Privacy

  • Overview and Purpose

  • Definition of Personal Information

  • Notifying Us of Updates

  • Scope of This Policy (18+ Requirement)

  • Links to External Websites

  • If You Choose Not to Provide Information

  • Revisions and Amendments to This Policy

  • Types and Categories of Personal Information We Collect

  • Verification and Onboarding Procedures

  • How and Why We Use Your Data, and Legal Grounds for Processing

  • How We Obtain Your Information

  • Disclosure and Sharing of Your Information

  • Transfer of Data Across Borders

  • Your Privacy Rights

  • How to Exercise Your Privacy Rights

  • Your Options and Controls Over Your Data

  • How Long We Keep Your Data

  • Additional Privacy Notices for Certain U.S. States

  • Help, Support, and Contact Information

Privacy Policy

By using ALLin Fans, you acknowledge that you have read and understood this Privacy Policy.

Last updated: 1 July 2025

 

1) Introduction

ALLin Fans Ltd ("ALLin Fans", "we", "us", "our") operates a digital entertainment and creator monetisation platform available via our website and apps (collectively, the "Services"). This Privacy Policy ("Policy") explains how we collect, use, disclose, transfer and retain information that identifies or relates to you ("Personal Data") when you use the Services as a Creator, Fan, or Content Collaborator (a person appearing in a Creator’s content). It also covers Personal Data we process in the context of our business relationships (e.g., suppliers, partners, agencies).

We act as a data controller for the Personal Data described in this Policy, meaning we determine the purposes and means of processing. Certain third parties engaged by us act as data processors on our behalf. Some features are provided by independent controllers (e.g., payment providers) who provide their own privacy disclosures; please review those carefully.

If you have questions about this Policy or our handling of Personal Data, see Section 20 (Assistance & Contact Information).

 

2) What is Personal Data?

"Personal Data" means any information about an identified or identifiable natural person. It includes direct identifiers (such as name) and indirect identifiers (such as an online identifier, device ID, or a combination of data points). Data that has been irreversibly anonymised so that it can no longer be used to identify an individual is not Personal Data.

We also create or receive aggregated or deidentified information. We prohibit attempts to reidentify such data unless required or permitted by law.

 

3) Keep your information up to date

It is important that the Personal Data we hold is accurate and current. Please keep your profile and payment details updated in your account settings.

 

4) Who may use the Services (18+)

Our Services are for adults only. You must be 18 years of age or older (or the age of majority where you live) to use the Services. We do not knowingly collect Personal Data from anyone under 18. If you believe a minor uses the Services, contact us immediately.

 

5) Third‑party links

The Services may contain links to websites, plug‑ins and applications operated by third parties. Clicking those links may allow third parties to collect or share data about you. We are not responsible for those sites’ content or privacy practices. Review their policies before you interact with them.

 

6) If you choose not to provide Personal Data

We need certain Personal Data to provide the Services (e.g., age/identity verification, payments). If you do not provide requested information, some functions may be unavailable or we may not be able to provide the Services.

 

7) Changes to this Policy

We may update this Policy from time to time. The updated version will be indicated by an updated "Last updated" date and will be effective as soon as it is accessible. Where required by law or where reasonable, we will notify you of material changes (e.g., via in‑product notice, email, or push notification).

 

8) Categories of Personal Data we collect

We (and our service providers acting on our behalf) collect the following categories of Personal Data. The examples are illustrative and not exhaustive.

CategoryExamples (Creators & Content Collaborators unless stated)User DataLegal name*, alias/stage name, residential address, country of residence*, country & city of birth, date of birth*, email address, telephone number, social handles/website (to verify identity and understand content type), signed release forms* (for collaborators). Fans: email address; telephone number.
Third‑Party Onboarding DataCollected directly by our KYC/age‑verification providers: copy of government ID; selfie or short GIF; results of age/ID check (pass/fail + reason); metadata (timestamps). For Fans in certain regions: age estimation outputs. We do not receive or access biometric templates (see Face Recognition, below).
Account DataProfile/username, password, avatars/headers, subscriptions & subscribers, referrals, posts, comments, DMs/chats, support tickets.
Financial Data(Creators) payout country, bank account/IBAN, payee name, billing address, tax/VAT IDs, company details (if applicable), payouts and statements; (Fans) payment method token, billing address, wallet top‑ups. Full card numbers/CVV are held by payment processors, not by us.
Transaction Data(Creators) earnings, tips, PPV unlocks, livestream gifts, Reels monetisation, Creator Shop sales, payout requests/failed payouts; (Fans) purchases, tips, failed payments.
Technical DataIP address (and derived location/country), device identifiers, user agent, login logs, security events.
Usage DataLog and event data relating to how you interact with the Services (page views, clicks, view counts, session time); cookie/SDK data (see Cookie Notice). We do not conduct cross‑site tracking or sell Personal Data.
Face Verification/Recognition DataOur third‑party providers may use facial comparison/recognition to verify age/identity. Biometric templates and facial vectors are collected and stored by the third‑party provider; ALLin Fans does not collect, receive, or access this data. We typically receive only pass/fail results and metadata.

* Items marked with an asterisk may also be requested from Content Collaborators.

 

9) Our onboarding and safety processes

Creators

Before publishing content or earning, Creators must: (i) provide User and Financial Data; (ii) pass third‑party age/identity checks; (iii) pass account integrity checks (e.g., prior bans, fraud signals). Additional verification may be required for features such as livestreaming or high‑risk categories.

Content Collaborators

Individuals who appear in content must verify they are 18+ via our third‑party flow and, where applicable, provide a signed model release. Creators are responsible for obtaining releases and maintaining records; we may request copies at any time.

Fans

Fans must be 18+. In certain locations or risk scenarios we require additional checks (e.g., age estimation or full age/identity verification via a third‑party provider). We also collect limited Financial Data to process purchases and to prevent fraud.

Third‑party age/ID verification and age estimation

We use specialised vendors to perform age/identity checks and, where permitted, age estimation. These vendors collect your selfie/GIF and ID image to perform a one‑time facial comparison to verify the ID matches your selfie. Where age estimation is used, your selfie/GIF may be analysed to predict age. We do not receive biometric templates—we normally receive only pass/fail results and limited metadata. Vendors may retain certain data as required for audit, fraud prevention and legal obligations. See the vendor’s privacy notice for details.

Periodic re‑authentication

To protect the community, we may ask you to re‑authenticate. If you previously consented to the vendor retaining facial data for re‑authentication, you can withdraw that consent directly with the vendor or via our support links; you may then need to repeat full document checks.

 

10) How and why we use Personal Data (and legal bases)

We use Personal Data only where we have a lawful basis. Depending on your location, these may include consent, performance of a contract, legitimate interests, compliance with legal obligations, and, where applicable, tasks in the public interest. Examples are set out below.

Purpose / ActivityExamplesLawful BasisAccount creation & managementRegistering accounts; profile settings; access controlContract
Age/ID verification & collaborator checksKYC, AML/fraud, periodic re‑auth, collaborator releasesConsent (for vendor facial tech); Contract; Legal Obligation; Legitimate Interests
Providing the ServicesHosting and delivering content (posts, PPV, Reels, livestreams, DMs), processing transactions and payouts, Creator ShopContract
Safety, trust & moderationAutomated and human review of uploads, DMs (text/media), livestreams; detection and removal of illegal or policy‑violating content; notice‑and‑takedownContract; Legal Obligation; Legitimate Interests; Public Interest (where applicable)
Creator protection & IP enforcementHash‑matching, web scanning, DMCA/NTD notices, referral to counsel, cooperation with law enforcementLegitimate Interests; Legal Obligation
Payments & taxProcessing purchases, payouts; invoicing; VAT/DAC7 reportingContract; Legal Obligation
CommunicationsService notices, policy updates, security alerts, transactional messagesContract; Legal Obligation
Referrals & cookiesRecognising Referring Users and Referred Creators (where you consent to non‑essential cookies)Consent
Analytics & service improvementQuality, performance, and reliability; debugging; anti‑fraudLegitimate Interests
Legal & complianceResponding to lawful requests, defending claims, enforcing TermsLegal Obligation; Legitimate Interests
Corporate eventsM&A, financing, reorganisationLegitimate Interests

We will not use your Personal Data for materially different purposes without notifying you and, where required, obtaining your consent.

 

11) How we obtain Personal Data

  • Directly from you: when you register, set up payout or payment methods, upload content, send DMs, contact support, or otherwise interact with the Services.

  • Automatically: through your device and interactions (Technical/Usage Data).

  • From service providers: age/ID vendors, analytics, payments, customer support, fraud prevention, marketing tech (push notifications), and tax automation.

  • From publicly available sources and partners: where lawful and relevant (e.g., to prevent fraud or enforce IP rights).

 

12) How we share Personal Data

We may share Personal Data with:

  • Service providers / processors who provide hosting, security, age/ID checks, push notifications (e.g., OneSignal), analytics (e.g., Google Analytics with IP masking where configured), content moderation, payments, tax automation, and customer support.

  • Professional advisers (law firms, auditors, banks, insurers) under confidentiality obligations.

  • Group companies for centralised operations consistent with this Policy.

  • Payment and payout partners who act as independent controllers for their processing; see their notices for details.

  • Authorities/regulators/NGOs where required or appropriate (e.g., law enforcement, tax authorities, Digital Services Coordinators, NCMEC), including to report illegal content or comply with legal duties (e.g., DAC7, AML).

  • Corporate transactions: with prospective or actual buyers, investors or counterparties in a merger, acquisition, financing or reorganisation (subject to appropriate safeguards).

We do not sell Personal Data or share it for cross‑context behavioural advertising.

 

13) International transfers

Your data may be transferred to and processed in countries other than where you live. Where we transfer Personal Data outside the UK/EEA/Switzerland, we rely on: (i) adequacy decisions; (ii) standard contractual clauses (and UK addenda); and/or (iii) other lawful mechanisms. Details are available on request.

 

14) Your privacy rights

Depending on your location, you may have rights to: access, rectify, erase, restrict, port, and object to certain processing; and to withdraw consent at any time (without affecting lawfulness of prior processing). You also have the right to lodge a complaint with a supervisory authority. We do not engage in solely automated decisions that produce legal or similarly significant effects.

 

15) Exercising your rights

Submit requests via your account or by emailing [email protected]. We may need additional information to verify your identity and to understand your request. If an authorised agent submits a request, we may require proof of authority (e.g., signed authorisation or power of attorney).

 

16) Your choices & controls

  • Profile & settings: Update Personal Data in account settings.

  • Device permissions: Control access to camera, microphone, notifications and other device features in your OS settings.

  • Email and push notifications: Manage notification preferences in your account. Certain essential communications (security, transactional, legal) cannot be opted out of.

  • Cookies/SDKs: Manage non‑essential cookies in our Cookie Notice preferences centre.

 

17) Retention

We retain Personal Data only as long as needed for the purposes described in this Policy, including to provide the Services, for safety and fraud prevention, to comply with legal obligations, and to resolve disputes. Typical periods include: (i) service provision—life of your account plus a reasonable period; (ii) trust & safety—until completion of investigations and any resulting actions; (iii) finance/tax and corporate records—up to 7 years or longer as required; (iv) legal claims—until limitation periods expire (and longer where litigation or investigations are ongoing).

 

18) Additional U.S. State privacy disclosures

Where required by U.S. state laws (e.g., California, Virginia, Colorado, Connecticut, Utah), the following apply:

  • No sale or sharing for targeted advertising: We do not sell Personal Data or share it for cross‑context behavioural advertising.

  • Sensitive data: We may process certain elements deemed "sensitive" (e.g., government IDs, partial payment card details, account credentials). Vendor facial data used for verification is handled by our vendors; we generally receive only results and metadata. We use such data only as necessary to provide and secure the Services, comply with laws, and for other permitted purposes.

  • Deidentified data: We maintain and use deidentified data without attempting to reidentify it except as permitted by law.

  • Appeals: If we deny a privacy request, you may appeal by contacting [email protected]. If denied again, you may contact your state Attorney General.

  • California disclosures: See our table of categories in Section 8; sources in Section 11; purposes in Section 10; sharing in Section 12. We offer an Affiliate & Referral Program; any Personal Data processed for this program is handled under this Policy. We estimate the value of the program based on our cost to administer and operate it.

 

19) Creator Protection & IP Enforcement (important)

We actively protect creators’ rights, safety and reputation. Without limitation:

  • No unauthorised use: Downloading, scraping, reposting, redistributing, transforming, or commercialising creator content without permission is prohibited.

  • No unauthorised memes/derivatives: Turning creator images/videos into memes, GIFs, AI/deepfake, or compilations without written consent is prohibited.

  • Likeness and identity: Using a creator’s face, body, voice, name/handle or other identifiers outside the platform requires consent.

  • Monitoring and takedown: We employ web‑monitoring, hash‑matching and notice‑and‑takedown (e.g., DMCA/NTD). We cooperate with counsel and authorities to pursue offenders where appropriate.

  • Report theft: Use the in‑product Report tool or contact [email protected] for priority review.

 

20) Assistance & contact information

Data Protection Officer (DPO): [email protected]
Privacy contact: [email protected]

Registered office (UK): Kemp House, 152–160 City Road, London EC1V 2NX, United Kingdom
(Note: ALLin Fans Ltd is operating in pre‑launch while formal incorporation is being finalised; details may be updated.)

EU Representative (for GDPR/DSA):
DAPR sp. z o.o.
Zurawia 47, 00‑680 Warsaw, Poland
[email protected]

You may also lodge a complaint with your local data protection authority. In the UK: ICO (ico.org.uk). In the EEA: contact your national supervisory authority. In Switzerland: FDPIC.

 

21) Regional addenda (summary)

  • UK & EEA: We rely on GDPR/UK GDPR bases as described in Section 10. You have the rights set out in Sections 14–15. International transfers rely on adequacy/SCCs/UK addendum.

  • Australia: We comply with the Online Safety framework; serious online abuses may be reported to the eSafety Commissioner.

  • United States: See Section 18.

 

22) Cookie Notice (summary)

We use necessary cookies for core functionality (authentication, security, fraud prevention). With your consent, we use non‑essential cookies/SDKs for: (i) referral attribution; (ii) basic analytics (e.g., page performance). We do not conduct cross‑site tracking or sell Personal Data. For details and choices, see our standalone Cookie Notice and preferences centre.

 

Questions? Contact [email protected].