Privacy Policy
Last updated: June 2025
This policy explains what data Fanvue Live collects, how it is used, and your rights under the UK/EU General Data Protection Regulation (GDPR).
1. Data We Collect
We collect only the data needed to operate the service. When you connect your Fanvue account we receive and store:
| Data | Source | Purpose |
|---|---|---|
| Fanvue user UUID | Fanvue OAuth | Identify your session and check gate access |
| @handle | Fanvue OAuth | Display in the UI |
| Role (creator / fan) | Fanvue OAuth | Determine which features you can access |
| OAuth access & refresh tokens | Fanvue OAuth | Make authenticated Fanvue API calls on your behalf |
| Subscriber UUIDs (creators only) | Fanvue API at stream start | Gate viewer access to your stream |
We do not collect names, email addresses, payment details, or device identifiers.
2. How We Use Your Data
- Authenticate you for the duration of your session
- Control access to gated livestreams
- Display stream and viewer information in the app
- Send optional stream notifications to your Fanvue subscribers (creators only, opt-in)
We do not sell, rent, or share your personal data with any third party for marketing.
3. Third Parties
LiveKit — We use LiveKit to power real-time video. LiveKit receives short-lived signed room tokens that do not contain personally identifiable information. LiveKit's privacy policy applies to data processed on their infrastructure.
Fanvue — Your Fanvue account data is governed by Fanvue's own Privacy Policy. We access the Fanvue API only with the OAuth scopes you explicitly granted.
4. Data Retention
| Data | Retention |
|---|---|
| Session (tokens, UUID, handle) | 8 hours from login, then automatically deleted |
| Subscriber snapshot | Deleted when creator ends the stream; auto-expires after 48 hours |
| Gate miss cache | 90 seconds |
5. Security
Session data is stored server-side and never exposed to the browser beyond an opaque session ID cookie (HttpOnly). API secrets are stored as environment variables and never included in client-side code. All connections use HTTPS/TLS.
To report a security vulnerability, contact fanvuelivesupport@gmail.com.
6. Your GDPR Rights
Under GDPR you have the right to:
- Access — request a copy of the data we hold about you
- Correction — ask us to correct inaccurate data
- Deletion — request erasure of your data
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interest
7. Delete Your Data
You can delete all data we hold about you immediately from your dashboard. This will remove your session, OAuth tokens, and (for creators) your subscriber snapshot from our servers and sign you out.
Go to dashboard → Delete my dataYou can also email a deletion request to fanvuelivesupport@gmail.com.
8. Contact & Complaints
For any privacy questions contact fanvuelivesupport@gmail.com.You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.