Privacy Policy

Last updated: 7 February 2026

1. Introduction

This privacy policy explains how The Influencer List, operated by The App Agency Ltd, a company registered in England and Wales ("we", "us", "our"), collects, uses, stores, and protects information when you visit our website at https://the-influencerlist.com (the "Site").

We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

By using this Site, you acknowledge that you have read and understood this privacy policy. If you do not agree with our practices, please do not use the Site.

2. Data controller

The data controller responsible for your personal data is:

The App Agency Ltd
Email: [email protected]

If you have any questions about this privacy policy or our data practices, please contact us using the details above.

3. Information we collect

3.1 Information you provide directly

When you submit an Instagram handle through our "Get Listed" feature, we collect and store:

  • The Instagram handle you submit
  • Publicly available profile information associated with that handle, including: display name, profile photograph, follower count, following count, and account verification status

We do not require you to create an account, provide your name, email address, or any other personal contact information to use the Site.

3.2 Information collected automatically

When you visit the Site, we automatically collect certain technical and usage data through Google Analytics 4, including:

  • Pages viewed, time spent on each page, and navigation paths
  • Scroll depth and reading progress on articles
  • Interactions such as shares, link clicks, and button presses
  • Device type, screen resolution, browser type, and operating system
  • Approximate geographic location derived from your IP address (country and city level only — we do not store your full IP address)
  • Referral source (how you arrived at our Site, e.g. search engine, social media, direct)
  • Session duration and frequency of visits

Google Analytics 4 uses first-party cookies and does not collect personally identifiable information in its default configuration. IP anonymisation is enabled.

3.3 Information we do not collect

We do not collect or process:

  • Your name, email address, phone number, or postal address (unless you contact us directly)
  • Payment or financial information
  • Special category data (racial or ethnic origin, political opinions, religious beliefs, health data, sexual orientation, biometric data, or trade union membership)
  • Data from children — the Site is not directed at individuals under the age of 16

4. Lawful basis for processing

Under the UK GDPR, we rely on the following lawful bases for processing personal data:

  • Legitimate interests (Article 6(1)(f)) — We process analytics data to understand how visitors use our Site, improve the user experience, and measure the effectiveness of our content. We have conducted a legitimate interests assessment and concluded that this processing does not override your rights and freedoms, given the anonymised nature of the data collected.
  • Consent (Article 6(1)(a)) — Where required by PECR, we obtain your consent before placing non-essential cookies on your device.
  • Legitimate interests (Article 6(1)(f)) — We display publicly available social media profile information in our creator directory. This information is already in the public domain and is used for informational and editorial purposes.

5. How we use your information

We use the information we collect for the following purposes:

  • To operate and maintain the Site and its features
  • To display creator profiles in our public directory, including names, handles, profile photographs, follower counts, and niche categories
  • To understand how visitors interact with our Site and identify areas for improvement
  • To measure the reach and engagement of our editorial content
  • To detect and prevent misuse, abuse, or security threats
  • To comply with our legal obligations

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

6. Cookies and tracking technologies

6.1 What are cookies

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work efficiently and to provide information to the site operators.

6.2 Cookies we use

CookieProviderPurposeDurationType
_gaGoogle AnalyticsDistinguishes unique users by assigning a randomly generated identifier2 yearsAnalytics
_ga_<ID>Google AnalyticsMaintains session state and tracks pageviews across the session2 yearsAnalytics

6.3 Managing cookies

You can control and delete cookies through your browser settings. Most browsers allow you to:

  • View what cookies are stored and delete individual cookies
  • Block third-party cookies
  • Block all cookies from specific sites
  • Block all cookies from being set
  • Delete all cookies when you close your browser

Please note that disabling cookies will not affect the core functionality of the Site, as we do not use cookies for essential site operations.

You can also opt out of Google Analytics specifically by installing the Google Analytics Opt-out Browser Add-on.

7. Data sharing and third parties

7.1 Third-party services

We use the following third-party services that may process data on our behalf:

  • Google Analytics 4 (Google LLC) — Website analytics. Data may be transferred to the United States. Google is certified under the UK Extension to the EU-US Data Privacy Framework. Google's privacy policy.
  • Instagram / Meta Platforms (Meta Platforms, Inc.) — We retrieve publicly available profile data (name, photograph, follower count, verification status) for creators listed in our directory. We access only information that is publicly visible on the Instagram platform. Instagram's privacy policy.
  • Railway (Railway Corp.) — Cloud hosting provider. Our servers and database are hosted on Railway's infrastructure. Railway's privacy policy.
  • Adobe Fonts (Adobe Inc.) — Web font delivery. Adobe may collect anonymised usage data when fonts are loaded. Adobe Fonts privacy FAQ.

7.2 Data sharing

We do not sell, rent, or trade your personal data to any third party. We do not share your data with third parties for their own marketing purposes. We may disclose data if required to do so by law, regulation, or court order, or to protect our rights or the safety of others.

8. International data transfers

Some of the third-party services we use are based in the United States. Where personal data is transferred outside the United Kingdom, we ensure that appropriate safeguards are in place, including:

  • Transfers to countries with an adequacy decision from the UK Secretary of State
  • Transfers to organisations certified under the UK Extension to the EU-US Data Privacy Framework
  • Standard contractual clauses approved by the UK Information Commissioner's Office (ICO)

9. Data retention

  • Creator profile data — retained for as long as the profile is listed in our directory. Profiles may be removed upon request or at our discretion. Upon removal, the data is permanently deleted from our database.
  • Analytics data — retained for 14 months in Google Analytics, after which it is automatically deleted. We do not export or store analytics data separately.
  • Server logs — standard web server access logs are retained for up to 30 days for security and debugging purposes, then automatically deleted.

10. Data security

We take reasonable technical and organisational measures to protect the data we hold, including:

  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Access controls restricting database access to authorised personnel only
  • Regular software updates and security patches
  • Hosting on infrastructure with enterprise-grade physical and network security

No method of transmission over the internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.

11. Your rights under UK GDPR

Under the UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

  • Right of access (Article 15) — You have the right to request a copy of the personal data we hold about you.
  • Right to rectification (Article 16) — You have the right to request that we correct any inaccurate or incomplete personal data.
  • Right to erasure (Article 17) — You have the right to request that we delete your personal data, subject to certain legal exceptions.
  • Right to restriction of processing (Article 18) — You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to data portability (Article 20) — You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object (Article 21) — You have the right to object to the processing of your personal data where we rely on legitimate interests as the lawful basis. You also have the right to object to processing for direct marketing purposes at any time.
  • Right to withdraw consent — Where we rely on your consent to process data (e.g. non-essential cookies), you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. In exceptional circumstances, this may be extended by a further two months, in which case we will inform you of the extension and the reasons for it.

We do not charge a fee for exercising your rights, except where requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request.

12. Children's privacy

The Site is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe that a child under 16 has provided personal data to us, please contact us at [email protected] and we will take steps to delete that information.

13. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last updated" date at the top of this page indicates when this policy was last revised.

We encourage you to review this policy periodically. Your continued use of the Site after any changes constitutes your acceptance of the revised policy.

If we make material changes that significantly affect how we process your personal data, we will make reasonable efforts to notify you (for example, by displaying a prominent notice on the Site).

14. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk/make-a-complaint

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first at [email protected].

15. Contact us

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

The App Agency Ltd
Email: [email protected]
Website: theapp.agency