Last updated: 7 June 2026
For your account data (e.g. your email), NoctiFlow is the data controller. For data about your fans that we process to run conversations on your behalf, you (the creator/agency) are the controller and NoctiFlow acts as your processor under your instructions.
Account data: your email and a hashed password. Integration data: Fanvue OAuth access/refresh tokens and your persona/configuration. Fan data: Fanvue user IDs, display names, message content, purchase/tip amounts and lifetime value, and AI-generated conversation summaries.
Fan messages may reveal data concerning sexual preferences, which is a special category under GDPR Art. 9. As the controller for this data you are responsible for the lawful basis (e.g. explicit consent obtained on the platform). We process it only to provide the service.
To generate and send replies, price and attribute PPV content, maintain conversation memory, show your dashboard analytics, secure the service and meet legal obligations.
We share the minimum data needed with: OpenAI (fan message text is sent to OpenAI's API to generate replies), our hosting provider [provider/region], and Cloudflare (edge security). We do not sell data or use it for advertising.
Some sub-processors (e.g. OpenAI) are outside the EEA; such transfers rely on Standard Contractual Clauses or equivalent safeguards.
We keep data while your account is active. You can delete a creator's data or your whole account at any time from the dashboard; deletion is carried out promptly.
Under GDPR you have rights of access, rectification, erasure, restriction, portability and objection. Use the in-app deletion tools or contact [email]. You can lodge a complaint with the Polish DPA (UODO).
Access is restricted, traffic is served over HTTPS, and credentials are hashed. Fanvue tokens are stored with restricted access [and encrypted at rest — once implemented].
Delete a creator's data from its settings page, or your entire account from the dashboard. This removes all data we hold (fans, messages, summaries, revenue records, persona and stored tokens). It does not delete anything on Fanvue — to revoke access, also remove the app at fanvue.com → Settings → Third-party apps.
[Legal entity], [address]. Privacy contact / security reports: [email].