Privacy Policy

Last updated: April 2026

1. Introduction

Fanlock ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and content protection services (the "Service").

2. Information We Collect

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, password, and payment information.
  • Content Protection Data: Social media handles, profile URLs, stage names, and reference images necessary for our scanning technology to identify your content.
  • Scanning Data: Information about potential matches found on third-party sites during our scanning operations.

We also collect information automatically as you use our Service — including device identifiers, device fingerprints (such as browser configuration, installed fonts, screen and hardware characteristics, operating system, and IP address), approximate location, pages viewed, referral source, and advertising-click identifiers. See Section 8 for how we use device fingerprinting for fraud prevention and Section 9 for analytics and advertising cookies.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services.
  • Scan the internet (including search engines, social media, and leak sites) for your content.
  • Generate and send DMCA takedown notices on your behalf to infringing platforms and hosts.
  • Communicate with you about your account, security alerts, and support messages.

4. Authorized Agent Authorization

By using Fanlock, you authorize Fanlock LLC to act as your authorized agent for the purpose of enforcing your intellectual property rights. This means we act on your behalf when filing DMCA takedown notices, communicating with platforms and hosting providers, and pursuing removal of infringing content across the internet.

In connection with this authorized agent role, we may share limited information with third parties as described in the next section. This authorization is governed by our Terms of Service. You may revoke this authorization at any time by closing your account or contacting legal@fanlock.com.

5. Sharing of Information

To perform our services (specifically sending takedown notices), we share the following information with infringing platforms:

  • Stage Name Only: DMCA takedown notices are filed using your stage name (performer name), NOT your real legal name. Your personal identity remains protected.
  • Authorized Agent Details: Fanlock acts as your authorized DMCA agent, and our company information appears on notices rather than your personal details.
  • Legal Compliance: We may disclose information if required by law, subpoena, or legal process.

Important: We never submit your real name, home address, or personal contact information in DMCA notices. All takedowns are filed under your stage name with Fanlock as the authorized representative.

We do NOT sell your personal data to third parties.

6. Account Verification & Ownership Proof

We verify that you own the original works you ask us to enforce. Platforms (Fansly, OnlyFans, Patreon, Reddit, Meta, Telegram, etc.) routinely require ownership proof before honoring a DMCA notice, so we collect it up front:

  • Data Collected: A screenshot from inside your creator dashboard on the source platform — showing you logged in with your handle and the platform branding visible.
  • Purpose: To prove you own or control the source account where your works originally live, so we can produce ownership evidence on demand for DMCA recipients.
  • Storage & Security: Screenshots are stored in a private storage bucket, encrypted at rest using AES-256, and access is strictly limited to our verification team and authorized agency partners managing your account.
  • Retention Period: Screenshots are retained while your account is active so we can provide ownership proof whenever a platform asks. They are deleted upon account closure.
  • Your Rights: You may withdraw a pending verification request at any time, which will delete the submitted screenshots. You may also request deletion of approved screenshots at any time, though doing so may require us to ask for new ones the next time a platform requires proof.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption at rest for sensitive data such as dashboard screenshots. However, no internet transmission is completely secure, and we cannot guarantee absolute security.

8. Fraud Prevention and Security Tracking

To protect the integrity of the Service and enforce our Terms of Service, Fanlock uses device and network signals to detect fraud, prevent abuse, and identify attempts to evade account termination.

  • Device Fingerprinting: We collect and process a device fingerprint derived from browser, hardware, network, and software characteristics (such as user agent, installed fonts, canvas and WebGL signatures, screen resolution, time zone, language, and IP address). This fingerprint is used to identify suspicious sign-up patterns, detect shared accounts, and block users who attempt to create new accounts after termination for breach of our Terms.
  • IP Address and Network Data: We log IP addresses and related network metadata for security, rate limiting, fraud detection, and to comply with legal obligations.
  • Payment Risk Data: Our payment processor (Stripe) may share device, behavioral, and risk-score data with us to detect fraudulent transactions.
  • Retention: Fraud and security signals are retained for up to seven (7) years to defend against legal claims and detect repeat abuse, consistent with our Terms of Service.
  • Legal Basis (EEA, UK, Switzerland): Our use of device fingerprinting and related signals for fraud prevention and security is based on our legitimate interest in protecting the Service, our users, and our business, and on compliance with legal obligations.

Device fingerprinting for fraud prevention is essential to the Service and cannot be disabled while you maintain an account. You may request access to or deletion of personal data we hold about you, subject to the legal exceptions described in Section 7 and our Terms of Service.

9. Analytics, Advertising, and Tracking

We use third-party analytics and advertising services to measure how visitors interact with our Service, understand which marketing channels are effective, and improve our product. These services set cookies and collect information automatically.

Services we use

  • Google Analytics 4 and Google Ads (operated by Google LLC): collects behavioral data including pages viewed, buttons clicked, session duration, device type, approximate (city-level) location, referral source, and unique identifiers. When you arrive at our Service by clicking a Google advertisement, we record the Google click identifier (gclid) in a first-party cookie for up to 90 days so we can attribute conversions. You can opt out using Google’s Analytics Opt-Out Browser Add-on at tools.google.com/dlpage/gaoptout.
  • Meta Pixel (operated by Meta Platforms, Inc.): collects information about pages visited, actions taken on our Service (such as completing signup, finishing onboarding, or making a purchase), and the advertising-click identifier (fbclid) that brought you to our Service. With Automatic Advanced Matching enabled, we also share hashed (SHA-256) versions of your email address, first and last name, phone number, and city/state/postal code with Meta so conversion events can be matched to your Meta account for advertising attribution. We do not share the raw, unhashed values with Meta through this feature. You can manage Meta advertising preferences at facebook.com/ads/preferences.

Cookies

Our Service uses first-party cookies (set by us) and third-party cookies (set by Google and Meta). These include session cookies (cleared when you close your browser) and persistent cookies with expirations of up to two years. Cookies we set for conversion attribution include fl_gclid, fl_fbclid, fl_utm, and fl_landing. Cookies set by Meta include _fbc and _fbp. You can control cookies through your browser settings; blocking advertising cookies will not prevent you from using our Service but may reduce the relevance of ads you see elsewhere.

Legal basis (EEA, UK, and Switzerland)

Where the GDPR or UK GDPR applies, we rely on your consent for non-essential analytics and advertising cookies, and on our legitimate interest for security, fraud prevention, and first-party measurement of our own Service. You may withdraw consent at any time by adjusting your browser cookie settings or emailing legal@fanlock.com.

California residents (CCPA/CPRA)

We do not sell your personal information for money. Our use of Meta Advanced Matching, Meta Pixel, and Google advertising services may qualify as “sharing” personal information for cross-context behavioral advertising under California law. To opt out of this sharing, email legal@fanlock.comwith “Do Not Sell or Share” in the subject line, or disable third-party cookies in your browser.

10. Biometric Information

Fanlock does not collect, create, store, transmit, or otherwise process biometric identifiers or biometric information as defined under the Illinois Biometric Information Privacy Act (740 ILCS 14), the Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code § 503.001), the California Consumer Privacy Act, or similar laws, including:

  • Facial geometry or facial recognition templates
  • Fingerprints or fingerprint scans
  • Iris or retinal scans
  • Voiceprints
  • Hand geometry
  • Any biometric template derived from user-submitted content
  • Any biometric template derived from content detected by our scanners

Fanlock processes images and videos you submit, and images and videos detected by our scanners, using non-biometric methods. This processing includes:

  • Perceptual hashing: generating compact numerical representations of images and videos to enable matching against known copies of the same content on third-party sites.
  • URL and metadata extraction: recording where content appears and basic descriptive information (file type, size, upload date, reported infringement site).
  • Text-based content analysis: scanning captions, file names, account bios, and surrounding text for creator names, aliases, and identifying keywords.

These processing methods do not create, store, or match biometric identifiers such as facial geometry. Fanlock does not perform facial recognition, face matching, or similar biometric processing as part of its current Services.

11. Future Biometric Features

Fanlock may in the future offer optional features that involve biometric processing, such as facial recognition for impersonator detection or face matching for deepfake identification. Such features, if offered, will:

  • Be offered exclusively on an opt-in basis;
  • Require separate, written informed consent through a dedicated Biometric Consent Release before any biometric processing begins;
  • Not be required as a condition of using other Fanlock Services;
  • Identify any third-party biometric processors by name in the Biometric Consent Release; and
  • Comply with applicable biometric privacy laws, including BIPA's written release requirement.

Notice of any new biometric feature will be provided to you at least thirty (30) days before the feature becomes available, and you will have the opportunity to opt in or ignore the notice as you choose.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at: legal@fanlock.com.