Legal

Privacy Policy

This Privacy Policy explains how Viralyads (operated by Blackie Networks) collects, uses, shares, and protects your personal information when you use our platform.

Effective date: 12 May 2026·Last updated: 12 May 2026

1. Overview

Viralyads is Africa's first distributed creator advertising network — a platform that connects African content creators with brands seeking authentic, verified social media promotion. The platform operates under Blackie Networks, a technology company building creator-economy infrastructure across Africa.

We take your privacy seriously. This policy describes our practices regarding the collection and use of personal information in connection with the Viralyads website at viralyads.com and all associated mobile and web applications (collectively, the "Platform"). By accessing or using the Platform, you agree to the practices described in this Privacy Policy.

Plain-language summary: We collect only what we need to run the platform, pay creators, and prevent fraud. We do not sell your personal data. Ever.

2. Who We Are

The data controller for purposes of this Privacy Policy is:

Company: Blackie Networks
Platform: Viralyads (viralyads.com)

References to "Viralyads", "we", "us", or "our" in this policy refer to Blackie Networks operating under the Viralyads brand.

3. Data We Collect

We collect different categories of information depending on whether you use Viralyads as a creator or as a brand/client.

3.1 Information You Provide

CategoryExamplesWho
Account credentialsEmail address, password (hashed)Creators & Brands
Profile informationDisplay handle, country, phone numberCreators
Payment informationPayPal email address, M-Pesa phone numberCreators
Business informationBusiness name, website URL, industry, KRA PINBrands
Campaign contentPost URLs, screenshot uploads, video linksCreators
Billing detailsBilling address, payment references, invoice dataBrands
CommunicationsSupport emails, in-app messages, feedback formsAll users

3.2 Information Collected Automatically

  • IP address and approximate geolocation (country/region level)
  • Device type, operating system, and browser type
  • Pages visited, time spent on pages, clickstream data
  • Referral URLs and campaign tracking parameters
  • Session identifiers and authentication tokens (stored as secure HTTP-only cookies)
  • Website visit logs when creators visit brand websites as part of campaign verification

3.3 Information from Third Parties

  • If you sign in with Google OAuth, we receive your name and email address from Google
  • Payment processors (Stripe, PayPal, Paystack, M-Pesa Daraja) may share transaction confirmation references with us
  • AI verification services may return metadata about submitted screenshots and social media posts

4. How We Use Your Data

We process your personal data only for the purposes listed below and rely on one of the following legal bases: contract performance (processing necessary to provide the service), legitimate interests (fraud prevention, security), or consent where explicitly requested.

Providing the Platform

Creating and managing your account, enabling slot reservation, processing campaign submissions, and releasing payouts to creators via PayPal or M-Pesa.

Payment Processing & Escrow

Holding client funds in escrow, verifying campaign completion, and disbursing creator payouts. We retain financial transaction records as required by applicable financial regulations.

AI-Powered Post Verification

Analysing creator-submitted screenshots and post URLs to verify that content meets campaign requirements and that posts remain live for the required duration. Screenshots are processed by AI but not used to train third-party AI models.

Fraud Detection & Platform Security

Identifying suspicious activity such as fake screenshots, duplicate accounts, slot manipulation, or payment fraud. We use IP data, device fingerprints, and behavioural patterns solely to keep the platform safe.

Communications

Sending transactional emails (payout confirmations, slot reminders, password resets), SMS alerts, and push notifications. Marketing communications are only sent where you have opted in.

Analytics & Improvement

Understanding how users navigate the platform, which features are used, and where friction exists. This data is aggregated and anonymised where possible.

Legal Compliance

Meeting obligations under applicable laws including anti-money laundering (AML) requirements, tax reporting, and responding to lawful requests from regulators or courts.

5. Data Sharing

We do not sell your personal data. We share it only in the following limited circumstances:

Between Creators and Brands — limited disclosure only

When a creator claims a campaign slot, the brand receives the creator's public handle and submission data (post URL, screenshot). The creator's full name, email, phone number, and payment details are never shared with brands.

Service Providers (processors)

We share data with carefully vetted sub-processors who help us operate the platform (see Section 6). These providers are contractually bound to process data only on our instructions and to maintain appropriate security standards.

Legal Obligations

We may disclose personal data to law enforcement, regulators, or courts when required by applicable law, or when necessary to protect the rights, property, or safety of Blackie Networks, our users, or the public.

Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business, personal data may be transferred to the acquiring entity. We will notify users before such a transfer takes place where required by law.

With Your Consent

We may share your data for other purposes if you have given us explicit consent to do so.

6. Third-Party Services

Viralyads integrates with the following third-party services. Each has its own privacy policy.

ServicePurposeData Shared
StripeCard payments from brandsPayment card data (processed directly by Stripe)
M-Pesa Daraja (Safaricom)Mobile money payments & creator payouts in KenyaPhone number, transaction reference
PayPalCreator payout disbursementCreator PayPal email, payout amount
PaystackBank transfer creator payoutsCreator bank details, transfer code
Brevo (formerly Sendinblue)Transactional email deliveryEmail address, name, template variables
Google (Firebase / OAuth)Optional sign-in, push notificationsEmail, name (if Google sign-in used)
Anthropic Claude AIScreenshot & post verificationImage hashes, post metadata (not PII)
Amazon Web Services (S3)Screenshot & proof-of-post storageUploaded screenshot files
RedisSession & rate-limit cachingSession tokens (no PII)

7. Cookies & Tracking

We use cookies and similar technologies to keep you signed in, secure your session, and understand how users navigate the platform.

creator_at / creator_rtStrictly necessaryTTL: 15 min / 30 days

Creator authentication access & refresh tokens. HTTP-only, secure.

client_at / client_rtStrictly necessaryTTL: 15 min / 30 days

Brand/client authentication tokens. HTTP-only, secure.

CSRF tokenStrictly necessaryTTL: Session

Protects against cross-site request forgery attacks.

Analytics cookiesAnalytics (optional)TTL: 90 days

Aggregated usage statistics. No cross-site tracking.

You can control cookies through your browser settings. Disabling strictly necessary cookies will prevent you from using authenticated features of the platform.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy, subject to legal obligations.

Data TypeRetention Period
Active account dataFor the lifetime of your account
Campaign & submission records3 years after campaign completion (financial audit trail)
Payout & transaction records7 years (tax and AML compliance)
Screenshot uploads (S3)180 days after campaign settlement
IP / access logs90 days
Deleted account dataAnonymised within 30 days; financial records retained 7 years
Password reset tokens1 hour from issuance (auto-expired)

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access

Request a copy of the personal data we hold about you.

Rectification

Correct inaccurate or incomplete information in your profile.

Erasure

Request deletion of your account and associated data (subject to legal retention requirements).

Portability

Receive your data in a structured, machine-readable format.

Restriction

Request that we limit processing of your data in certain circumstances.

Object

Object to processing based on legitimate interests, including direct marketing.

Withdraw Consent

Where processing is based on consent, withdraw it at any time without affecting prior processing.

Lodge a Complaint

File a complaint with your local data protection authority.

To exercise any of these rights, email privacy@viralyads.com. We will respond within 30 days. We may need to verify your identity before processing your request.

10. Security

Blackie Networks implements industry-standard technical and organisational measures to protect your personal data:

  • All data transmitted via HTTPS/TLS 1.2+ encryption
  • Passwords stored using bcrypt hashing — never in plaintext
  • Authentication tokens are HTTP-only, SameSite=Lax cookies, inaccessible to JavaScript
  • Rate limiting and account lockout on authentication endpoints to prevent brute-force attacks
  • Escrow funds held in isolated accounts — not commingled with operational funds
  • S3 screenshot storage uses server-side encryption (AES-256)
  • Role-based access control: only authorised staff can access production data
  • Regular security audits and penetration testing

No system is 100% secure. If you discover a security vulnerability, please report it responsibly to security@viralyads.com.

11. Children's Privacy

Viralyads is not intended for, and does not knowingly collect personal data from, individuals under the age of 18. If you are under 18, please do not register on the platform. If we become aware that we have collected data from a minor, we will take immediate steps to delete it. Parents or guardians who believe their child's data has been collected should contact us at privacy@viralyads.com.

12. International Data Transfers

Viralyads operates primarily across Africa and processes data through servers and service providers that may be located in the United States, European Union, or other jurisdictions. Where we transfer personal data outside your country of residence, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) with EEA-based processors
  • Adequacy decisions where applicable
  • Data Processing Agreements (DPAs) with all sub-processors
  • Binding Corporate Rules where applicable

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Send an email notification to registered users
  • Display a prominent notice within the platform for 30 days

Continued use of the platform after the effective date of an updated policy constitutes acceptance of the changes.

14. Contact Us

For any questions, concerns, or requests related to this Privacy Policy or your personal data:

Blackie Networks — Privacy Team

Operating Viralyads (viralyads.com)

Privacy:privacy@viralyads.com
Support:support@viralyads.com
Security:security@viralyads.com

We aim to respond to all privacy requests within 30 days.

© 2026 Blackie Networks. All rights reserved. Operating as Viralyads.

Privacy PolicyTerms of ServiceHome