By using OnlyFans, you acknowledge that you have read and understand the information in this Policy.

1. Introduction
2. What is Personal Data?
3. Informing us of changes
4. Applicability of this Policy (18+)
5. Third-party links
6. If you do not wish to provide Personal Data
7. Updates to this Policy
8. Categories of Personal Data
9. Our onboarding processes
10. How / why your Personal Data is used and lawful bases for processing
11. Obtaining your Personal Data
12. Sharing your Personal Data
13. International data transfers
14. Your rights regarding Personal Data
15. Exercising your rights
16. Choices and control over your Personal Data
17. Retention of Personal Data
18. Additional U.S. State Privacy Disclosures
19. Assistance and contact information

1. Introduction

   Fenix International Limited ("we", "us", "our") respects your privacy and we are committed to protecting the Personal Data we process about you. Fenix International Limited is the owner and operator of www.onlyfans.com ("OnlyFans"), a social network and content sharing platform which enables: (i) "Creators" to share and monetise their own content (as well as subscribe to, and view, the content of other Creators); and (ii) "Fans" to subscribe to, and view, the content of Creators.

   This privacy policy ("Policy") explains our practices with respect to the Personal Data processed about our Creators and Fans. It also explains our practices with respect to the Personal Data processed about individuals that feature in content uploaded by a Creator ("Content Collaborators"), and where we process Personal Data in the context of our business relationships.

   We process your Personal Data when you use OnlyFans and for the provision of the services that we offer from time to time via OnlyFans (the "Services"). We are a "data controller" of the Personal Data that we process in connection with the Services. This means that we decide the reasons why we process Personal Data about you and how we do so.

   If you have any questions about this Policy or our processing of your Personal Data, please see Section 19 (assistance and contact information) for information about how to contact us.

2. What is Personal Data?

   "Personal Data" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person or household.

   In addition, we may collect data that is not capable of identifying you or is otherwise not associated or linked with you, such as deidentified, aggregated or anonymised information. This type of data is not Personal Data and our use of such data is not subject to this Policy.

3. Informing us of changes

   It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes at any point during your relationship with us. Updates or corrections can be made through your account settings on OnlyFans.

4. Applicability of this Policy (18+)

   This Policy is provided in addition to, but does not form part of, our Terms of Service (which includes our Acceptable Use Policy) that govern your use of OnlyFans and the Services.

   Our Services are strictly intended for individuals 18 years of age or older. Anyone under 18 years of age is not permitted to use the Services. By using the Services, you represent that you are 18 years of age or older.

5. Third-party links

   OnlyFans may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share Personal Data about you.

   We are not responsible for, and this Policy does not apply to, the content, security or privacy practices of those other websites, plug-ins or applications. We encourage you to view the privacy and cookie policies / notices of those third parties to find out how your Personal Data may be used.

6. If you do not wish to provide Personal Data

   We need to collect certain Personal Data from you to provide you with access to the Services, or specific features and functionalities of the Services, in accordance with our contract with you (i.e. our Terms of Service). We are also required to process certain Personal Data in accordance with applicable laws. Please note that if you do not wish to provide Personal Data where requested, we may not be able to provide you with access to the Services or specific features and functionalities of the Services.

7. Updates to this Policy

   We may update this Policy from time to time, and any updates will be effective upon our posting of the revised Policy on OnlyFans. We will use reasonable efforts to notify you in the event that material updates are made to this Policy, such as sending you a feed notification or a chat message via your account on OnlyFans.

8. Categories of Personal Data

   We process, or our third-party providers process on our behalf, different kinds of Personal Data about Creators, Content Collaborators and Fans, which we have grouped together as follows:

   Category of Personal Data	Description
   User Data	Creators and Content Collaborators full name* alias, if applicable residential address city of birth country of birth country of residence* email address telephone number a copy of the government identity document that you provide to us* a "selfie" of you holding your government identity document* third-party social media handle / personal website address (used to further verify your age and identity and to help us better understand the content which you are likely to share on OnlyFans) signature on release forms if you feature in a Creator's content* Please note: Items marked with * will be requested for Content Collaborators where you are required to provide a release form. Fans email address telephone number
   Third-Party Onboarding Data	The following types of Personal Data are collected directly by our third-party providers during onboarding: Creators and Content Collaborators a copy of the government identity document that you provide to our third-party providers a short .gif, taken from a "selfie" that you provide to our third-party providers the results of the third-party age and identity verification process (pass / fail and reason for failing) metadata associated with the third-party age and identity verification process (e.g. start and finish time) Fans where we conduct third-party age and identity verification of Fans, a copy of the government identity document that you provide to our third-party providers where we carry out third-party age estimation, or third-party age and identity verification of Fans, a short .gif, taken from a "selfie" that you provide to our third-party providers the results of the third-party age estimation process or third-party age and identity verification process (pass / fail and reason for failing) metadata associated with the third-party age estimation process or third-party age and identity verification process (e.g. user start and finish time) Please see Section 9 (our onboarding processes) for further information. Third-Party Onboarding Data and Technical Data does not include Face Recognition Data, as set out below.
   Account Data	Creators profile name password avatars and headers of your Creator account your subscriptions, subscribers and referrals posts that you have made to your Creator account comments on posts made from your Creator account chat messages between you and other users customer support queries that you submit to us Fans profile name password avatars and headers of your Fan account your subscriptions comments on posts made from your Fan account chat messages between you and other users customer support queries that you submit to us
   Financial Data	Creators payment card details* billing address funds added to your wallet bank account information pay-out country corporate or business entity name, country, identification number and identification type VAT number tax identification number and issuing country W-9 form (for US Creators only) 1099-MISC form (for US Creators only) 1099-NEC form (for US Creators only) Fans payment card details* billing address funds added to your wallet * Please note: Any payments made to view the content of Creators are processed by our third-party payment providers. We do not receive your full payment card number, payment card expiration date, or the security code. Instead, the payment provider provides us with a "token" that represents your account, your payment card's expiration date, payment card type and the first six and last four digits of your payment card number.
   Transaction Data	Creators earnings pay-out requests payments made to your Creator account payments made from your Creator account to other Creators any failed payments Fans payments made from your Fan account to Creators any failed payments
   Technical Data	Creators and Fans Internet or other electronic network activity information, including: internet protocol (IP) address (and country code) user agent
   Usage Data	Creators and Fans We use cookies where necessary to allow you to browse the Services and access certain pages of OnlyFans. With your consent, we use non-essential cookies to enable us to recognise Referring Users, and Referred Creators, under the Referral Program in our Terms of Service. More information on our use of cookies can be found in our Cookie Notice. We currently do not use any cross-site tracking technologies and we do not sell Personal Data collected about you, or share Personal Data collected about you for cross-context behavioural advertising.
   Face Recognition Data	Creators, Content Collaborators and Fans where applicable As described in more detail in Section 9 (our onboarding processes), during onboarding, our third-party providers may use face recognition technology, so they can digitally verify you. Face Recognition Data is collected by and remains with our third-party provider. We do not ourselves collect, receive, possess, or have access to Face Recognition Data at any time.

9. Our onboarding processes

   CREATORS

   We have processes in place that are intended to ensure that Creators on OnlyFans: (i) are at least 18 years of age; and (ii) verify their identity. Before you can start a Creator account, we will:

   • Ask you to provide Creator User Data, as set out at Section 8 (categories of Personal Data).
   • Check your country of residence. This check is intended to ensure lawful access to OnlyFans and the Services.
   • Ask you to provide Financial Data, as set out at Section 8 (categories of Personal Data). This is necessary so that payments can be made to Creators for content, and so that Creators can access their earnings via OnlyFans. Financial Data is also collected as a verification and anti-fraud measure.
   • Ask you to go through a third-party age and identity verification process, as described below.
   • Check that you have not previously been banned from using OnlyFans and our Services (e.g. for violating our Terms of Service).

   CONTENT COLLABORATORS

   We have processes in place that are intended to ensure that Content Collaborators on OnlyFans: (i) are at least 18 years of age; and (ii) verify their identity. Before you can feature in content uploaded by a Creator we will ask you to go through a third-party age and identity verification process, as described below. You may also be required to provide a release form.

   FANS

   We have processes in place that are intended to ensure that: (i) all Fans on OnlyFans are at least 18 years of age; and (ii) Fans in certain circumstances or locations verify their identity. Before you can start a Fan account, we will:

   • Ask you to provide Fan User Data, as set out at Section 8 (categories of Personal Data).
   • Check your country of residence. This check is intended to ensure lawful access to OnlyFans and the Services.
   • Ask you to provide Financial Data, as set out at Section 8 (categories of Personal Data). This is necessary so that Fans can make payments to Creators. Financial Data is also collected as a verification and anti-fraud measure.
   • Ask you to go through a third-party process to gain further assurances of your age. This may include a third-party age and identity verification process, or third-party age estimation process, as described below. The specific process will depend upon your location, or other circumstances (e.g. if we detect suspicious activity on your account).

   THIRD-PARTY AGE AND IDENTITY VERIFICATION

   • We use third-party providers to conduct age and identity verification.
   • This process involves our third-party provider collecting a short .gif, taken from a "selfie" and photo from a government identity document (in both cases, that you provide to the third-party provider). The third-party provider then uses Face Recognition Data to match the two images so they can digitally verify your age and identity.
   • As described at Section 8 (categories of Personal Data), we do not collect, receive, possess, or have access to any Face Recognition Data collected or processed by our third-party providers through this process.
   • Where permitted by applicable law, we receive from our third-party providers Third-Party Onboarding Data, as set out at Section 8 (categories of Personal Data), to maintain a record of the age and identity verification process.

   THIRD-PARTY AGE ESTIMATION

   • For certain locations, we use third-party providers to conduct age estimation.
   • This process involves our third-party provider collecting a short .gif "selfie" (that you provide to the third-party provider) and using digital technology to estimate your age, which may involve the use of Face Recognition Data.
   • As described at Section 8 (categories of Personal Data), we do not collect, receive, possess, or have access to any Face Recognition Data collected or processed by our third-party providers through this process.
   • If you go through the third-party age estimation process, we will only receive the results of the process (pass / fail and reason for failing), to maintain a record of the age estimation process.
   • If you fail the third-party age estimation process (e.g. if you are over 18 years of age, but the technology has predicted that you look under a set threshold), you may have the option to go through the third-party age and identity verification process set out above.

   MORE INFORMATION ON OUR ONBOARDING PROCESSES

   • Why does OnlyFans use third-party face recognition technology?

     • The use of face recognition technology by our third-party providers is an important technological measure used in our wider onboarding processes for Creators and Fans. It is intended to ensure safety and security on OnlyFans and our compliance with applicable laws.
     • We use third-party service providers to carry out age and identity verification, who carry out these services on our behalf, as data processors.

   • How does Face Recognition Data help to prevent fraud?

     • Face recognition technology reduces the possibility of fraudulent face image spoofing and the uploading of fraudulent government identity documents when individuals go through the onboarding process.
     • Where our third-party providers have identified possible fraud attempts (such as the use of fake or otherwise manipulated documents) our third-party providers may maintain a record of such attempts, including Face Recognition Data, for the purposes of detecting and preventing unlawful activity, and preventing fraudulent access to OnlyFans.

   • Periodic authentication of your age and identity

     • During the time that you hold an account with us, we may require you to periodically authenticate your identity. If you have gone through the third-party age identity verification process, where permitted by applicable law our third-party providers may retain Face Recognition Data to enable you to authenticate your identity. Where this is retained, you do not need to provide the third-party provider with your government identity document again when authenticating your identity.
     • Withdrawing your consent: You may request the withdrawal of your consent to the retention of your Face Recognition Data for the purposes of subsequent authentication (and delete this) by contacting [email protected]. While withdrawing your consent to the retention of your Face Recognition Data will not affect your ability to complete a subsequent authentication process, it may require you to provide the third-party provider with your government identity document again during the authentication process.
10. How / why your Personal Data is used and lawful bases for processing

    We process Personal Data for, or based on, one or more of the following legal bases:

    • Consent: Your consent is requested only in specific circumstances which includes, for example, the processing of: (i) Face Recognition Data by our third-party providers as part of the age and identity verification process for all Creators (and for Fans in certain circumstances or locations); and (ii) age estimation captures (which may involve the use of Face Recognition Data) by our third-party providers for Fans in certain locations. Please see Section 9 (our onboarding processes) for further information.
    • Performance of a contract: By using the Services, you have contracted with us through our Terms of Service, and we will process Personal Data to perform that contract (e.g. to fulfil transactions between Fans and Creators and process Creator earnings) and to enforce the terms of that contract.
    • Legitimate interests: We may process Personal Data if it is in our, or a third-party's, legitimate interests (as detailed in the table below). This may include, for example, investigating and responding to a report made through our DMCA takedown procedure, to protect a Creator's intellectual property rights.
    • Compliance with legal obligations: We may process Personal Data to comply with applicable law, rules and regulations in the locations where we operate (e.g. complying with financial / tax reporting requirements).
    • Task carried out in the public interest: We may process Personal Data as necessary for a task carried out in the public interest. This may include, for example, reporting illegal activity to relevant law enforcement authorities, other governmental authorities and non-governmental organisations.

    We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

    The table below indicates the purposes for which your Personal Data is processed and the legal justification for the processing. Some of the above grounds for processing will overlap and there may be several grounds which justify the processing:

    Purpose / activity	Lawful basis for processing
    Account creation (both Creators and Fans).	Performance of a contract
    Creator and Content Collaborator age and identity verification and where applicable, subsequent authentication (specifically in relation to the processing of Face Recognition Data). Please see Section 9 (our onboarding processes) for further information.	Consent
    Fan age and identity verification and where applicable, subsequent authentication, in certain circumstances or locations (specifically in relation to the processing of Face Recognition Data). Please see Section 9 (our onboarding processes) for further information.	Consent
    Fan age estimation, in certain locations (specifically in relation to the processing of the age estimation capture, which may involve the use of Face Recognition Data). Please see Section 9 (our onboarding processes) for further information.	Consent
    Fan age verification (without third-party age and identity verification or third-party age estimation).	Performance of a contract
    Government identity document validity check and maintaining a record of the age and identity verification process.	Performance of a contract
    Maintaining a record of the age estimation process (for Fans in certain locations).	Performance of a contract
    Providing the Services, including the hosting of Creator content, the fulfilment of transactions between Fans and Creators and processing Creator earnings.	Performance of a contract
    Identifying Referring Users and Referred Creators under the Referral Program set out in our Terms of Service.	Consent More information can be found in our Cookie Notice.
    Providing technical support to Fans and Creators.	Performance of a contract
    Communicating with you about the Services, responding to support requests or, sharing information about the Services (e.g. providing you with updates to our Terms of Service and / or this Policy).	Performance of a contract
    Ensuring compliance with, and enforcing, our Terms of Service and other usage policies (e.g. our Acceptable Use Policy).	Performance of a contract
    Moderation and filtration: text and content uploaded to OnlyFans livestreaming on OnlyFans content sent in chat messages on OnlyFans to monitor and investigate violations of our Terms of Service.	Performance of a contract
    Filtration of text sent in direct messages on OnlyFans to investigate violations of our Terms of Service.	Performance of a contract
    Removal from the Services of text and content uploaded by users that is identified as illegal, and suspending or deactivating those user accounts.	Compliance with legal obligations Performance of a contract
    Removal from the Services of text and content uploaded by users that is identified as violating our Terms of Service and where appropriate, suspending or deactivating user accounts.	Performance of a contract
    Maintaining a record of banned users, to prevent further access to OnlyFans.	Legitimate interests
    Reporting illegal activity to relevant law enforcement authorities, other governmental authorities and non-governmental organisations.	Compliance with legal obligations Legitimate interests Task carried out in the public interest
    Providing relevant information to, or responding to requests from / investigations by, relevant law enforcement authorities, other governmental authorities and non-governmental organisations.	Compliance with legal obligations Legitimate interests Task carried out in the public interest
    Preservation and sharing of Personal Data in the context of legal proceedings (e.g. litigation).	Legitimate interests
    Complying with applicable laws, rules and regulations.	Compliance with legal obligations Legitimate interests
    Monitoring transactions and company network, systems, applications, and data, to: (i) detect malicious, deceptive, fraudulent, or illegal activity to protect information security and integrity, and user safety; and (ii) respond to / investigate incidents where appropriate.	Legitimate interests Substantial public interest
    As necessary or appropriate to protect the rights and property of our users, us, and other third parties.	Legitimate Interests
    System maintenance and testing, reporting and hosting of data, to maintain, develop and improve the provision of the Services (e.g. safety, performance and functionality).	Legitimate Interests
    As necessary in the context of a possible sale, merger, acquisition, business reorganisation or group restructuring exercise.	Legitimate Interests
    Processing of Personal Data in connection with sponsorships, and our relationship with service providers, professional advisers and other third parties for business purposes (e.g. business contact information and correspondence).	Performance of a contract Legitimate Interests

11. Obtaining your Personal Data

    We collect your Personal Data from the following categories of sources:

    • Directly from you: When you provide it to us directly to open an account and use the Services, when you update your Personal Data in your account, or by corresponding with us (e.g. User Data, Account Data). We may also process your Personal Data when you interact with us through our social media pages on third-party websites.
    • Automatically or indirectly from you: For example, through and as a result of your use of the Services (e.g. Transaction Data, Technical Data, Usage Data), if you sign-in to OnlyFans via third-party single sign-in, or if you connect a third-party account to your OnlyFans account.
    • From our service providers: For example, where permitted by applicable law, we receive Third-Party Onboarding Data and certain Technical Data from our third-party age and identity verification providers.
12. Sharing your Personal Data

    We share Personal Data with the following categories of third parties:

    • Our third-party service providers: Such as our IT, payment processing, customer support, content and text moderation, tax automation, and age and identity verification / age estimation service providers. The lawful basis we rely on for sharing Personal Data with these recipients is that it is necessary for our legitimate interests (namely the receipt of services to support business functionality).
    • Our professional advisers: Such as our legal advisors, bankers, auditors, accountants, consultants, and insurers. Our professional advisors will process Personal Data as necessary to provide their services to us. The lawful basis we rely on for sharing Personal Data with these recipients is that it is necessary for our legitimate interests (namely the receipt of professional services).
    • Corporate: Relevant third parties in the event of a possible sale, merger, acquisition, business reorganisation or group restructuring exercise. The lawful basis we rely on for sharing Personal Data with these recipients is that it is necessary for our and the relevant third parties' legitimate interests (namely assessing and putting into effect potential transactions).
    • Our group companies: For the centralised coordination and management of our business, in accordance with the purposes set out at Section 8 (categories of Personal Data). These recipients will process Personal Data in the same way as set out in this Policy. The lawful basis we rely on for sharing Personal Data with these recipients is that it is necessary for our legitimate interests (namely coordinating the global operations of our business).
    • Relevant authorities, regulators and organisations: Relevant governmental authorities (including law enforcement and tax authorities), regulators, and certain non-governmental organisations (such as the National Center for Missing & Exploited Children (NCMEC)). These recipients will use your Personal Data in the performance of their regulatory, legal or otherwise charitable or not-for-profit role. Depending on the context, the lawful basis we rely on for sharing Personal Data with these recipients may vary. The processing may be necessary to comply with a legal obligation to which we are subject, necessary for our, or a third-party's, legitimate interests, or may be in the interest of the wider public to do so. This may include, for example, reporting illegal content to / assisting with requests from, authorities, regulators and organisations, to protect the safety of our users and third parties, and complying with our financial / tax reporting requirements (e.g. DAC7, in the European Union).
13. International data transfers

    We share your Personal Data within our group companies and to our third parties, as set out at Section 12 (sharing your Personal Data).

    In some circumstances, this will involve transferring your data outside the UK, the EEA and Switzerland. We make those transfers: (i) to countries that have been deemed to provide an adequate level of protection for Personal Data; (ii) using appropriate safeguards; or (iii) where otherwise authorised by applicable law.

    Please contact us using the contact details set out at Section 19 (assistance and contact information) if you would like further information on the specific mechanism used by us when transferring your Personal Data outside the UK, the EEA and Switzerland.

14. Your rights regarding Personal Data

    You have certain rights regarding the collection and processing of Personal Data. You may exercise these rights by contacting us using the contact details set out at Section 19 (assistance and contact information).

    Under certain circumstances and subject to certain exemptions, you have the right to:

    • Withdraw your consent to the processing of your Personal Data: Please note that withdrawing your consent will not affect the lawfulness of any processing carried out before you withdraw your consent.
    • Request to know or access to your Personal Data: You may receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
    • Request correction of the Personal Data that we hold about you: You may correct any incomplete or inaccurate Personal Data we hold about you.
    • Request deletion / erasure of your Personal Data: You may ask us to delete or remove Personal Data where there is no legitimate reason for us continuing to process it. You also may ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below). Please note that we may not always be able to comply with your request of deletion / erasure for specific legal reasons, for example if your account has been deactivated for violations of our Terms of Service. Please see Section 17 (retention of Personal Data) for further information.
    • Request the restriction of processing of your Personal Data: You may ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
    • Request the transfer of some sections of your Personal Data to another party.

    You also have the right to object to processing of your Personal Data where we are relying on a legitimate interest for the processing and there is something about your particular situation which makes you want to object to processing on this ground.

    We do not process Personal Data that is subject to solely automated decision-making, where that decision-making is likely to have a legal or similarly significant effect on you.

    You also have the right:

    • To lodge a complaint with a data protection regulator. For example, in the UK, this is the Information Commissioner's Office (ICO) and in Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC). If you are resident in the EEA, you may wish to contact your local country or state-specific data protection regulator.
    • Depending on your location in the United States, to not receive retaliatory or discriminatory treatment in connection with a request to exercise the above rights, or to appeal a decision we have made in connection with your privacy rights request. Further information on appeals is set out at Section 18 (additional U.S. State Privacy Disclosures).
15. Exercising your rights

    If you would like to exercise your rights set out at Section 14 (your rights regarding Personal Data), you may do so by contacting us using the contact details set out at Section 19 (assistance and contact information).

    If you submit the request yourself, please ensure that your request contains sufficient information to allow us to confirm your identity and properly understand, evaluate, and respond to it.

    In order to verify your identity, we may at times need to request additional Personal Data from you, taking into consideration our relationship with you and the sensitivity of your request. In certain circumstances, we may decline a privacy rights request, particularly where we are unable to verify your identity.

    If your request is made by a third-party authorised by you, we will also require proof that the third-party has permission to submit the request on your behalf (such as a signed document or a valid power of attorney evidencing that the third-party has authority to make the request).

16. Choices and control over your Personal Data

    Modifying and deleting your Personal Data: If you have an account with us, you may update your account settings on OnlyFans. Please note that changes to your settings may require some time to take effect.

    Access to device information: You may control the Services' access to your Technical Data through your "Settings" app on your device. For instance, you can withdraw permission for the Services to access your network devices and geolocation.

    Email notification opt-out: We currently do not send emails for direct marketing purposes. However, we do send email notifications which are related to your account (e.g. for Creators, where you have a new subscriber, you have received a new tip, or somebody has renewed their subscription with you). You may opt-out of receiving certain types of email communications from us by changing your notification preferences on OnlyFans. You may also email us using the contact details set out at Section 19 (assistance and contact information). Please include "E-mail notification opt-out" in the email's subject line and include your name and your account email address in the body of the email.

    Please note that you cannot opt-out of certain automated email notifications that are necessary to provide the Services or are otherwise required in accordance with applicable law (e.g. account verification, transactional communications, changes / updates to features of the service, technical and security notices).

17. Retention of Personal Data

    We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes for which it was collected, as set out in this Policy. The Personal Data that we retain and the length of time for which it is retained will be determined on a case-by-case basis, depending on the particular circumstances.

    We determine the periods for which we normally retain Personal Data as follows:

    • Providing our Services: Where we need to use Personal Data to provide you with our Services, or specific parts of our Services, we will retain your Personal Data for the lifetime of your account or as long as necessary to provide you with the relevant feature or functionality of our Services.
    • Trust and safety: If you have (or we reasonably suspect that you have) violated our Terms of Service, or where we otherwise need to retain information to identify and report illegal activity or protect the safety of our users and third parties, we will retain certain Personal Data for as long as necessary to conduct our investigations, assist with any investigations by law enforcement or non-governmental authorities (e.g. NCMEC), and enforce any removal of offending users or content.
    • Compliance with applicable laws and regulatory obligations: For example: (i) identity record keeping / maintenance requirements in certain locations and financial / tax reporting requirements, which in some cases is up to 7 years; (ii) if we receive a valid legal request (such as a preservation order or search warrant, related to your account); (iii) complying with regulatory investigations or proceedings. We will delete your Personal Data sooner where a shorter retention period is required by applicable law.
    • Legal claims: Personal Data will be retained in accordance with applicable statutory limitation periods. In certain circumstances we may need to retain this longer, for example, to defend ourselves in litigation about a claim or complaint related to you.
18. Additional U.S. State Privacy Disclosures

    Where required by law, these additional U.S. State Privacy Disclosures ("U.S. Disclosures") supplement the information contained in the Policy by providing additional information about our Personal Data processing practices relating to individual residents of certain U.S. States. Unless otherwise expressly stated, all terms defined in this Policy retain the same meaning in these U.S. Disclosures.

    For the purposes of these U.S. Disclosures, Personal Data does not include publicly available information or deidentified, aggregated or anonymised information that is maintained in a form that is not capable of being associated with or linked to you.

    No sales for targeted advertising

    We do not sell or share Personal Data for the purpose of displaying advertisements that are selected based on Personal Data obtained or inferred over time from an individual's activities across businesses or distinctly-branded websites, applications, or other services (otherwise known as "targeted advertising").

    Sensitive information

    Although sensitive information may be disclosed for a business purpose as described below, we do not sell or share sensitive information for the purpose of targeted advertising.

    The following Personal Data elements we, or our service providers, collect may be classified as “sensitive” under certain privacy laws ("sensitive information") including:

    • username and password;
    • social security number, driver's licence number, and passport number;
    • government identifiers (such as driver's licence numbers);
    • partial payment card number and the name registered with your payment card; and
    • Face Recognition Data (biometric information which is collected and processed by our third-party providers).

    We use this sensitive information for the purposes set out at Section 10 (how / why your Personal Data is used and lawful bases for processing), to the extent necessary for the operation of our Services, to enter into and perform a contract with you, to comply with legal and regulatory requirements, to protect the safety of our users and third parties or as otherwise permissible for our own internal purposes consistent with applicable laws.

    Deidentified information

    We may at times receive, or process Personal Data, to create deidentified information that can no longer reasonably be used to infer information about, or otherwise be linked to, a particular individual or household. Where we maintain deidentified information, we will maintain and use the information in deidentified form and not attempt to reidentify the information except as required or permitted by applicable law.

    Appeals

    If you are a resident of certain U.S. States, you have the right to appeal decisions regarding your privacy requests. All appeal requests should be submitted using the contact details set out at Section 19 (assistance and contact information). If your appeal is denied, you may contact your local Attorney General.

    Minors

    Our Services are strictly intended for individuals 18 years of age or older. anyone under 18 years of age is not permitted to use the Services. By using the Services, you represent that you are 18 years of age or older.

    CALIFORNIA SPECIFIC DISCLOSURES

    The following disclosures only apply to residents of the State of California:

    Personal Data collection

    California law requires that we provide disclosures to you about what Personal Data we collect by reference to the categories of Personal Data set forth within California law. To address this obligation, we have identified the relevant California Personal Data category for the Personal Data set out in more detail at Section 8 (categories of Personal Data):

    • Identifiers: such as your name, address, phone number, email address, passport or other government identity information including driver's licence information, account information, or other similar identifiers.
    • Customer Records: Such as your driver's licence number, passport number, partial debit card information, partial credit card information, bank account information or other payment or financial information.
    • Protected Classification Characteristics: Such as age, date of birth, and gender.
    • Commercial Information: Such as information about products or services purchased and your use of our Services.
    • Biometric Information: which is limited to Face Recognition Data, used by our third-party providers for age and identity verification purposes. Face Recognition Data remains with our third-party providers and we do not ourselves collect, receive, possess, or have access to this data.
    • Internet / Network Information: Such as device information, and log data.
    • Sensory Information: Such as pictures and videos (content) you upload to OnlyFans.
    • Professional / Employment Information: Such as the business or organisation you are associated with and, where applicable, your title with that business or organisation and information relating to your role with the business or organisation.
    • Other Personal Data: Such as communication preferences, customer service and communication history, personal data an individual permits us to see when interacting with us through social media, Personal Data an individual provides us in relation to a question or request, and messages you send us through our Services or make available to us on social media.
    • Inferences: Such as information generated from your use of our Services.

    We may disclose all of these categories of Personal Data for a business purpose to service providers or other third parties, as outlined in this Policy.

    Disclosure of Personal Data

    As set out at Section 12 (sharing your Personal Data), we may disclose the categories of Personal Data identified above to the following categories of third parties for various business purposes: our group and affiliated companies, service providers, our professional advisers, business partners, other businesses as needed to provide our Services, and certain third parties where you have provided consent, where it is in connection with a corporate transaction, or where we are required by law or in connection with other legal process.

    Sources of Personal Data

    We collect Personal Data directly from you, from your browser or device when you interact with our Services, and from our business partners and affiliates, third parties you direct to share information with us, and other third-party providers. For more information, please see Section 11 (obtaining your Personal Data).

    Purpose for collection

    We collect Personal Data about you for the purposes set out at Section 10 (how / why your Personal Data is used and lawful bases for processing).

    Notice of financial incentives

    As discussed above, we currently do not use any cross-site tracking technologies and we do not sell Personal Data collected about you, or share Personal Data collected about you for cross-context behavioural advertising. We do not currently send emails for direct marketing purposes.

    We currently offer a Referral Program, whereby existing Creators of OnlyFans can use their unique referral code to introduce people who are interested in becoming Creators on OnlyFans, and the referring Creator will receive referral payments, based on the referred Creator's earnings. The Referral Program is subject to our Terms of Service and any such referral payments are calculated, and limited, as described in the Referral Program Terms in our Terms of Service.

    Any Personal Data associated with the referring Creator, or the referred Creator, is processed in accordance with this Policy.

    We have determined that the value of the Referral Program is reasonably related to the value of the Personal Data we process in connection with the Referral Program (based on our reasonable but sole determination). We estimate the value of the Personal Data we receive and otherwise process in connection with the Referral Program by considering the expense we incur in collecting and processing the Personal Data, as well as the expenses related to facilitating the Referral Program.

    You may exercise your rights in relation to your Personal Data as outlined in this Policy, and as applicable, by submitting a ticket through your account or by emailing [email protected].

    NEVADA SPECIFIC DISCLOSURES

    Nevada law requires operators of online services to provide a way for Nevada residents to request to opt-out of the sale of Personal Data. Although we do not sell Personal Data, Nevada residents can still submit this type of opt-out request by contacting us using the details set out at Section 19 (assistance and contact information).

19. Assistance and contact information

    We have appointed a Data Protection Officer ("DPO") whose responsibilities include, together with our team of privacy specialists, responding to questions, requests, and concerns in relation to this Policy and our use of Personal Data.

    If you have questions about this Policy, or how we process your Personal Data, please submit a ticket through your account or email us at [email protected] .

    We have also appointed an EU Representative who may be reached as follows:

    DAPR sp. z o.o.
    Poland Company Number 0000688178
    Zurawia 47 Street
    00-680 Warsaw, Poland
    [email protected]

Last updated: August 2024