PURPLE MOSEA (3) Colin Lee 2 (2)

Privacy Policy

Last updated: February 21, 2026

Mosea Technologies Ltd. (“Mosea”, “we”, “us”, “our”) operates Mosea Brand Ambassador Reporting (the “Services”).

This Privacy Policy explains how we collect, use, disclose, and retain personal information when you use the Services, including when you connect Instagram or TikTok accounts.

1) Who uses the Services

The Services support brand ambassador programmes.

  • “Ambassador” means an invited independent contractor who connects social accounts and submits content for programme tracking.
  • “Brand Client” means a brand that engages Mosea to run reporting and moderation for a programme.

2) Information we collect

A. Information you provide

We collect:

  • Account information (name, email address, organisation, role)
  • Programme information (programme enrolment details, campaign identifiers, payout attributes you submit, and operational notes)
  • Communications (support requests, messages, and files you send to us)

B. Information from connected social accounts

#### Instagram (Instagram Login)

We support login through Instagram Login. When you connect an Instagram professional account, you authorise us to access data under these Meta permissions (scopes):

  • instagram_business_basic
  • instagram_business_manage_insights
  • public_profile

We process Instagram data you authorise, including:

  • Professional account identifiers and profile details (such as account ID, username, profile image, bio, website link, and category)
  • Media and related metadata (such as media IDs, captions, timestamps, and permalinks)
  • Insights and performance metrics for the account and media (such as reach, impressions, engagement, and other available metrics)

#### TikTok

When you connect a TikTok account, you authorise us to access data under these TikTok scopes:

  • user.info.basic
  • user.info.profile
  • user.info.stats
  • video.list

We process TikTok data you authorise, including:

  • Basic identifiers and profile details (such as open_id and display name)
  • Profile information (such as avatar, bio, and other profile fields you authorise)
  • Account statistics (such as follower count, following count, likes count, and video count)
  • A list of your public videos and related metadata used for reporting and analytics

C. Tokens and connection metadata

When you connect Instagram or TikTok, we collect and store access tokens and related connection metadata to keep your account connected and to retrieve the data you authorise.

D. Information we collect automatically

We collect:

  • Log and usage data (IP address, timestamps, pages viewed, actions taken, and error logs)
  • Device and browser data (device type, operating system, and browser type)
  • Cookie data on our website where applicable

3) How we use information

We use personal information to:

  • Provide, operate, maintain, and improve the Services
  • Authenticate users and manage accounts
  • Connect social accounts and retrieve the content and metrics you authorise
  • Moderate and review content for programme compliance and brand suitability
  • Generate programme reporting, analytics, and dashboards for Brand Clients
  • Support compensation tracking and payout reporting workflows based on programme rules
  • Provide support and communicate service-related notices
  • Prevent fraud, abuse, and unauthorised access
  • Meet legal and regulatory obligations

4) How we disclose information

A. Service providers

We disclose information to service providers that support our operations (hosting, analytics, monitoring, and customer support tools). We require service providers to use information only to deliver services to us.

B. Brand Clients

We disclose programme reporting and analysis to Brand Clients for programmes you join or work on.

We may disclose:

  • Aggregated reporting for programme performance
  • Ambassador-level reporting when the programme requires it for verification, performance measurement, compliance, and compensation tracking

C. Legal, safety, and rights

We disclose information when the law requires disclosure, or when we need to protect the rights, safety, and security of users, Brand Clients, Mosea, and the public.

D. Corporate transactions

We may disclose information in connection with a merger, acquisition, financing, reorganisation, or sale of assets. We will apply appropriate safeguards during these events.

5) Data retention

We retain information for the period needed to provide the Services and meet legal, security, and operational requirements.

We apply these retention triggers:

  • Active account: we retain account and programme data while you keep an active account.
  • Social account disconnect: we stop new data retrieval for that account after disconnection.
  • Account closure or deletion request: we delete or anonymise personal information after we verify a deletion request or close an account, subject to legal and security requirements.
  • Backups and security logs: we retain backups and security logs for limited periods to support reliability and security, then we delete them on our normal rotation.

6) Your choices and controls

A. Access, correction, and deletion

You can request access, correction, or deletion of your personal information by contacting us at hello@mosea.io or by using our Data Deletion Request form.

B. Disconnect and revoke access

You can disconnect Instagram and TikTok accounts inside the Services. You can also revoke our access through your Instagram or TikTok account settings for authorised apps.

7) Data deletion process

A. Data Deletion Request form

Our data deletion page includes this heading:

Data Deletion Request

Submit a request to delete your data associated with Mosea Brand Ambassador Reporting.

B. How to request deletion

You can request deletion by:

  • Submitting the Data Deletion Request form in the Services, or
  • Emailing hello@mosea.io with the subject line “Data Deletion Request”

Include your account email and any connected account handles you want us to locate.

C. What we delete

After we verify your request, we delete or anonymise personal information associated with your Mosea account and connected social accounts, and we remove stored access tokens for those connections. We may retain limited records when we need them for legal compliance, security, and fraud prevention.

D. Completion timeline

We aim to complete verified deletion requests within 30 days.

8) Security

We use administrative, technical, and physical safeguards designed to protect personal information. We limit access based on job responsibilities.

9) International transfers

We may process and store information in Canada, the United States, and other locations where we or our service providers operate.

10) Children

The Services target businesses and adult ambassadors. We do not knowingly collect personal information from children under 13.

11) Changes to this policy

We may update this policy from time to time. We update the “Last updated” date when we post changes.

12) Contact

Mosea Technologies Ltd.

Email: hello@mosea.io

Privacy Policy: https://www.mosea.io/privacy

Terms of Service: https://www.mosea.io/terms