Logo

Privacy Policy

Last updated: 17.05.2026

1. Controller

The controller responsible for data processing within the meaning of the GDPR is:

Stonehill Media GmbH
Harrlachweg 1
68163 Mannheim
Germany

Managing Director: Oliver Schönmehl
Email: support@fanvuecreatorlab.com

2. Scope of this Privacy Policy

This Privacy Policy applies to:

  • our website
  • our web application
  • the connection and management of supported social media, creator-platform, and Fanvue-related account features through third-party integration providers and connected platform interfaces
  • the creation, editing, storage, and management of AI-generated or AI-assisted content, including personas, images, videos, captions, content plans, and related creative assets
  • the upload and processing of reference images or other user-provided materials for AI-assisted generation features

We process personal data in accordance with the General Data Protection Regulation (GDPR).

3. Hosting and Infrastructure

Our application uses infrastructure provided by different hosting providers.

Application server and database hosting:
ALL-INKL.COM - Neue Medien Münnich
Hauptstraße 68
02742 Friedersdorf
Germany

Additional infrastructure services:
Amazon Web Services EMEA SARL
38 Avenue John F. Kennedy
L-1855 Luxembourg

AWS services are used in the EU region (Frankfurt, Germany – eu-central-1), where applicable.

We use infrastructure and related services including:

  • application server and database hosting provided by ALL-INKL.COM
  • AWS CloudFront (Content Delivery Network)
  • additional AWS infrastructure services located in the EU, where applicable

Where service providers process personal data on our behalf, processing is carried out on the basis of a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR.

4. Website Data Collection

When visiting our website, the following technical data may be collected automatically:

  • IP address
  • date and time of access
  • browser type and version
  • operating system
  • referrer URL

Purpose:

  • ensuring system security
  • technical stability
  • preventing misuse

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure operation)

Server logs are stored for a maximum of 30 days unless longer storage is required for security reasons.

5. Data Processed via Third-Party Integrations

Our application uses third-party integration providers, connected social media platform interfaces, creator-platform interfaces, and Fanvue-related platform features to enable account connections, publishing, scheduling, analytics, subscription-related features, and related functionality.

Depending on the connected service and the permissions granted by the user, we may process data such as:

  • account identifiers and usernames
  • profile-related information
  • connected account metadata
  • content and media submitted for publishing or scheduling
  • analytics and insights data
  • subscription, connection, or platform status information, where applicable
  • technical connection and authentication information

We access and process only the data necessary to provide the functionality of our service.

6. Data Processed for AI Content Generation and Reference Uploads

When users use AI-assisted creation features, we may process data such as:

  • prompts, descriptions, selected attributes, creative settings, and content preferences
  • uploaded reference images and related file metadata
  • generated or edited images, videos, captions, personas, content plans, and series drafts
  • generation job data, processing status, errors, and usage history
  • moderation, safety review, or technical quality check results
  • content selected for publishing or scheduling

Reference images may contain personal data if an identifiable person is depicted. Users are responsible for ensuring that they have the necessary rights and consents before uploading such materials.

We do not use uploaded reference images for the purpose of uniquely identifying or authenticating natural persons.

7. Purpose of Processing

Personal data processed in connection with supported platform accounts and AI-assisted features is used exclusively for:

  • displaying account-related information
  • publishing and scheduling content
  • providing analytics and insights features
  • operating and improving account connection and platform-related functions of the service
  • operating Fanvue-related connection, subscription, or creator-platform features, where available
  • creating, editing, and storing AI-assisted content requested by the user
  • analyzing reference images for generation and safety purposes
  • checking uploaded or generated content for misuse, policy violations, and technical quality
  • managing credits, subscriptions, and usage limits
  • preventing abuse, fraud, security incidents, and unlawful use of the service

We do not create independent user profiles beyond the data required to provide our service.

We do not sell or trade personal data.

8. Storage and Retention

We store personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by law.

Content and media submitted for publishing or scheduling may be processed and stored to provide the requested functionality.

Uploaded reference images are stored only for as long as necessary to provide the requested generation, review, or safety feature, unless the user saves the resulting content or persona in their account.

Generated images, videos, personas, captions, content plans, and drafts may be stored in the user account until deleted by the user or until the account is deleted.

Generation job data, moderation results, safety review results, and technical processing records may be stored for up to 24 months for security, debugging, abuse prevention, billing, credit reconciliation, and service improvement purposes, unless earlier deletion is requested and no legal retention obligation applies.

Account-related analytics and insights data may be stored for up to 24 months unless the user deletes their account earlier or requests deletion, unless longer retention is required by law.

If a user deletes their account or requests deletion, associated personal data will be deleted within 30 days unless legal retention obligations apply.

9. Legal Basis for Processing

  • Art. 6(1)(a) GDPR – consent, where applicable
  • Art. 6(1)(b) GDPR – performance of a contract or pre-contractual measures
  • Art. 6(1)(f) GDPR – legitimate interest in providing a secure, functional, and abuse-resistant service

AI-assisted generation features are generally processed on the basis of Art. 6(1)(b) GDPR where processing is necessary to provide the requested service.

Optional reference image uploads may be processed on the basis of Art. 6(1)(a) GDPR where consent is required, or Art. 6(1)(b) GDPR where processing is necessary to provide the requested generation feature.

Security, abuse prevention, moderation, fraud prevention, technical logging, debugging, and credit reconciliation may be based on Art. 6(1)(f) GDPR.

Where processing is based on consent, consent may be revoked at any time with effect for the future.

If, in individual cases, special categories of personal data within the meaning of Art. 9 GDPR are processed, such processing will only take place where a valid legal basis and, where required, explicit consent exists.

10. Data Transfers

Data is processed primarily within the European Union.

Where personal data is processed by third-party integration providers, connected social media platforms, creator platforms, Fanvue-related platform interfaces, AI providers, workflow automation providers, moderation providers, storage providers, payment providers, analytics providers, or infrastructure providers outside the European Union or the European Economic Area, such processing takes place only on the basis of applicable legal safeguards.

To provide AI-assisted features, we may use third-party AI providers such as OpenAI to process prompts, uploaded reference images, generated content, metadata, and technical request data solely for providing the requested generation, safety, and technical processing features.

Such safeguards may include:

  • EU Standard Contractual Clauses
  • an adequacy decision by the European Commission
  • other legally recognized safeguards under applicable data protection law

Where such providers act as processors, processing is carried out under a Data Processing Agreement pursuant to Art. 28 GDPR.

11. Automated Checks

We do not make decisions based solely on automated processing that produce legal effects concerning users or similarly significantly affect them within the meaning of Art. 22 GDPR.

Automated or semi-automated safety checks may be used to reject uploads, generations, or publishing actions that appear to violate our policies, platform rules, applicable law, or third-party rights.

12. Data Deletion Instructions

Users may request deletion in the following ways:

  1. log into their account
  2. navigate to Account Settings
  3. select “Delete Account”

Alternatively, users may send an email to:
support@fanvuecreatorlab.com

Subject: Data Deletion Request

Please include your registered email address and, where applicable, the username of the connected social media, creator-platform, or Fanvue-related account.

Data will be permanently deleted within 30 days unless legal retention obligations apply.

Users may also disconnect connected platform accounts through the respective platform or provider settings, where such options are available.

13. Data Subject Rights

Under the GDPR, users have the right to:

  • access (Art. 15 GDPR)
  • rectification (Art. 16 GDPR)
  • erasure (Art. 17 GDPR)
  • restriction of processing (Art. 18 GDPR)
  • data portability (Art. 20 GDPR)
  • object to processing (Art. 21 GDPR)

Users also have the right to lodge a complaint with the competent data protection supervisory authority, including the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg.

14. Security Measures

  • SSL/TLS encryption
  • access control
  • data minimization
  • encrypted infrastructure, where applicable
  • EU-based hosting, where applicable
  • technical and organizational measures to protect uploaded and generated content

15. Changes to This Policy

We reserve the right to modify this Privacy Policy to comply with legal requirements or reflect technical or organizational changes to our services.