Last updated: March 31, 2026
This Privacy Policy explains how Many-Fans ("we", "us", "our") collects, uses, shares, and protects information about you ("user", "you") when you use the Many-Fans SaaS platform at many-fans.com and the associated Chrome extension "Many-Fans Connect" (together, the "Service").
•Account data: email address, display name, Telegram handle, password hash (bcrypt), role type (model, agency, chatter), creation and last-login timestamps.
•Billing data: subscription plan, payment status, invoice history, cryptocurrency payment metadata from NOWPayments (currency, amount, transaction ID). We do not store or have access to wallet private keys, credit card numbers, or bank details.
•Platform integration data: encrypted Fansly session tokens, Fansly account identifiers, session status. Tokens are stored encrypted with AES-256 and decrypted only server-side at time of use.
•Conversation metadata: platform conversation IDs, message timestamps, fan identifiers, AI reply drafts and approvals, sales signals, content tags. We do not store NSFW media content — only metadata required for AI operation.
•Vault metadata: content file names, sizes, MIME types, derived tags and sale-ladder classifications. Actual media files remain on Fansly; we process and cache only lightweight analysis metadata.
•Usage and device data: IP address, user agent, browser locale, cookie identifiers, referrer URLs, page views, feature interactions, API request logs for debugging and fraud prevention.
•Provide, operate, maintain, and improve the Service.
•Process subscription payments and enforce plan limits.
•Generate AI replies, sales suggestions, and fan memory features using OpenAI (see Section 4).
•Send transactional email (account confirmations, billing notices, security alerts) via Brevo.
•Detect, investigate, and prevent fraud, abuse, and platform security incidents.
•Comply with legal obligations, respond to lawful requests, and enforce our Terms of Service.
•Aggregate and anonymize data for analytics; we do not sell personal data to third parties.
•Contract: processing is necessary to provide you the Service you subscribed to.
•Legitimate interests: product improvement, fraud prevention, security, and business analytics that do not override your rights and freedoms.
•Consent: where we ask you explicitly (for optional features). You may withdraw consent at any time.
•Legal obligation: where required to comply with applicable law.
•NOWPayments — cryptocurrency payment processing. They receive payment amount, currency, invoice ID; they do not receive your account password or conversation data.
•Brevo (ex-Sendinblue) — transactional email delivery via HTTP API. Receives your email address and message content.
•OpenAI — AI-reply generation. Receives conversation context (without persistent identity linkage) to produce replies. OpenAI does not use API data to train models per their API policy.
•Fansly (via browser extension and official API) — integration by explicit user action only. We send requests using your Fansly session token to sync content and send messages on your behalf.
•DigitalOcean — cloud hosting. Encrypted volumes, firewall-isolated network.
•The Many-Fans Connect Chrome extension exists for one purpose: to securely capture Fansly session tokens at the moment you click "Connect Fansly" and transmit them to many-fans.com over HTTPS.
•Data collected: Fansly Authorization header, Fansly-Session-Id, Fansly-Client-Id, Fansly account ID.
•Collection trigger: only when you click "Connect Fansly" on many-fans.com and log into Fansly. The extension is dormant otherwise; it does not track browsing history, page content, or tab activity.
•Where data goes: only to many-fans.com servers over TLS. Never sold, never shared with advertisers, never forwarded to third parties.
•Local storage: the extension stores only the connection status (success/failure). Auth tokens are not persisted in the extension after transmission.
•Permissions used: webRequest (capture Fansly auth headers at connection moment), storage (save connection status), alarms (keep worker alive during the 30–120-second connection flow), fansly.com host access (intercept tokens and verify account).
•Account data: retained while your account is active. On account deletion, most data is removed within 30 days; backups may retain copies up to 90 days.
•Billing records: retained for 7 years where required by tax and accounting law.
•Conversation metadata: retained for the lifetime of the account to power fan memory; you can request deletion of specific fan records via support.
•Logs: server and access logs are retained for up to 90 days for security and debugging purposes.
•All traffic to the Service uses HTTPS with HSTS and modern TLS ciphers.
•Passwords are hashed with bcrypt; third-party tokens (Fansly, OpenAI) are encrypted at rest with AES-256.
•Role-based access control limits data visibility within multi-account agency workspaces.
•JWT session tokens are httpOnly, SameSite=Lax, and expire on inactivity.
•We run automated backups, access reviews, and incident response playbooks. No system is perfectly secure; we will notify affected users of confirmed breaches without undue delay.
Our servers are located in the European Union (DigitalOcean EU regions). Some sub-processors (OpenAI, Brevo) may process data in the United States and other jurisdictions. Where applicable, transfers rely on Standard Contractual Clauses or equivalent safeguards.
•Under GDPR, UK GDPR, CCPA, and comparable laws you may have the right to: access your personal data, correct inaccuracies, delete data ("right to be forgotten"), restrict or object to processing, data portability, and to withdraw consent.
•California residents additionally have the right to opt out of the "sale" or "sharing" of personal information; we do not sell or share personal information for cross-context behavioral advertising.
•To exercise your rights, email support@many-fans.com from the address on file. We verify identity before honoring requests.
•We use strictly necessary cookies for authentication (httpOnly JWT), a "lang" preference cookie for language selection, and a small set of UI cookies (theme, cookie-consent state).
•We do not use third-party analytics, advertising, or cross-site tracking cookies at this time.
•You can disable cookies in your browser; note that doing so may prevent you from signing in.
The Service is strictly for adults age 18 and over. We do not knowingly collect personal data from anyone under 18. If we learn a user is under 18, we will delete the account and associated data.
We may update this Privacy Policy from time to time. Material changes will be announced via email to registered users and a notice on the Service. Continued use of the Service after a change indicates acceptance of the updated policy.
Questions, requests, or complaints? Email support@many-fans.com. We aim to respond within 5 business days.
Contact: support@many-fans.com