When Influence Meets Compliance: FTC Endorsements, Privacy Policies, and Website Tracking Risk
Founder-led brands should consider treating posts by founders, officers, and significant equity holders as regulated endorsements. Paid creator campaigns need their own controls, but founder content may need them too.
Without appropriate disclosure, a founder’s Instagram post can look personal while still operating as advertising, and a generic “Sponsored” label can make a permanent ownership interest look like a one-time ad buy. When a consumer clicks through and tracking begins before the relationship and data practices are clear, the same moment can raise FTC endorsement, CCPA notice, and CIPA consent concerns. This alert explains how these risks overlap and what steps businesses can take to address them.
FTC Endorsement Rules Now Reach Beyond Captions
When an endorser has a certain kind of relationship with a brand that could affect how people view the endorsement, the FTC expects the relationship to be clearly disclosed. The main concern is whether the relationship could affect the audience’s view of the endorser’s credibility, independence, or motivation; in practice, the brand’s credibility is also at stake because the brand benefits from the endorsement. That responsibility rests with both sides: the endorser must make the disclosure in the endorsement itself, and the brand must give clear instructions, monitor for compliance, and correct missing or inadequate disclosures. Relationships that can trigger disclosure include payment, free products, affiliate commissions, employment, ownership, stock or equity interests, options or other financial upside, family or personal relationships, and other benefits that could affect how the endorsement is weighed.
For a paid partnership, disclosure requirements are familiar. Each sponsored post should use simple language, such as “Ad,” “Sponsored,” or “Paid Partnership with [Brand],” placed where viewers will see it before acting on the endorser’s recommendation.
Founder and equity relationships require more. If a creator founded the company, owns equity, holds stock options, advisory equity, profit interests, revenue-sharing rights, or any other financial interest tied to the company’s success, the disclosure should tell the audience the nature of that interest. The equity does not need to be vested to matter; the FTC’s focus is whether the relationship could affect how consumers evaluate the endorsement. Practical disclosure language should be direct, such as: “I am a co-founder of [Brand],” “I own equity in [Brand],” or “I hold stock options in [Brand].”
That distinction matters. In the FTC’s CSGOLotto decision and order[1], the FTC alleged that the influencer-founders promoted a company they owned without disclosing that ownership and paid other influencers to promote the company without requiring proper disclosures. The order directed the influencer-founders to clearly disclose any material connection they have with an endorser or between themselves and any promoted product or service, and to monitor and review the social media accounts of their endorsers to ensure that required disclosures are made.
Why Equity Is Harder Than Sponsorship
The FTC’s “significant minority” standard asks whether a meaningful part of the audience would not understand or expect the relationship. In an obvious ad, some consumers may expect payment. They are far less likely to assume that the creator owns the company.
The rule also follows the audience. A past disclosure may not carry the next post, and a profile bio alone may not be enough. “Everyone knows” is generally not a reliable compliance strategy.
For always-on founder-creators, the friction is real. A brand mention, product tag, podcast segment, livestream, Story, Reel, repost, or comment may need its own ownership disclosure. Repetition may feel awkward, but silence can create risk.
What Privacy Policies Should Say
Privacy policies should support the endorsement program rather than sit apart from it. Consider including the following elements:
A description of the brand’s use of influencers, creator partners, affiliate links, and founder-led content as marketing channels.
An explanation of how interactions with influencer posts, affiliate links, discount codes, social media bios, podcast show notes, newsletters, and creator-linked landing pages may trigger tracking.
A list of the main tracking tools used, such as pixels, cookies, affiliate links, UTM parameters, session analytics, email tracking, and ad technologies.
A list of the types of personal information collected, including IP address, device identifiers, referral source, browsing activity, purchase activity, and conversion events.
Identification of third-party recipients by category and, where feasible, by vendor name.
A statement of whether creator-channel data is used to track sales, measure campaigns, retarget visitors, build lookalike audiences, personalize content, run analytics, or update customer databases.
An explanation of whether tracking providers may use data for their own purposes or only to provide services to the brand.
These disclosures do not cure a missing FTC endorsement disclosure, but they can help keep one problem from becoming two. If an influencer post lacks a relationship disclosure and the linked page tracks the consumer without meaningful notice, the consumer may be misled about both the endorsement and the data collection. A privacy policy that explains influencer-channel tracking can help remove one omission from the overall picture.
What Terms of Use Should Say
Terms of use help turn the privacy policy and social media policy into practical rules. Consider including provisions that:
Cross-reference the privacy policy’s influencer-tracking disclosures.
Add a sponsored-content and affiliate-link notice explaining that some content may involve paid, affiliate, or ownership relationships.
Require users who submit reviews or testimonials to disclose any compensation, free product, discount, or other benefit they have received.
Prohibit fake reviews, manipulated reviews, and undisclosed incentivized reviews.
State that the brand’s social media policy applies to brand accounts and to personal accounts used by founders, officers, employees, paid partners, or equity holders to promote the brand.
Reserve the right to correct, label, remove, or decline to repost content that lacks required disclosures.
California Adds a Pressure Point
For California users, the overlap may be sharper. The CCPA requires notice at or before collection, including the categories of personal information collected and the purposes for collection. Influencer links, affiliate redirects, and pixel-enabled landing pages can function as collection points.
Brands may want to add influencer, creator, and affiliate traffic to the notice-at-collection language. They can list the data collected through those channels, explain why it is collected, disclose whether it is sold or shared for cross-context behavioral advertising, provide a clear “Do Not Sell or Share My Personal Information” link, honor Global Privacy Control signals where required, and place the notice before or at the point when the consumer interacts with the tracked link or landing page.
CIPA adds another consideration. Plaintiffs have targeted pixels, session replay tools, chat widgets, and analytics scripts as potential unlawful real-time interceptions, with statutory damages of $5,000 per violation.
To help reduce CIPA risk, brands may consider using opt-in consent for California visitors before non-essential scripts fire. The consent tool should load before the tag manager triggers marketing tags. Brands may want to remove hard-coded pixels that cannot be consent-gated, name tracking providers in the privacy policy, disclose real-time data transfers, restrict vendor use of tracking data unless that use is clearly disclosed and consented to, keep timestamped consent logs, and add terms-of-use language documenting affirmative consent before tracking begins.
These same controls can apply to influencer-linked landing pages, podcast show-note links, newsletter links, and social media bio links.
Takeaway
A practical approach is to follow the consumer’s click. What do they see? What do they know? What fires before they consent? What relationship is hidden? What data moves?
Here are seven steps to consider:
Map covered endorsers. Identify paid partners, affiliates, founders, officers, employees, and equity holders who post about the brand.
Consider per-post disclosures. Use sponsorship language for paid deals and ownership language for founder or equity-holder posts.
Update privacy notices. Treat creator, affiliate, and founder-led marketing as data collection channels.
Update terms of use. Add sponsored-content, affiliate-link, review-integrity, and social media policy provisions.
Align California notice and consent. Cover creator and affiliate traffic in CCPA notices and consider blocking non-essential tracking for California visitors until opt-in consent is obtained.
Document and test. Keep consent logs, test tag firing, and apply consistent controls to influencer-linked pages and social links.
Consider AI usage. If AI tools are used to generate or assist in creating endorsement content, marketing copy, testimonials, or social media posts, disclose that use where it would be material to consumers. The FTC has signaled that undisclosed use of AI-generated content in marketing contexts may be deceptive, particularly when consumers are led to believe they are viewing authentic human experiences or opinions[2]. Brands should establish clear policies requiring disclosure when AI materially contributes to promotional content and should monitor creator and influencer outputs for compliance.
If the answer to any of these questions is unclear, the policy work may not be complete.
Done well, these disclosures do more than reduce legal exposure; they shape how consumers experience the brand from the first click. When a follower taps through a founder’s post and lands on a page that explains what data is collected, why it is collected, and how choices are honored, that transparency becomes part of the product — and the relationship begins with honesty. For founder-led brands especially, that honesty, and the authenticity it contributes to, are often the core value propositions. Aligning disclosures with brand values reinforces the credibility that drew the audience in the first place.
Compliance here is not just a disclosure exercise. A Privacy Policy, Terms of Use, and endorsement disclosure program that work together tell a consistent story: we collect data to serve you, we tell you how, and we respect your choices. That story, repeated across every touchpoint, becomes part of what the brand stands for.
For More Information
If you have questions about implementing these strategies or need tailored guidance for your organization, please contact Tom Vincent (tom.vincent@pierferd.com) or your regular firm contact.
This publication and/or any linked publications herein do not constitute legal, accounting, or other professional advice or opinions on specific facts or matters and, accordingly, the author(s) and PierFerd assume no liability whatsoever in connection with its use. Pursuant to applicable rules of professional conduct, this publication may constitute Attorney Advertising. © 2026 Pierson Ferdinand LLP.
[1] https://www.ftc.gov/system/files/documents/cases/1623184_c-_csgolotto_decision_and_order.pdf
[2] See, e.g., FTC, “Keep Your AI Claims in Check” (Feb. 27, 2023), https://www.ftc.gov/business-guidance/blog/2023/02/keep-your-ai-claims-check; FTC, “Chatbots, Deepfakes, and Voice Clones: AI Deception for Sale” (Mar. 20, 2023), https://www.ftc.gov/business-guidance/blog/2023/03/chatbots-deepfakes-voice-clones-ai-deception-sale.
