Effective Date: July 4, 2026
Last Updated: July 5, 2026
This Privacy Policy applies to the Storika platform operated by Storika, Inc. and is published at https://www.storika.ai/privacy. It covers the Storika brand application (app.storika.ai), the Storika creator application (app.storika.ai/creator), and the Storika marketing website (www.storika.ai), together with related APIs, subdomains, and services.
Storika, Inc. ("Storika," "we," "us," or "our") is an AI-powered creator-marketing technology provider that enables direct-to-consumer and enterprise brands to discover, evaluate, and collaborate with micro- and nano-influencers. Through proprietary semantic search, ontology-based video analysis, and machine-learning models, Storika analyzes creator profiles, content patterns, and audience signals to automate the end-to-end creator-marketing campaign lifecycle, including brand-creator matching, campaign brief generation, workflow execution, and performance tracking (collectively, the "Service").
This Privacy Policy ("Policy") describes how we collect, use, disclose, and protect personal information of the brands and agencies that use our Service ("Clients"), the creators who connect their accounts to participate in campaigns ("Creators"), public social-media creators whose publicly available data we ingest for discovery, visitors to our websites, TikTok Shop sellers and end-customers whose information we process through partner integrations, and other individuals whose information we process. By accessing or using the Service, you acknowledge that you have read and understood this Policy.
Storika is available to Clients and Creators globally, in every country supported by Stripe Connect; physical-product shipping, where a campaign involves shipped goods, is currently available in the United States only. Storika is committed to protecting personal information and complying with applicable data-protection laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA") where applicable, the EU General Data Protection Regulation ("GDPR"), the UK GDPR and Data Protection Act 2018 ("UK GDPR"), and other applicable privacy laws, as well as the platform terms of the partners whose APIs we use, including TikTok and Meta.
Storika processes four categories of individuals:
Registered Clients: Corporate administrators, marketing managers, and agency partners who create accounts to manage campaigns, issue briefs, and view analytics.
Registered Creators: Individuals who intentionally register and connect their social-media or payout accounts (for example, via OAuth authentication or Stripe Connect) and opt in to participate in campaigns.
Public Social-Media Creators: Creators who have not registered an account with Storika but whose publicly available profile data, public content, and public performance metrics are ingested, processed, and indexed by Storika's discovery and video-intelligence engines for brand-discovery purposes.
Partner Platform Sellers and End-Customers: Where Storika is authorized to operate through partner integrations such as the TikTok Shop Open API, we may process seller, shop, order, contact, fulfillment, campaign, and related end-customer information only as necessary to provide the authorized partner-app functionality, support seller requests, comply with platform requirements, and maintain security.
We also collect standard telemetry, cookies, and device metadata from visitors to our public websites, landing pages, and marketing pages.
"Personal Information" means information that identifies, relates to, or could reasonably be linked with a particular individual or household.
Information You Provide Directly
Clients: When a Client registers or transacts, we collect information such as name, business email address, company name, phone number, account credentials, and billing metadata. Client billing is handled through subscription and usage-based token charges processed by our payment processor; we do not store full payment-card or bank-account details on our own servers.
Creators: When a Creator registers and connects an account, we collect the information necessary to onboard and pay them, including name, social-media handle, contact information, and account-authentication data. Creator payment details, identity-verification (KYC), and tax information are collected and held directly by Stripe through Stripe Connect (Standard) and are not stored by Storika. For paid-campaign payouts, the Creator is the merchant of record; Storika does not hold or take custody of campaign funds.
Information We Collect From Connected Platforms
When a Creator authorizes a connection, or when we operate on behalf of a Client, we access information through partner application programming interfaces, including TikTok for Business, the TikTok Shop Open API, the Instagram/Meta Graph API, YouTube API Services, and other Google APIs where connected. We request only the minimum API scopes necessary to provide the Service and minimize sensitive scopes wherever possible. Information received may include profile data, content and creative assets, campaign and order interactions, shop or seller information, order and contact information where authorized, fulfillment or commerce-related metadata, and delivery or performance metrics. If you connect a YouTube or Google account, or if the Service uses YouTube API Services or other Google APIs with your authorization, Storika’s access to and use of Google API data is subject to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including applicable Limited Use requirements. Your use of YouTube API Services is also subject to the YouTube Terms of Service (https://www.youtube.com/t/terms), and Google’s processing of information is described in the Google Privacy Policy (https://policies.google.com/privacy). You may revoke Storika’s access to Google or YouTube data through Google’s security settings at https://security.google.com/settings/security/permissions where applicable.
Publicly Available Creator Data
For brand-discovery purposes, Storika ingests publicly available creator profile data, public content, and public performance metrics from third-party social platforms, including through third-party data-ingestion tools such as Apify. This information is held in a discovery index that is logically segregated from registered-account data. Storika may apply semantic matching, ontology-based video analysis, machine-learning scoring, and other profiling to this public creator data for discovery and campaign-matching purposes. Public Social-Media Creators may request removal from the discovery index or object to profiling by contacting privacy@storika.ai.
Information We Collect Automatically
When you use our websites or Service, we automatically collect IP address, device and browser information, server logs (user agent, timestamps), product-usage events, and error diagnostics. We use web-based registration forms, Google single sign-on, persistent and session cookies (including for authentication and CSRF protection), product-analytics SDKs (PostHog), and error-monitoring SDKs (Sentry/Bugsnag). Required cookies are essential to operation; performance and functionality cookies are loaded subject to consent where required. Storika does not currently use third-party advertising or remarketing cookies.
We use Personal Information to:
Deliver and operate the Service, including creator discovery, brand-creator matching, campaign brief generation, workflow execution, TikTok Shop and other partner-platform workflows, seller support, and performance reporting;
Manage accounts, authenticate users, and provide customer support;
Process Client billing, including subscriptions and usage-based tokens, and remit Creator payouts through our payment processor;
Train, validate, and refine our proprietary AI/ML models for creator matching, content analysis, and campaign-performance prediction, using aggregated, anonymized, or de-identified data where feasible and excluding payment-card, banking, KYC, and tax data held by payment processors. Storika does not use TikTok Shop U.S. seller, order, contact, fulfillment, or end-customer data to train AI/ML models except where expressly permitted and only in aggregated, anonymized, or de-identified form;
Generate aggregated analytics and benchmark reports;
Send transactional communications and, for Client and agency users, direct marketing (with opt-out available);
Detect fraud, monitor security, and prevent abuse; and
Comply with legal, regulatory, tax, and accounting obligations.
We do not sell your Personal Information, we do not share Personal Information for cross-context behavioral advertising, and we do not purchase personal data from data brokers. We share Personal Information only as follows:
Service Providers / Sub-Processors: We share data with vetted vendors who process it on our behalf under Data Processing Agreements, each receiving only the data necessary for its function. These include Google Cloud Platform (hosting and databases), Vercel (frontend hosting), PostHog (product analytics), Sentry/Bugsnag (error monitoring with PII scrubbing), Google Workspace (email and documents), Customer.io and Resend (transactional and marketing email), and Apify (public-data ingestion).
Payment Processor: Stripe processes Client billing and Creator payouts through Stripe Connect (Standard) and holds related KYC, tax, and payment-instrument data. Storika does not charge a platform fee on Creator payouts and does not store card, bank, KYC, or tax data on Storika infrastructure.
Connected Platforms: We exchange data with partner platforms, such as TikTok, Meta, YouTube, and Google, as necessary to provide the Service and in accordance with their platform terms.
Between Clients and Creators: Information necessary to facilitate a campaign is shared between the participating Client and Creator.
Legal and Safety: We may disclose information to comply with law, respond to lawful requests, or protect the rights, property, or safety of Storika, our users, or others.
Business Transfers: In connection with a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction.
Subject to applicable law, you may have the right to request access to, correction of, deletion of, or portability of your Personal Information, and to opt out of certain processing. To exercise these rights, contact us at privacy@storika.ai. Public Social-Media Creators may also request removal from our discovery index, and any Creator may object to profiling or automated analysis for discovery and matching, by contacting privacy@storika.ai. We will honor verified requests within the timeframes required by applicable law and our contractual obligations.
Storika honors the Global Privacy Control (GPC) signal for users in CCPA-covered jurisdictions and provides opt-out controls in our cookie preference center. Vetted Creators may disconnect their OAuth tokens at any time, which immediately ends ongoing collection from the connected account. For Google or YouTube connections, users may also revoke access through Google’s security settings at https://security.google.com/settings/security/permissions where applicable. Storika will also assist sellers, TikTok Shop, and other authorized partners in fulfilling access, correction, deletion, and other end-user data requests where required by law or contract. We do not discriminate against users for exercising their privacy rights.
Storika maintains technical and organizational measures designed to protect Personal Information. Personally identifiable account data is stored in encrypted relational databases on Google Cloud Platform; behavioral and analytics data is stored separately in BigQuery and linked by tokenized identifiers rather than direct PII. All user data in operational and analytical databases, object storage, and backup snapshots is encrypted at rest using AES-256, and all client-to-server traffic is encrypted in transit using TLS 1.2 or higher. Access to production systems and personal data follows role-based, least-privilege controls with single sign-on and mandatory two-factor authentication; credentials, OAuth tokens, and API secrets are stored in a dedicated secrets manager. Production workloads are segregated from development and staging, production PII is not copied to non-production environments, and sensitive data stores are logically separated. Storika uses cloud logging, Google Cloud Security Command Center, IP allowlisting where appropriate, CI-based dependency scanning, code review for production deployments, and macOS endpoint controls such as FileVault, XProtect, Gatekeeper, automatic screen locking, and security updates. Suspected incidents may be reported to privacy@storika.ai; confirmed breaches affecting partner, seller, or end-customer data will be handled under our incident-response process, including notice to affected partners, sellers, regulators, and individuals where required by law or contract. No system is perfectly secure, and we cannot guarantee absolute security.
We retain Personal Information only as long as necessary to provide the Service or as required by tax, accounting, and legal record-retention rules (typically seven years for transactional records). After the applicable retention period, identifying PII is deleted or anonymized, and backups are purged on a rolling 90-day cycle. At the end of a partner or customer relationship, we delete or return collected customer data in our possession, subject to legal-hold and statutory-retention exceptions.
Storika stores and processes TikTok Shop U.S. data only in Google Cloud Platform U.S. regions, including us-central1 and us-east1. Storika does not intentionally store or process TikTok Shop U.S. data outside the United States. Storika's other service data is also processed primarily in U.S.-hosted infrastructure. Because the Service is available globally, personal information of Clients and Creators located outside the United States may be transferred to and stored in the United States; where required, Storika uses applicable contractual safeguards, such as Standard Contractual Clauses or equivalent transfer mechanisms. Payment data is held by Stripe at Stripe's facilities and is not stored on Storika infrastructure.
The Service is intended for business users and creators who are at least 18 years of age. We do not direct the Service to, or knowingly collect Personal Information from, children under 18. If we learn that we have collected Personal Information from a child under 18 without appropriate consent, we will delete it.
We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated Policy at https://www.storika.ai/privacy and revise the "Last Updated" date above. Material changes will be communicated as required by law.
If you have any questions, concerns, or requests regarding this Policy or our privacy practices, please contact us at:
Storika, Inc.
1259 El Camino Real, Unit #1321
Menlo Park, CA 94025
United States
Privacy and data-subject requests: privacy@storika.ai
General support: contact@storika.ai