1. Who We Are
FansChat operates the fanschat.app platform. This Privacy Policy explains how we collect, use, and protect personal information when you use our Service. We comply with the Australian Privacy Act 1988 (Cth) and, where applicable, the EU General Data Protection Regulation (GDPR).
2. Data We Collect
We collect the following categories of data:
- Account data: name, email address, password (hashed), and subscription information.
- Voice profile data: your communication style, tone, catchphrases, and any chat exports you upload.
- Platform connection data: your OnlyFans/Fanvue API credentials (stored encrypted).
- Usage data: messages processed, features used, and performance analytics.
- Payment data: handled exclusively by Stripe — we do not store card details.
- Consent records: timestamps of your agreement to our Terms, age confirmation, and AI disclosure acknowledgement.
3. Fan Data & Privacy
FansChat processes messages from your subscribers (“fans”) on your behalf. We never store real fan identities. All fan data is stored using a one-way masked identifier derived from the platform-assigned fan ID. We cannot reverse this mask to identify any individual fan. Fan message content is used solely to generate responses and improve your AI voice profile.
4. How We Use Your Data
- To provide, operate, and improve the FansChat Service.
- To generate AI responses on your behalf.
- To send transactional emails (subscription renewals, alerts, digests).
- To detect and prevent fraud and abuse.
- To comply with legal obligations.
5. Third-Party Services
We share data with the following sub-processors to operate the Service:
- Anthropic — AI message generation (messages are sent to Anthropic's API and subject to their privacy policy).
- Stripe — Payment processing and subscription management.
- Supabase — Database and authentication infrastructure.
- oFans API / Fanvue API — Platform integration for message delivery.
- Resend — Transactional email delivery.
- Sentry — Error tracking and performance monitoring (error logs may contain limited request context).
We do not sell your personal data to any third party for advertising purposes.
6. Data Retention
- Account data is retained for the lifetime of your account.
- Voice profile data is deleted within 30 days of subscription cancellation.
- Message logs are retained for up to 90 days for support and debugging.
- Audit and compliance logs are retained for 12 months.
- Payment records are retained as required by applicable tax law (typically 7 years).
7. Cookies
FansChat uses minimal cookies strictly necessary to operate the Service (authentication session cookies). We do not use advertising cookies, third-party tracking cookies, or analytics cookies. We do not use Google Analytics or any similar advertising-technology service.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your personal data (subject to legal retention requirements).
- Portability (GDPR): Request your data in a machine-readable format.
- Objection / Restriction (GDPR): Object to or restrict certain processing.
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at privacy@fanschat.app. We will respond within 30 days.
9. Australian Privacy Act Compliance
FansChat complies with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). If you believe we have breached the APPs, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
10. GDPR (EU/EEA Users)
If you are located in the EU or EEA, FansChat processes your personal data as a data controller. Our legal basis for processing is performance of a contract (providing the Service), legitimate interests (fraud prevention, security), and consent where indicated. You may lodge a complaint with your local supervisory authority at any time.
For our Data Processing Addendum covering our role as a data processor for fan data, see the Data Processing Addendum.