GDPR & CCPA Compliance

Your privacy rights matter. Learn how we protect your data and comply with global privacy regulations.

Last Updated: February 13, 2026

Your Rights at a Glance

Access Your Data
Request a copy of all your personal information
Delete Your Data
Request permanent deletion of your information
Correct Your Data
Update inaccurate or incomplete information
Opt-Out
Control how we use your data for marketing

Quick Navigation

1. Introduction2. GDPR Compliance (European Users)3. CCPA Compliance (California Residents)4. How to Submit Data Requests5. Identity Verification6. Data Retention & Deletion7. International Data Transfers8. Third-Party Data Sharing9. Security Measures10. Cookies & Tracking11. Children's Privacy12. Supervisory Authorities13. Updates to This Page14. Contact Us

1. Introduction

GetAffiliated, operated by HubtersAI LLC, is committed to protecting your privacy and complying with global data protection regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

This Compliance page explains your rights under these regulations and how we fulfill our obligations to protect your personal data.

For detailed information about how we collect and use data, please see our Privacy Policy.

2. GDPR Compliance (European Users)

The GDPR applies to individuals in the European Economic Area (EEA), United Kingdom, and Switzerland. We are committed to full compliance with GDPR requirements.

Legal Basis for Processing

  • • Consent: We process your data based on your explicit consent for marketing communications and optional features.
  • • Contract Performance: Processing necessary to provide our affiliate marketing platform services.
  • • Legitimate Interests: Fraud prevention, platform security, and service improvement.
  • • Legal Obligations: Compliance with tax laws, financial regulations, and legal requirements.

Your GDPR Rights

  • • Right to Access: Request a copy of all personal data we hold about you.
  • • Right to Rectification: Correct inaccurate or incomplete personal data.
  • • Right to Erasure ('Right to be Forgotten'): Request deletion of your personal data under certain conditions.
  • • Right to Restrict Processing: Limit how we use your data in specific circumstances.
  • • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • • Right to Object: Object to processing based on legitimate interests or for direct marketing.
  • • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
  • • Right to Lodge a Complaint: File a complaint with your local data protection authority.

Data Protection Officer

  • • Contact: [email protected]
  • • Subject Line: 'GDPR - Data Protection Officer'
  • • Response Time: Within 30 days of request

3. CCPA Compliance (California Residents)

The California Consumer Privacy Act (CCPA) provides California residents with specific rights regarding their personal information. We are committed to honoring these rights.

Your CCPA Rights

  • • Right to Know: Request disclosure of personal information we collect, use, disclose, and sell.
  • • Right to Delete: Request deletion of personal information we have collected from you.
  • • Right to Opt-Out: Opt-out of the sale of your personal information (Note: We do not sell personal information).
  • • Right to Non-Discrimination: Exercise your CCPA rights without discriminatory treatment.
  • • Right to Correct: Request correction of inaccurate personal information.

Categories of Personal Information We Collect

  • • Identifiers: Name, email address, username, IP address
  • • Commercial Information: Transaction history, commission records, campaign participation
  • • Internet Activity: Browsing history on our platform, interaction with campaigns
  • • Professional Information: Business details for Founders, social media metrics for Influencers
  • • Financial Information: Payment information, bank account details for payouts

How to Exercise Your CCPA Rights

  • • Email: [email protected] with subject 'California Privacy Request'
  • • Verification: We will verify your identity before processing requests
  • • Authorized Agent: You may designate an authorized agent to make requests on your behalf
  • • Response Time: Within 45 days of verified request (may extend by 45 days if necessary)

4. How to Submit Data Requests

We make it easy for you to exercise your data protection rights. Here's how to submit various types of requests:

Access Request (View Your Data)

  • • Email: [email protected]
  • • Subject: 'Data Access Request'
  • • Include: Your full name, email address, and account username
  • • We will provide: A comprehensive report of all personal data we hold about you
  • • Format: PDF or structured data file (CSV/JSON)
  • • Timeline: Within 30 days (GDPR) or 45 days (CCPA)

Deletion Request (Delete Your Data)

  • • Email: [email protected]
  • • Subject: 'Data Deletion Request' or 'Right to be Forgotten'
  • • Include: Your full name, email address, and account username
  • • Note: Some data may be retained for legal compliance (tax records, transaction history)
  • • Effect: Account will be permanently closed, pending commissions will be processed
  • • Timeline: Within 30 days (GDPR) or 45 days (CCPA)

Correction Request (Update Your Data)

  • • Email: [email protected]
  • • Subject: 'Data Correction Request'
  • • Include: Specific data to be corrected and accurate replacement information
  • • Note: Some corrections can be made directly in your account settings
  • • Timeline: Within 30 days

Portability Request (Export Your Data)

  • • Email: [email protected]
  • • Subject: 'Data Portability Request'
  • • We will provide: Your data in CSV or JSON format
  • • Includes: Profile data, campaign history, commission records, content submissions
  • • Timeline: Within 30 days

Objection/Restriction Request

  • • Email: [email protected]
  • • Subject: 'Processing Objection' or 'Restrict Processing'
  • • Specify: Which processing activities you object to or wish to restrict
  • • Timeline: Within 30 days

5. Identity Verification

To protect your privacy and prevent unauthorized access to your data, we verify your identity before processing data requests.

Verification Process

  • • Email Verification: We send a verification link to your registered email address
  • • Account Information: We may ask you to provide information that matches our records
  • • Two-Factor Authentication: If enabled on your account, we may require 2FA verification
  • • Authorized Agents: Must provide written authorization from the consumer

What We Need to Verify

  • • Full name associated with the account
  • • Email address registered on the account
  • • Username or account ID
  • • Additional information to match our records (e.g., last campaign joined, recent transaction)

6. Data Retention & Deletion

We retain personal data only as long as necessary for the purposes outlined in our Privacy Policy and to comply with legal obligations.

Retention Periods

  • • Active Accounts: Data retained while account is active and for legitimate business purposes
  • • Closed Accounts: Most data deleted within 90 days of account closure
  • • Transaction Records: Retained for 7 years for tax and legal compliance
  • • Marketing Data: Deleted immediately upon unsubscribe or opt-out
  • • Backup Systems: Data in backups deleted according to backup retention schedule (90 days)

Exceptions to Deletion

  • • Legal Requirements: Data required for tax, accounting, or legal compliance
  • • Fraud Prevention: Data necessary to prevent fraud or enforce our Terms of Service
  • • Pending Disputes: Data related to ongoing disputes or legal proceedings
  • • Aggregated Data: Anonymous, aggregated data used for analytics (cannot identify individuals)

7. International Data Transfers

GetAffiliated operates globally, and your data may be transferred to and processed in countries outside your residence.

Transfer Safeguards

  • • Standard Contractual Clauses: We use EU-approved Standard Contractual Clauses for transfers outside the EEA
  • • Adequacy Decisions: We transfer data to countries with adequacy decisions from the European Commission
  • • Data Processing Agreements: All third-party processors sign data processing agreements
  • • Security Measures: Encryption and security measures protect data during transfer

Where We Transfer Data

  • • United States: Our primary servers and operations (HubtersAI LLC is based in Delaware)
  • • Cloud Providers: AWS, Cloudflare (with appropriate safeguards)
  • • Payment Processors: Stripe, PayPal (for payment processing)
  • • Analytics Services: Google Analytics (with IP anonymization)

8. Third-Party Data Sharing

We do not sell your personal information. We only share data with third parties as necessary to provide our services.

Service Providers We Share With

  • • Payment Processors: Stripe, PayPal (for processing payments and payouts)
  • • Cloud Infrastructure: Cloudflare (hosting and CDN)
  • • Email Services: For transactional and marketing emails (with your consent)
  • • Analytics: Google Analytics (with IP anonymization and data processing agreement)
  • • Customer Support: Support ticket systems (only data necessary for support)

Data Sharing Controls

  • • Data Processing Agreements: All service providers sign DPAs
  • • Minimum Necessary: We only share data necessary for the specific service
  • • Security Requirements: All providers must meet our security standards
  • • Regular Audits: We regularly review third-party compliance

We Do NOT Sell Data

  • • No Sale of Personal Information: We do not sell, rent, or trade your personal information
  • • No Data Brokers: We do not share data with data brokers or advertisers
  • • Opt-Out Not Required: Since we don't sell data, no opt-out is necessary

9. Security Measures

We implement comprehensive technical and organizational measures to protect your personal data. For detailed information on our security infrastructure, please refer to our Privacy Policy (Section 7).

Security Highlights

  • • Encryption: Industry-standard encryption for data in transit and at rest.
  • • Access Controls: Strict role-based access and authentication protocols.
  • • Monitoring: 24/7 security monitoring and incident response.
  • • Compliance: Regular security audits and updates to maintain data integrity.

10. Cookies & Tracking

We use cookies and similar tracking technologies to enhance your experience. For a complete list of cookies used and detailed management instructions, please refer to our Privacy Policy (Section 10).

Summary

  • • We use essential cookies for platform functionality.
  • • We use analytics cookies to improve our services.
  • • You can control cookies through your browser settings or account preferences.

11. Children's Privacy

GetAffiliated is not intended for users under 18 years of age. We do not knowingly collect data from children.

Age Restrictions

  • • Minimum Age: Users must be 18 years or older
  • • Age Verification: We require age confirmation during registration
  • • Parental Rights: Parents can request deletion of child's data if collected inadvertently

If We Discover Child Data

  • • Immediate Action: We delete data immediately upon discovery
  • • Account Closure: Account is permanently closed
  • • Parental Notification: We attempt to notify parents/guardians
  • • Report: Contact [email protected] if you believe we have child data

12. Supervisory Authorities

If you are not satisfied with our response to your data protection request, you have the right to lodge a complaint with a supervisory authority.

GDPR - European Data Protection Authorities

  • • Right to Complain: You can file a complaint with your local data protection authority
  • • Lead Authority: Our lead supervisory authority is determined by our main establishment in the EU (if applicable)
  • • Find Your Authority: Visit https://edpb.europa.eu/about-edpb/board/members_en

CCPA - California Attorney General

  • • California AG: California Attorney General's Office
  • • Website: https://oag.ca.gov/privacy
  • • Right to Sue: California residents may have right to sue for certain data breaches

13. Updates to This Page

We may update this Compliance page to reflect changes in regulations or our practices.

How We Notify You

  • • Email Notification: Material changes notified via email
  • • Platform Notice: Notice displayed on platform for 30 days
  • • Effective Date: Changes effective 30 days after notification
  • • Review Regularly: We encourage you to review this page periodically

14. Contact Us

For any questions about data protection, privacy, or to exercise your rights, please contact us:

Contact Information

Company Information

  • • Legal Name: HubtersAI LLC
  • • Jurisdiction: Delaware, United States
  • • Website: www.getaffiliated.net

Questions About Your Privacy Rights?

We're here to help you exercise your data protection rights.

Contact Us[email protected]

Important Notice

This Compliance page should be read in conjunction with our Privacy Policy and Terms of Service. For detailed information about data collection and use, please refer to our Privacy Policy. By using GetAffiliated, you acknowledge that you understand your privacy rights under GDPR and CCPA.

© 2026 HubtersAI LLC. All rights reserved.

Terms of ServicePrivacy PolicyGDPR & CCPA Compliance

    GetAffiliated.net | The Leading AI-Driven Affiliate Marketplace for Vibe Coders