In effect from: 5 June 2026
Why And You Prosper Oy (Business ID 3505416-4) (“Prospr”, “we”) operates the Prospr App platform at prosprapp.com. We are committed to processing personal data lawfully, transparently, and securely in accordance with the EU General Data Protection Regulation (GDPR, 2016/679) and applicable national data protection legislation.
This Privacy Policy describes how we collect, use, store, share, and protect your personal data when you use our website, the Prospr App platform, and services.
Why And You Prosper Oy Business ID: 3505416-4 Asemakatu 4, 76100 Pieksämäki, Finland Email: hello@prosprapp.com
Why And You Prosper Oy is the data controller for all processing of personal data described in this policy, unless otherwise stated. If you have any questions about the processing of your personal data, please contact us at the email address above.
Personal data means any information relating to an identified or identifiable natural person. Such data includes, for example, name, email address, IP address, payment details, identifiers, and online behaviour.
We collect different categories of personal data depending on how you use Prospr.
We automatically collect technical data to ensure the functioning and security of the website:
Legal basis for processing: Legitimate interest (website security, functionality, and visitor statistics — GDPR Article 6(1)(f)).
When brands, influencers, or affiliates register and use the Prospr App platform, we may collect the following data:
If you link your social media accounts to your profile, we load data about you and your posts from those accounts: for example, your follower count, number of posts, view counts, and your most recent posts. This data is used when presenting you to companies, matching you to suitable programmes, and in certain cases for calculating commissions. Data loaded from a social media account is deleted when you remove the link to your social media account, or when you delete your account from Prospr.
Legal basis for processing: Performance of a contract (GDPR Article 6(1)(b)) and legitimate interest (GDPR Article 6(1)(f)).
When you contact us by email, chat, or via forms, we collect the following data:
Legal basis for processing: Legitimate interest (customer service and communications — GDPR Article 6(1)(f)).
Data is retained for a maximum of 24 months, unless legislation requires a longer retention period.
In the recruitment process, we process:
Legal basis for processing: Legitimate interest (recruitment — GDPR Article 6(1)(f)).
Data is retained for 24 months, unless the applicant requests earlier deletion.
When subscribing to the newsletter, we collect:
We send marketing communications and product updates. Legal basis for processing: Consent (GDPR Article 6(1)(a)). You may cancel your subscription at any time via the link in the newsletter.
When influencers promote companies through the Prospr App platform, Prospr receives information about web users who have clicked on influencers’ links. In this context, Prospr may store the following data about the web user:
Prospr may also ask whether your visit to the destination website may be tracked by placing a cookie or similar technical identifier specifically linked to the link you clicked.
If you permit tracking of your visit, Prospr passes your consent to the destination website, which is responsible for compliance with your consent. Even in this case, Prospr does not store in its own system any data that would link your visit to your personal data.
Legal basis for processing: Consent (GDPR Article 6(1)(a)) and legitimate interest (GDPR Article 6(1)(f)).
When you share links created on the Prospr App platform and web users click on them, we track the clicks on your shared links and the events transmitted to Prospr by the destination website or system in connection with those links, such as conversions and purchases. This data is used to calculate fees, prevent misuse, and provide transparent reporting. We do not associate personal data of web users with this data.
Legal basis for processing: Performance of a contract and legitimate interest (GDPR Article 6(1)(b) and (f)).
We use personal data for the following purposes:
We do not use personal data for automated decision-making or profiling, with the sole exception that if you have registered on the Prospr App platform as an influencer and have consented to Prospr creating a profile of you based on your linked channels, Prospr’s staff and automated systems may use this profile to recommend you for suitable programmes as quickly and accurately as possible. In this case, Prospr reads the data and content of your linked channels, including follower counts, content themes, and similar information that helps identify suitable programmes. Influencers may also always apply to programmes of their own choosing.
We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, including legal, accounting, and contractual obligations. Typical retention periods:
We do not sell personal data to third parties.
We may share data with trusted data processors who assist us in providing our services, such as:
All processors are bound by data processing agreements in accordance with the GDPR. We do not permit processors to use data for purposes other than those agreed.
We may also disclose data to authorities where we have a statutory obligation to do so.
|
Processor |
Country |
Purpose |
Further information |
|
Google Cloud EMEA Limited |
Ireland |
Cloud services and platform infrastructure |
|
|
UpCloud Oy |
Finland |
Data storage |
|
|
Plus Five Five, Inc. (Resend) |
United States |
Email services |
|
|
Notion Labs, Inc. |
United States |
Internal workspace platform |
|
|
Sendinblue SAS (Brevo) |
France |
Newsletter and marketing automation |
|
|
Cloudflare, Inc. |
United States |
AI processing: proposing suitable influencers to programs; handling customer support requests; internal processes such as customer relationship management and facilitating staff operations. |
Data held by Prospr is stored in data centres located within the EU/EEA. Some of our service providers are located outside the EU/EEA, including in the United States, meaning data may be temporarily processed outside the EU/EEA. When data is transferred outside the EU/EEA, we use the following safeguards:
We ensure that all international data transfers take place with appropriate safeguards and in accordance with GDPR requirements.
Under the GDPR, you have the following rights in relation to the processing of your personal data:
To exercise your rights:
We aim to respond to requests within 30 days as required by the GDPR. You also have the right to lodge a complaint with the data protection authority:
Office of the Data Protection Ombudsman P.O. Box 800, 00531 Helsinki, Finland tietosuoja@om.fi | www.tietosuoja.fi
We apply appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, or alteration. These measures include, among others:
In the event of a data breach, we will notify the competent supervisory authority within 72 hours in accordance with GDPR Article 33, and where necessary, also notify the affected data subjects.
We may update this Privacy Policy from time to time. We will notify data subjects of any significant changes by email or via the Prospr App platform before the changes take effect. The latest version is always available at prosprapp.com.
Previous version (20 March 2026)