← Back

Privacy Policy

Effective Date: February 28, 2026

1. Introduction

FanStats.io ("we", "our", "us") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our website and services. We comply with the European General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our services, you agree to the practices described in this policy.

2. Data We Collect

We only collect personal data necessary to provide our service:

  • Email address and Google OAuth ID
  • CSV files containing OnlyFans statistics — fan identifiers are SHA256 hashed, originals never stored
  • Payment provider information (e.g. Lemon Squeezy) — no credit card details stored
  • IP address, browser type, device info (for security and analytics)

3. How We Use Your Data

  • Provide our services (CSV parsing, analytics dashboard)
  • Authenticate users and manage accounts
  • Enable paid subscriptions and billing
  • Improve website performance and user experience
  • Comply with legal obligations

We never sell or share personal data with third parties except for service providers necessary to operate the service.

4. Data Storage and Retention

  • All data is stored securely on servers in Germany, operated by Hetzner Online GmbH
  • CSV files are deleted immediately after parsing
  • Earnings data is retained up to 36 months
  • User account info is stored until you request deletion

5. Your Rights (GDPR)

  • Access the data we hold about you
  • Correct inaccurate information
  • Request deletion or export of your data
  • Object to processing or request restrictions

To exercise your rights, contact us at contact@fanstats.io

6. Security

  • All user data is stored securely in PostgreSQL with strict row-level access
  • HTTPS is enforced on all connections
  • Rate-limiting and firewall rules are applied to protect against abuse

7. Third-Party Services

  • Google OAuth – for authentication
  • Lemon Squeezy – for subscription payments (they process payment info, we do not store it)
  • Email provider – for Magic Link emails

We ensure these services comply with GDPR and only use your data as necessary.

8. International Users

This Privacy Policy applies to all users, including those outside the EU. All data is physically stored in Germany, but some services (like payment processing) may involve servers outside the EU.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Users will be notified of major changes via email or website notice.

10. Contact

Obergerbacherhof 5, 67808 Ruppertsecken, Germany

contact@fanstats.io