Privacy Policy

PRIVACY POLICY (GDPR COMPLIANT)

Last Updated: 2026-02-03

StarFanAI ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

StarFanAI is the data controller for your personal data. For GDPR inquiries, contact: privacy@starfanai.com

3.1. Account Information

- Email address (required)

- Username (for fans)

- Password (hashed, never stored in plain text)

- Age verification status

- Account creation date

3.2. Payment Information

- Payment processor tokens (we do NOT store raw credit card data)

- Transaction history

- Payment method type (not full card numbers)

- Billing information (processed by third-party payment processors)

3.3. Content and Usage Data

- Content you upload (images, videos)

- Content metadata (file size, type, timestamps)

- Usage statistics (views, subscriptions, purchases)

- Chat messages and media

3.4. Technical Data

- IP address

- Browser type and version

- Device information

- Cookies and similar technologies

4.1. We do NOT store:

- Raw credit card numbers

- Full payment card details

- CVV codes

- Full bank account numbers (only last 4 digits for verification)

4.2. Payment data is handled by:

- Stripe (payment processing and payouts)

5.1. Service Provision

- To provide and maintain the Platform

- To process payments and payouts

- To deliver content and services

- To communicate with you about your account

5.2. Legal Compliance

- To comply with legal obligations

- To verify age (18+ requirement)

- To prevent fraud and abuse

- To respond to legal requests

5.3. Platform Improvement

- To analyze usage patterns

- To improve Platform functionality

- To develop new features

6.1. Storage Locations

- Primary database: [Database location - To be specified]

- Content storage: Cloudflare R2 / AWS S3

- Backup storage: Secure backup servers

6.2. R2/S3 Storage Disclaimers

- Content is stored on third-party cloud storage (Cloudflare R2 / AWS S3)

- These services have their own privacy policies

- We ensure storage providers comply with GDPR

- Content is encrypted in transit and at rest

7.1. Account Data

- Retained while your account is active

- Retained for 30 days after account deletion (for fraud prevention)

- May be retained longer if required by law

7.2. Content Data

- Retained while hosted on Platform

- Deleted within 30 days of removal request

- May remain in backups for technical reasons (up to 90 days)

7.3. Payment Data

- Retained as required by accounting and tax laws (typically 7 years)

- Transaction records maintained for legal compliance

8.1. Right to Access

- You may request a copy of your personal data

- Contact: privacy@starfanai.com

- We will provide data within 30 days

8.2. Right to Rectification

- You may correct inaccurate personal data

- Update data through your account settings

- Contact us for assistance

8.3. Right to Erasure ("Right to be Forgotten")

- You may request deletion of your personal data

- Contact: privacy@starfanai.com

- We will delete data within 30 days (subject to legal requirements)

- Note: Some data may be retained for legal compliance

8.4. Right to Restrict Processing

- You may request restriction of data processing

- Contact: privacy@starfanai.com

8.5. Right to Data Portability

- You may request your data in a portable format

- Contact: privacy@starfanai.com

- We will provide data in JSON format within 30 days

8.6. Right to Object

- You may object to certain data processing

- Contact: privacy@starfanai.com

8.7. Right to Withdraw Consent

- You may withdraw consent for data processing

- Note: Withdrawal may affect Platform functionality

9.1. We use cookies and similar technologies for:

- Authentication (session cookies)

- Preferences (language, settings)

- Analytics (usage statistics)

- Security (fraud prevention)

9.2. Cookie Types

- Essential cookies: Required for Platform functionality

- Functional cookies: Enhance user experience

- Analytics cookies: Help us improve the Platform

9.3. Cookie Management

- You can manage cookies through your browser settings

- Disabling cookies may affect Platform functionality

10.1. We do NOT sell your personal data.

10.2. We share data only with:

- Payment processors (for payment processing)

- Cloud storage providers (for content hosting)

- Service providers (for Platform operations)

- Law enforcement (when required by law)

10.3. All third parties are required to protect your data and comply with GDPR.

11.1. We require all users to be 18+.

11.2. We do not knowingly collect data from minors.

11.3. If we discover data from a minor, we will:

- Immediately delete the account and data

- Report to appropriate authorities

- Take all necessary protective measures

12.1. We implement technical and organizational measures to protect your data:

- Encryption in transit (HTTPS/TLS)

- Encryption at rest

- Secure password hashing

- Regular security audits

- Access controls and authentication

12.2. However, no system is 100% secure. We cannot guarantee absolute security.

13.1. Your data may be transferred outside the EU/EEA.

13.2. We ensure adequate protection through:

- Standard Contractual Clauses (SCCs)

- Adequacy decisions

- Appropriate safeguards

14.1. In case of a data breach, we will:

- Notify affected users within 72 hours

- Report to supervisory authorities as required

- Take immediate steps to mitigate the breach

15.1. We may update this Privacy Policy from time to time.

15.2. Material changes will be notified via email or Platform notification.

15.3. Continued use constitutes acceptance of modified Policy.

For privacy inquiries: privacy@starfanai.com

For GDPR requests: privacy@starfanai.com

For general questions: support@starfanai.com

By using the Platform, you acknowledge that you have read, understood, and agree to this Privacy Policy. You understand your rights under GDPR and how we process your personal data.