Privacy Policy

Last Updated: December 16, 2025

AffiliateBase ("we," "our," or "us") provides affiliate tracking and commission management software. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

1.1 Account Information

Organization Administrators and Team Members:

  • Email address
  • Name (first and last)
  • Organization name and details
  • Stripe Connect account information (account ID, OAuth tokens)
  • Role within the organization (owner, admin, member)

Affiliates:

  • Email address
  • Name (first and last)
  • Payment information (PayPal email, bank details, or Stripe Connect account for payouts)
  • Tax form information (W-9/W-8 status, if applicable)
  • Profile information you choose to provide

1.2 Tracking and Referral Data

When visitors click affiliate referral links or use promo codes on websites using our tracking script, we collect:

  • Device Information: Browser type, operating system, device type (desktop/mobile/tablet)
  • Network Information: IP address (hashed for fraud detection)
  • Browsing Information: Referring URL, page URL, page title
  • Tracking Identifiers: Visitor ID (randomly generated), referral ID, affiliate token

1.3 Transaction Data

When integrated with payment processors (Stripe), we receive:

  • Customer email and name (as provided to the payment processor)
  • Transaction amounts and dates
  • Subscription and invoice details
  • Coupon/promo code usage
  • Refund information

1.4 Automatically Collected Information

  • Log data (access times, pages viewed, errors)
  • Device identifiers
  • Authentication events

2. How We Use Your Information

We use collected information to:

  • Provide the Service: Track referrals, calculate commissions, process payouts
  • Attribution: Determine which affiliate referred which customer
  • Fraud Prevention: Detect suspicious patterns, self-referrals, and invalid clicks
  • Communication: Send transactional emails (commission notifications, payout confirmations, invitation emails)
  • Support: Respond to inquiries and provide customer service
  • Improvement: Analyze usage patterns to improve our service
  • Legal Compliance: Meet regulatory requirements and enforce our terms

3. Cookies and Tracking Technologies

3.1 Cookies We Use

Cookie Name Purpose Duration Type
ab_referral Stores referral attribution data (referral ID, affiliate info, campaign info) Configurable (default 60 days) First-party

3.2 Local Storage

We use browser localStorage (ab_attribution) as a backup for tracking data in case cookies are blocked.

3.3 Cookie Control

Our tracking script is installed by our customers on their websites. If you wish to disable referral tracking cookies, you can:

  • Adjust your browser settings to block cookies
  • Use browser extensions that block tracking scripts
  • Contact the website owner directly

4. Information Sharing and Disclosure

4.1 With Organizations (Our Customers)

We share affiliate and referral data with the organizations that use our platform, including:

  • Affiliate performance metrics (clicks, conversions, commissions)
  • Customer attribution (which affiliate referred which customer)
  • Commission and payout records

4.2 With Affiliates

Affiliates can view:

  • Their own referral and commission data
  • Customer information (if enabled by the organization)
  • Payout history

4.3 Service Providers

We share data with service providers who assist in operating our service:

  • Stripe: Payment processing and OAuth authentication
  • Supabase: Database hosting and authentication
  • Email Service Providers: Transactional email delivery

4.4 Legal Requirements

We may disclose information if required by law, legal process, or government request, or to protect our rights, privacy, safety, or property.

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred to the acquiring entity.

5. Data Retention

We retain data as follows:

  • Account Data: Until account deletion, plus any legally required retention period
  • Referral/Tracking Data: Based on organization settings (typically 60-365 days after last activity)
  • Commission Records: 7 years for tax and legal compliance
  • Webhook Events: 90 days for debugging and reconciliation

6. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS/HTTPS)
  • Encryption at rest for sensitive data
  • OAuth 2.0 for Stripe integration (no permanent credential storage)
  • Automatic token refresh and expiration
  • Row-level security policies in our database
  • Regular security audits

7. Your Rights and Choices

Depending on your location, you may have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal data
  • Portability: Receive your data in a portable format
  • Objection: Object to certain processing activities
  • Withdrawal: Withdraw consent where processing is based on consent

To exercise these rights, contact us at support@affiliatebase.com.

8. International Data Transfers

Our services are hosted in the United States. If you access our service from outside the US, your information may be transferred to and processed in the US, which may have different data protection laws than your country.

9. Children's Privacy

Our service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it.

10. Third-Party Links and Integrations

Our service integrates with third-party services (Stripe, payment processors). These services have their own privacy policies, and we encourage you to review them.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date.

12. Contact Us

If you have questions about this Privacy Policy, contact us at:

AffiliateBase
Email: support@affiliatebase.com

For California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected
  • Right to know whether personal information is sold or disclosed
  • Right to opt-out of the sale of personal information
  • Right to equal service and price

We do not sell personal information. To exercise your rights, contact support@affiliatebase.com.

For European Residents (GDPR)

If you are in the European Economic Area, our legal bases for processing are:

  • Contract: Processing necessary to provide our services
  • Legitimate Interest: Fraud prevention, service improvement, analytics
  • Consent: Marketing communications (where applicable)
  • Legal Obligation: Tax records, legal compliance

You may contact your local data protection authority if you have concerns about our data practices.