a copy of the personal data we hold about you;
  • Right to rectification (Art. 16): to request correction of inaccurate data;
  • Right to erasure (Art. 17): to request deletion of your data, subject to legal retention requirements;
  • Right to restriction of processing (Art. 18): to request limitation of how we process your data;
  • Right to data portability (Art. 20): to receive your data in a structured, machine-readable format;
  • Right to object (Art. 21): to object to processing based on legitimate interests;
  • Right to withdraw consent: at any time, without affecting lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at info@moodglobalservices. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. Data Security

Rumoo implements appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted data transmission (TLS), access controls, and regular security assessments.

While we take data security seriously, no method of transmission over the internet is 100% secure. We encourage users to use strong, unique passwords and to notify us immediately of any suspected security breach.

10. Cookies

We use cookies and similar tracking technologies to operate the Platform, remember your preferences, and analyze usage. You can manage your cookie preferences through your browser settings or the cookie consent tool provided on the Platform.

We do not use cookies for third-party advertising targeting.

11. Children's Privacy

The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will delete it promptly.

12. International Data Transfers

As an EU-based platform, Rumoo stores and processes data within the European Economic Area (EEA) wherever possible. If data is transferred outside the EEA, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V, such as Standard Contractual Clauses (SCCs).

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Policy on the Platform and, where appropriate, by email. Your continued use of the Platform after the effective date constitutes acceptance of the updated Policy.

14. Contact and Data Controller

For any questions, requests, or complaints regarding this Privacy Policy or your personal data, please contact:

Rumoo

Email: info@moodglobalservices

Platform: rumoo.app

You have the right to lodge a complaint with your national data protection supervisory authority if you believe your data protection rights have been violated.