Privacy Policy
This policy explains what personal data Fanogram collects, how we use it, who we share it with, and the rights you have over it. It applies to fanogram.co, the Fanogram dashboard, the in-Telegram Mini App, and any other surface operated by Social Commerce Ltd or Social Commerce EU Ltd (together, “Fanogram”, “we”, “us”).
[PLACEHOLDER — this page is a working draft. The final version will be reviewed by legal counsel before commercial launch. Founders: replace any [PLACEHOLDER] block with the counsel-approved text.]
1. Who we are
Fanogram is operated by:
- Social Commerce Ltd — registered in England & Wales at 71-75 Shelton St, Covent Garden, London WC2H 9JQ, UK.
- Social Commerce EU Ltd — registered in Cyprus at 4th Floor, Agios Nikolaos, Kamares, 6037 Larnaca.
For privacy questions email privacy@fanogram.co.
2. What we collect
From creators
- Account identifiers: email, password (hashed by Clerk), name, handle, country, time zone, vertical, content tier.
- KYC data: identity-document images, selfie verification, proof-of-address (collected by Ondato; we receive verification outcomes, not the raw documents).
- Payout details: bank account, Wise / TON wallet (for settlement).
- Telegram identifiers for the creator's child bot: username, bot id, encrypted bot token, webhook secret.
- External-platform credentials (OF, Fanvue) when the creator opts into our browser-driven adapters. Encrypted at rest with AES-256-GCM; decrypted only by background workers acting on the creator's behalf.
From fans
- Telegram-provided identifiers (chat id, username, display name, avatar).
- Message content sent via the creator's bot, retained for conversation history and AI training (per the creator's AI Voice settings).
- Payment intent metadata (amount, processor, status) — full card / wallet details never reach Fanogram; they flow through Paybl / CentroBill / Stripe / Telegram Stars directly.
3. How we use it
- To run the service the creator signed up for.
- To route fan-creator messaging via Telegram.
- To generate optional AI-assisted reply drafts (only when the creator enables AI Voice / Autopilot).
- To process payments and reconcile settlements with our payment processors.
- To meet legal and compliance obligations (KYC, AML, tax).
- To prevent fraud and abuse.
- To improve the product (aggregate, anonymised analytics; no re-identification).
4. Who we share it with
We share only what is necessary, with vendors bound by data processing agreements:
- Clerk (authentication)
- Neon (Postgres database hosting)
- Vercel (web hosting + edge functions)
- Railway (background workers)
- Upstash (Redis queue)
- Cloudflare R2 (SFW media storage)
- MojoHost (adult media storage, where applicable)
- Ondato (KYC processor)
- Paybl / CentroBill / Stripe / Telegram (payments)
- Anthropic / OpenAI / OpenRouter (AI reply generation)
- PostHog (product analytics)
- Sentry (error monitoring)
We do not sell personal data. We do not share fan messages or creator content with third parties beyond what is required to deliver the service.
5. Retention
[PLACEHOLDER — exact retention windows to be confirmed with counsel. Working assumptions: conversations retained for the active life of the creator account plus 12 months for backup recovery; KYC records retained per local regulation (typically 5-7 years); payment records retained per tax law (typically 6-7 years).]
6. Your rights
Depending on where you live (GDPR / UK GDPR / CCPA / similar) you may have rights to:
- Access the data we hold about you.
- Correct inaccurate data.
- Delete your data (subject to legal-retention obligations).
- Export your data in a portable format.
- Object to or restrict certain processing.
- Withdraw consent where consent is the lawful basis.
Email privacy@fanogram.co to exercise any of these. We will respond within the timeframe required by applicable law (typically 30 days).
7. International transfers
[PLACEHOLDER — we operate primarily in the UK and EU and use Standard Contractual Clauses for any transfers outside the UK/EEA. Counsel to confirm.]
8. Children
Fanogram is not intended for users under 18. We do not knowingly collect data from anyone under 18. Adult-tier features require additional verification per our terms.
9. Changes to this policy
We will update this policy when our practices change. Material changes will be announced via the dashboard and / or email at least 14 days before they take effect.
10. Contact
Email privacy@fanogram.co for any privacy question.