FANOVIE PRIVACY POLICY

Effective Date: 1 February 2026

This Privacy Policy explains how FANOVIE LIMITED ("Fanovie", "we", "us", "our") collects, uses, shares, stores, and protects personal data in connection with the Fanovie platform (the "Platform").

1. WHO WE ARE

For the purposes of UK GDPR and applicable data protection laws, Fanovie is the data controller of personal data processed through the Platform unless otherwise stated.

2. SCOPE OF THIS POLICY

This Privacy Policy applies to:

• Website visitors
• Registered Fans
• Registered Creators
• Individuals depicted in content
• Persons submitting complaints or appeals

By using the Platform, you acknowledge that your data will be processed in accordance with this Policy.

3. DATA WE COLLECT

4. LEGAL BASIS FOR PROCESSING

We process data under the following lawful bases:

• Performance of contract (account access, payments, subscriptions)
• Legal obligation (age verification, AML compliance, fraud prevention)
• Legitimate interests (platform security, moderation, enforcement)
• Consent (where explicitly required)

5. AGE VERIFICATION PROCESSING

Age verification may involve biometric liveness checks and ID document validation through third-party providers.

Verification is required to:

• Restrict minors from access
• Comply with legal requirements
• Satisfy acquiring bank obligations

Failure to complete age verification may result in denied access.

6. AML & SANCTIONS SCREENING

Creators are subject to sanctions and AML screening to:

• Prevent financial crime
• Comply with acquiring bank rules
• Protect platform integrity

If AML concerns arise, account activation or payouts may be restricted.

7. CONTENT MODERATION DATA

We process data relating to:

• Reported content
• Moderation decisions
• Appeals
• Enforcement actions

This processing is necessary to comply with card scheme rules and legal obligations.

8. COMPLAINTS & TAKEDOWN REQUESTS

When complaints are submitted, we collect:

• Reporter's contact details
• Content URL
• Evidence provided
• Identity verification (if required)

This data is retained for investigation and compliance purposes.

9. HOW WE USE PERSONAL DATA

We use data to:

• Operate the Platform
• Verify age and identity
• Screen for AML risk
• Process payments
• Enforce policies
• Investigate complaints
• Protect against fraud
• Comply with legal and regulatory obligations

10. DATA SHARING

We may share data with:

• Identity verification providers (e.g., Ondato)
• Payment processors (e.g., CCBill)
• Hosting providers
• Fraud prevention partners
• Legal advisers
• Law enforcement (where required)
• Regulatory authorities

We do not sell personal data.

11. INTERNATIONAL TRANSFERS

Data may be transferred outside the UK where necessary.

Where transfers occur, we rely on:

• Adequacy decisions
• Standard contractual clauses
• Appropriate safeguards

12. DATA RETENTION

We retain data only as long as necessary for:

• Legal compliance
• Regulatory audits
• Fraud prevention
• Dispute resolution
• AML obligations

Creator verification and moderation logs may be retained longer where required by law.

13. SECURITY MEASURES

We implement technical and organisational measures including:

• Encrypted transmission (HTTPS)
• Access controls
• Audit logs
• Role-based permissions
• Data minimisation practices

However, no system is completely secure.

14. YOUR RIGHTS

Subject to applicable law, you may request:

• Access to your data
• Correction of inaccurate data
• Erasure (where lawful)
• Restriction of processing
• Objection to processing
• Data portability

Requests may be submitted to compliance@fanovie.com.

We may retain data where required by law.

15. CHARGEBACK & FRAUD DATA

Where a chargeback or fraud investigation occurs, we may:

• Share transaction data with payment processors
• Provide information to acquiring banks
• Retain related evidence

This is necessary to protect against financial abuse.

16. AUTOMATED DECISION-MAKING

Certain risk-based decisions (e.g., fraud detection, AML flags) may involve automated processing. Where legally required, manual review is available.

17. CHILD SAFETY & TRAFFICKING REPORTS

If we receive reports suggesting exploitation or trafficking, we may:

• Retain relevant data
• Suspend accounts
• Report to authorities

Safety overrides account deletion requests where required.

18. ACCOUNT DELETION

If you delete your account:

• Access is revoked
• Content may be removed from public display
• Certain records may be retained for compliance

Deletion does not guarantee immediate removal of data where retention is legally required.

19. COOKIES & TRACKING

We may use cookies and similar technologies for:

• Authentication
• Security
• Performance
• Fraud detection

Cookie controls are available through browser settings.

20. THIRD-PARTY LINKS

We are not responsible for the privacy practices of third-party sites linked from the Platform.

21. CHANGES TO THIS POLICY

We may update this Privacy Policy to reflect changes in law, compliance requirements, or operations. Updates will be published with a revised effective date.