Privacy Policy

1. Information We Collect

1.1 Account Information

When you register for a publisher account on the Drapier, we collect your full name, email address, business name (if applicable), website URLs, mailing address, phone number, and tax identification information (W-9 or W-8BEN). Merchants who join the network provide similar business registration details.

1.2 Payment Details

To process commission payouts, we collect your preferred payment method, bank account details or PayPal email address, and any information required to comply with tax reporting obligations. Payment information is encrypted using industry-standard AES-256 encryption and stored in compliance with PCI-DSS requirements.

1.3 Tracking and Attribution Data

When consumers click affiliate links, we collect the click timestamp, referring URL, publisher identifier, destination URL, hashed IP address (SHA-256 — we never store raw IP addresses), user agent string, and a unique click identifier stored in a first-party cookie. This data is essential for attributing sales to the correct publisher and calculating commissions.

1.4 Usage Analytics

We automatically collect information about how you interact with the Drapier website and dashboard, including pages visited, features used, session duration, browser type and version, operating system, screen resolution, and referring website. This data helps us improve the platform experience.

1.5 Communications

When you contact us via email, support forms, or other channels, we retain the content of your messages, your contact information, and any attachments you provide.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Account Management: Creating and maintaining your publisher or merchant account, verifying your identity, and communicating account-related information.
• Commission Tracking: Attributing consumer purchases to the correct publisher, calculating commission amounts, managing the commission lifecycle (pending, approved, locked, payable, invoiced, paid), and processing payouts.
• Fraud Prevention: Detecting and preventing click fraud, cookie stuffing, unauthorized trademark bidding, incentivized traffic, and other forms of abuse that violate our Publisher Service Agreement.
• Platform Analytics: Understanding how publishers and merchants use the platform, identifying performance trends, and optimizing the user experience.
• Legal Compliance: Fulfilling our obligations under applicable tax laws, anti-money laundering regulations, and other legal requirements.
• Communications: Sending transactional emails (payout confirmations, commission updates), operational notices, and — with your consent — marketing communications about new features and network opportunities.

3. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Drapier Network. For a comprehensive list of cookies we use, their purposes, and duration, please see our Cookie Policy.

3.1 Essential Cookies

These cookies are necessary for the website to function. They include session authentication tokens and CSRF protection tokens. You cannot opt out of essential cookies as they are required for security and basic functionality.

3.2 Affiliate Tracking Cookies

When a consumer clicks an affiliate link, we set first-party cookies (icg_click and icg_publisher_id) with a 30-day duration. These cookies enable us to attribute a subsequent purchase to the publisher who referred the consumer. We also use server-side tracking as a complementary attribution method.

3.3 Analytics Cookies

We use analytics tools to understand site traffic and usage patterns. These cookies collect aggregated, anonymized data about page views, navigation paths, and feature engagement.

3.4 Preference Cookies

These cookies store your preferences such as theme selection (light or dark mode) and language settings to provide a consistent experience across visits.

4. Data Sharing and Disclosure

We do not sell your personal data. We share information only in the following circumstances:

4.1 Network Brand Partners

We share order attribution data with our brand partners — Italist, HEWI London, and Verishop — to verify purchases, process returns, and reconcile commissions. This data includes the click identifier, publisher ID, order ID, and purchase amount. Consumer personal information is not shared with publishers.

4.2 Payment Processors

We share necessary payment information with our payment processors to facilitate commission payouts to publishers. These processors are contractually bound to use your data only for payment processing.

4.3 Cloud Service Providers

Our platform infrastructure is hosted on Amazon Web Services (AWS). Data is processed and stored in accordance with AWS’s data processing agreements and security certifications (SOC 2, ISO 27001).

4.4 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.

4.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information.

5. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Account Data: Retained for the duration of your account plus 3 years after account closure for audit and compliance purposes.
• Commission Records: Retained for 7 years in accordance with tax reporting requirements.
• Click and Attribution Data: Retained for 2 years from the date of the click event.
• Analytics Data: Aggregated analytics data is retained indefinitely. Individual-level analytics data is anonymized after 26 months.
• Support Communications: Retained for 2 years after the last interaction.

6. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation (GDPR) and equivalent legislation:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request that we correct inaccurate or incomplete personal data.
• Right to Erasure: You may request that we delete your personal data, subject to certain legal exceptions (e.g., tax record retention obligations).
• Right to Data Portability: You may request a copy of your data in a structured, commonly-used, machine-readable format (JSON or CSV).
• Right to Object: You may object to processing of your personal data for direct marketing purposes or where processing is based on our legitimate interests.
• Right to Restrict Processing: You may request that we limit the processing of your personal data in certain circumstances.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@drapier.io. We will respond to your request within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

7. Your Rights Under CCPA/CPRA

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you additional rights:

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. If this changes in the future, we will provide a clear opt-out mechanism.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive a different level of service or pricing for exercising your privacy rights.
• Right to Limit Use of Sensitive Personal Information: You may direct us to limit the use and disclosure of your sensitive personal information to purposes necessary to provide the services.

To submit a CCPA request, email privacy@drapier.io with the subject line “CCPA Request.” We will verify your identity before processing the request and respond within 45 days.

8. International Data Transfers

Inspiration Commerce Group is based in the United States. If you access the Drapier from outside the United States, your information will be transferred to, stored, and processed in the United States, where our servers are located and our central database is operated.

For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional technical and organizational measures where appropriate. We also comply with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework as applicable.

9. Children’s Privacy

The Drapier is a business-to-business platform designed for use by publishers and merchants who are at least 18 years old (or the age of majority in their jurisdiction). We do not knowingly collect personal information from children under the age of 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe we have collected information from a child under 16, please contact us at privacy@drapier.io.

10. Security Measures

We implement a combination of technical, administrative, and physical safeguards to protect your personal information:

• All data in transit is encrypted using TLS 1.2 or higher.
• Sensitive data at rest (payment information, tax IDs) is encrypted using AES-256 via AWS Key Management Service (KMS).
• IP addresses are hashed (SHA-256) before storage — we never store raw IP addresses.
• Access to personal data is restricted to authorized personnel on a need-to-know basis, enforced through role-based access controls.
• We conduct regular security assessments and vulnerability scans of our infrastructure.
• Dashboard access is protected by strong password requirements and optional multi-factor authentication.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to continuously improving our security posture.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on this page with a revised “Effective Date” and, for registered users, by sending an email notification at least 30 days before the changes take effect. Your continued use of the Drapier Network after the effective date constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or want to file a complaint, please contact us:

If you are located in the EEA and are not satisfied with our response to your privacy inquiry, you have the right to lodge a complaint with your local data protection supervisory authority. A list of supervisory authorities is available on the European Data Protection Board website.