Data Policy, Privacy & Security
Last updated: April 20, 2026
1. What GoByline Is
GoByline is a B2B creator intelligence platform. We help marketing teams discover and evaluate B2B content creators for partnership and sponsorship opportunities. GoByline operates as a Claude MCP (Model Context Protocol) connector.
2. What Data We Collect
Creator data: GoByline indexes publicly available information about B2B creators, including names, public bios, social media handles and profile URLs, follower and subscriber counts, topics they cover, and publicly listed contact information. All creator data comes from publicly accessible sources. We do not scrape private or access-restricted data.
User data: When you sign up, we collect your email address and name via Google OAuth. We store your plan type, search history (query parameters only), and billing information. Payment processing is handled by Stripe — we never store credit card numbers.
Usage data: We log search queries, API calls, and feature usage for rate limiting, quota enforcement, and product improvement.
3. How We Use Data
Creator data is used solely to power search results within the GoByline platform. We do not sell creator data to third parties. We do not use creator data for advertising. User search queries are logged for rate limiting, usage tracking, and product improvement.
4. Creator Data Rights
Creators can request removal of their profile at any time by emailing [email protected]. We process removal requests within 48 hours. Creators can also claim and update their profile by verifying their identity.
5. Cookies & Local Storage
MCP Connector: GoByline's Claude MCP connector does not use cookies. Authentication is handled via OAuth 2.0 tokens in HTTP headers.
Website (gobyline.com): The website uses Supabase Auth which sets a session cookie for logged-in users. This cookie is essential for maintaining your session and is not used for tracking. We do not use third-party analytics cookies, advertising cookies, or tracking pixels.
Local Storage: The website may store authentication tokens in browser local storage for session persistence. This data is cleared when you sign out.
6. Security Measures
Encryption: All connections use HTTPS with TLS 1.2+ encryption.
Database: Row-Level Security (RLS) enabled on all tables. Anonymous queries blocked.
Authentication: OAuth 2.0 with PKCE. API keys use SHA-256 hashing.
Secrets: Stored in Supabase Vault and Cloudflare Workers encrypted secrets.
Rate limiting: Authentication: 5 attempts/min. API: 60 calls/min. Tokens: 10 requests/min.
Access control: Only authenticated, production-necessary functions are deployed.
7. Data Storage & Processing
All data is stored and processed in the United States via Supabase (AWS us-west-2), Cloudflare Workers (global edge), and Stripe (payment processing).
8. Data Retention
User accounts are retained while active. Search logs are retained for 12 months. Creator profiles are updated periodically and removed upon request. Payment records are retained as required by law.
9. Third-Party Services
Supabase — Database and authentication. Cloudflare — API hosting and CDN. Stripe — Payment processing. Google — OAuth authentication. Each has its own privacy policy.
10. Children's Privacy
GoByline is a B2B professional tool not directed at children under 13. We do not knowingly collect data from children.
11. International Data Transfers
Data is processed in the United States. By using GoByline, you consent to this transfer. We comply with GDPR and CCPA.
12. Your Rights (GDPR & CCPA)
You may have the right to access, correct, delete, restrict, or port your data. Email [email protected] to exercise these rights. We respond within 30 days. GoByline does not sell personal information.
13. Changes to This Policy
We may update this policy. Changes will be posted here with an updated date.
14. Contact
Privacy: [email protected]
Support: [email protected]