Privacy Policy

Legal documents governing wora.media's platform, your data, and your rights as a user or brand.

Privacy Policy Terms of Service Data Deletion Creator Agreement
Effective: June 10, 2026 Applies to: wora.media and dashboard.wora.media Jurisdiction: India (IT Act, 2000 / DPDP Act)

1. Overview

wora.media ("we", "us", "our") is an affiliate video marketing platform operated as a sole proprietorship in India. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you use our website, dashboard, or connect your social media accounts to our platform.

This policy complies with Meta's Platform Terms, Instagram's Graph API requirements, YouTube's API Services User Data Policy, India's Digital Personal Data Protection Act (DPDP) 2023, and applicable provisions of the IT Act 2000.

By using wora.media, you agree to the collection and use of data as described here. If you disagree, please do not use the platform.

2. Data We Collect

2.1 Account data

When you register, we collect: name, email address, mobile number (for OTP verification), UPI ID or bank details (creators only), GSTIN (brands only), and account type (creator or brand).

2.2 Social media data (Instagram / YouTube)

When you connect your Instagram or YouTube account via OAuth, we access the following data only with your explicit consent:

PlatformData accessedPurpose
InstagramUser profile (ID, name, username), media list, view counts on individual posts, comments, direct messagesVerify posted content, track view milestones for payouts, reply to comments, and manage customer relations
YouTubeChannel ID, video list, view counts on individual videos, commentsVerify posted content, track view milestones for payouts, reply to comments, and manage customer relations

We access this data via official Meta Graph API and YouTube Data API v3 only. We do not scrape, spider, or crawl social media platforms.

2.3 Payment data

Brand deposits and creator payouts are processed by Cashfree Payments, a PCI-DSS compliant payment processor. We store only transaction IDs, amounts, and status — not raw card or banking credentials.

2.4 Usage and technical data

We collect IP addresses, browser type, device identifiers, pages visited, and actions taken on the platform. This data is used for security, fraud prevention, and improving the platform.

2.5 Uploaded content

Brands upload raw video footage to Firebase Storage. We process this footage using Google Cloud Vertex AI Video Intelligence solely to verify that creator-posted videos contain brand footage (perceptual hash matching).

3. How We Use Your Data

  • To operate the platform, match creators to campaigns, and process payouts
  • To verify that posted videos contain the brand's original footage
  • To track view milestones and trigger automated payout events
  • To comply with TDS deduction obligations under Section 194O of the Income Tax Act
  • To detect and prevent fraud, spam, or policy violations
  • To communicate updates, payment receipts, and support responses
  • To access messages and comments for replying to comments and managing customer relations
  • To improve platform features and user experience

We process Instagram and YouTube platform data only for the purposes explicitly listed above. We do not sell, license, or use platform data for advertising or profiling unrelated to our core service.

4. Data Sharing and Third Parties

We share data only with the following third-party services required to operate the platform:

ServicePurposeData shared
Google FirebaseDatabase, authentication, hostingUser accounts, campaign data
Google Cloud (Vertex AI)Video verificationUploaded brand footage, creator video frames
Cashfree PaymentsPayment processing & creator payoutsTransaction amounts, UPI IDs
Meta (Instagram Graph API)Social media OAuthAccess tokens (stored securely per OAuth 2.0)
YouTube (Data API v3)Social media OAuthAccess tokens (stored securely per OAuth 2.0)

We do not allow third parties to serve advertisements or place tracking cookies via wora.media. We do not share personal data with data brokers.

5. Data Retention

We retain different categories of data for different periods:

  • Account data: Retained while your account is active. Deleted within 30 days of account closure, except where retention is required for tax or legal compliance.
  • Instagram / YouTube tokens and media data: Access tokens are refreshed periodically and revoked immediately upon account disconnection. Cached view counts are retained for 12 months for audit purposes, then deleted.
  • Payment records: Retained for 7 years as required under Indian accounting and tax law.
  • Uploaded brand footage: Retained while the campaign is active. Deleted within 60 days of campaign closure or upon brand request.

6. Your Rights

Under India's DPDP Act 2023, you have the following rights:

  • Access: Request a copy of all personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Erasure: Request deletion of your data (subject to legal retention requirements). See our Data Deletion page for instructions.
  • Withdraw consent: Disconnect your Instagram or YouTube account at any time from your dashboard. This immediately revokes our access to your social media data.
  • Grievance: File a grievance with our Grievance Officer (contact below).

To exercise any of these rights, email us at privacy@wora.media. We will respond within 30 days.

7. Instagram API Compliance

wora.media uses Meta's Instagram Graph API in accordance with Meta's Platform Terms. We commit to the following:

  • We only request permissions necessary for our core service (content verification and view tracking).
  • We do not use Instagram data to build profiles unrelated to our service, or to target advertising.
  • We do not sell or transfer Instagram platform data to third parties.
  • We do not use Instagram platform data to make decisions about user eligibility for credit, insurance, or employment.
  • We store access tokens securely using Firebase Auth and encrypt sensitive fields at rest.
  • Users may disconnect their Instagram account at any time, which immediately terminates our access.
  • We retain all versions of this privacy policy as required by Meta Platform Terms.
Instagram users: you may review and revoke wora.media's access to your Instagram account at any time by visiting Settings → Apps and Websites on Instagram.

8. Security

We implement industry-standard security measures including Firebase Security Rules for all data access, TLS encryption for all data in transit, OAuth 2.0 for all social media integrations (no password storage), Cashfree Payments PCI-DSS compliance for payment data, and phone OTP as primary authentication.

In the event of a data breach that affects your rights, we will notify affected users within 72 hours of becoming aware of the breach.

9. Contact & Grievance Officer

For privacy questions, data access requests, or to file a grievance under the DPDP Act:

Email
privacy@wora.media
Address
wora.media, Thiruvananthapuram, Kerala, India
Response time
Within 30 days

© 2026 wora.media. All rights reserved.  ·  Privacy Policy  ·  Terms of Service  ·  Data Deletion  ·  Creator Agreement  ·  privacy@wora.media