Privacy Policy

Effective: April 30, 2026 · Last updated: April 30, 2026
⚠️ Draft for legal review. This document is an AI-assisted first draft. It has not yet been reviewed by an attorney specializing in privacy law (GDPR, CCPA, etc.) and must be finalized before public launch.

CherryFans LLC ("CherryFans", "we", "us") respects your privacy. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and your rights.

1. Who We Are (Data Controller)

CherryFans LLC, a Wyoming, USA limited liability company. For privacy questions, contact privacy@cherryfans.com.

2. Information We Collect

2.1 Information you provide

  • Account data — email, hashed password, display name.
  • Third-party sign-in (Google, X / Twitter) — if you choose to sign in with Google or X, we receive a stable user identifier from that provider plus your basic public profile (display name, profile picture, and — where the provider supplies it — verified email address). We do not read your tweets, send tweets/DMs, post on your behalf, or display any of your X / Google content inside the Service. We do not resell, share, or aggregate any data obtained from these providers. The provider's user ID is stored only to recognize you on subsequent logins and is deleted within 24 hours of your account deletion or your request.
  • Age verification — for users in jurisdictions that require ID-based verification, we use a third-party provider (e.g. Persona, Yoti) which checks your government-issued ID and a selfie. We do not store your ID document; only a verification token and the verification result are stored.
  • Payment information — handled exclusively by our PCI-compliant payment processor (CCBill). We never see or store your full card number; we only store a tokenized reference and the last four digits for receipt display.
  • Communications — messages you send to creators, comments, tip notes, support requests.

2.2 Information collected automatically

  • IP address (for fraud prevention, geo-restriction, and rate-limiting);
  • Device and browser information (user-agent, screen size);
  • Usage data (pages viewed, posts liked, time spent);
  • Cookies and similar technologies. See our Cookie Policy.

2.3 Information we do NOT collect

  • Your real name (unless you choose to provide it);
  • Your physical address (unless required by your payment provider);
  • Biometric data beyond what's used in the age-verification step;
  • Health data, religious beliefs, political views, or similar special-category data.

3. How We Use Your Information

  • To provide, maintain, and improve the Service;
  • To process subscriptions, tips, and pay-per-view purchases;
  • To deliver creator content, messages, and notifications you've opted into;
  • To detect fraud, abuse, and security threats;
  • To comply with legal obligations (tax, age verification, anti-money-laundering);
  • For aggregated, anonymized analytics to improve the product.

4. Lawful Basis (GDPR Users)

If you are in the European Economic Area, the United Kingdom, or Switzerland, our lawful bases under the GDPR are:

  • Contract — to deliver the Service you signed up for;
  • Legal obligation — for tax, age verification, and law-enforcement responses;
  • Legitimate interest — for fraud prevention and product analytics;
  • Consent — for marketing communications and non-essential cookies.

5. Who We Share With

We only share with vendors strictly necessary to operate the Service:

  • Payment processor — CCBill (cardholder data).
  • Age-verification provider — Persona / Yoti (ID + selfie, tokenized).
  • Cloud infrastructure — Vercel (hosting), Neon (database), Bunny.net (media CDN).
  • Email delivery — Resend (transactional emails).
  • Analytics — PostHog (anonymized usage events).
  • Error monitoring — Sentry (server error logs).
  • Law enforcement — only when required by valid legal process.

We do not sell your personal information. We do not share data with advertisers or data brokers.

6. Data Retention

  • Account data: retained while your account is active, plus 90 days after deletion (for fraud-prevention purposes).
  • Payment records: 7 years (U.S. tax and accounting requirements).
  • Age-verification tokens: as long as your account is active.
  • Server logs: 30 days.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you;
  • Request correction of inaccurate data;
  • Request deletion of your data ("right to be forgotten");
  • Restrict or object to certain processing;
  • Receive your data in a portable format;
  • Withdraw consent at any time;
  • Lodge a complaint with your local data-protection authority.

To exercise any right, email privacy@cherryfans.com. We respond within 30 days.

California Residents (CCPA / CPRA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know, delete, correct, and opt out of "sales" or "shares" of personal information. We do not sell personal information.

8. International Data Transfers

Our infrastructure is primarily located in the United States. By using the Service, you consent to the transfer and storage of your data in the U.S. and other jurisdictions where our vendors operate. Where required, we rely on Standard Contractual Clauses for cross-border transfers.

9. Security

We implement industry-standard safeguards including HTTPS/TLS encryption, hashed passwords (bcrypt), encrypted database connections, regular security reviews, and access controls. No system is perfectly secure; you should use a unique strong password and enable two-factor authentication when available.

10. Children's Privacy

The Service is intended for adults aged 18 or older. We do not knowingly collect personal data from anyone under 18. If we learn we have collected data from a minor, we will delete it immediately.

11. Changes

We may update this Privacy Policy. We will notify you of material changes by email and/or in-app notice at least 14 days before they take effect.

12. Contact

Questions, requests, or complaints: privacy@cherryfans.com.