Privacy Policy

Last updated: March 10, 2026

This Privacy Policy describes how Fanflet, LLC ("Fanflet," "we," "us," or "our") collects, uses, shares, and protects personal information when you use the Fanflet platform, website, and related services (the "Services"). It applies to all users of the Services, including Speakers, Sponsors, Audience Members, and Subscribers (as defined in our Terms of Service).

By using the Services, you acknowledge that you have read and understood this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

Account Information (Speakers and Sponsors):

  • Name, email address, and password
  • Profile information (bio, photo, slug, social links)
  • Organization or company name (if applicable)
  • Billing and payment information (processed by our payment provider; Fanflet does not store full credit card numbers)

Speaker Content:

  • Resource links, file uploads, text blocks, fanflet titles, descriptions, event details, themes, and survey questions

Sponsor Content:

  • Sponsored resource links, descriptions, logos, and promotional materials

Subscriber Information:

  • Email address (provided through fanflet subscribe forms)
  • Survey responses (if the Speaker includes a survey on their fanflet)
  • Name (if optionally provided)

SMS Bookmark Requests:

  • Phone number (used once to deliver the bookmark text message, then immediately hashed; we do not store plaintext phone numbers)

Communications:

  • Support requests, feedback, and any other communications you send to us

1.2 Information Collected Automatically

Usage Data:

When you access the Services, including visiting a public fanflet page, we automatically collect:

  • Page views and resource click events
  • QR scan events
  • Email subscription events
  • SMS bookmark request events
  • Referral source (how you arrived at the page)
  • Device type, operating system, and browser type
  • General geographic location (country and region level, derived from IP address)
  • Timestamps of interactions

Technical Data:

  • IP address (used for rate limiting and security; not stored long-term in association with user identity)
  • Server logs (retained for security and debugging purposes)

Cookies and Similar Technologies:

  • Fanflet uses essential cookies for authentication and session management
  • We use analytics cookies to understand how the Services are used
  • See Section 7 (Cookies) for details and your choices

1.3 Information from Third Parties

  • Authentication providers: If you sign in using a third-party provider (e.g., Google), we receive your name and email address from that provider
  • Payment processor: We receive transaction confirmation and billing status from our payment processor

---

2. How We Use Your Information

2.1 To Operate the Services

We use your information to:

  • Create and manage your account
  • Host, display, and deliver fanflet content to Audience Members
  • Process subscriber sign-ups and deliver confirmation emails
  • Send SMS bookmark messages when requested
  • Generate QR codes linked to your fanflets
  • Provide analytics dashboards to Speakers and Sponsors
  • Process payments and manage subscriptions
  • Provide customer support

2.2 To Improve and Develop the Services

We use Usage Data to:

  • Understand how the Services are used and identify areas for improvement
  • Develop new features and products
  • Monitor and improve platform performance, reliability, and security
  • Generate Aggregate Data for benchmarking and product analytics (see Section 2.4)

2.3 To Communicate with You

We use your contact information to:

  • Send transactional emails (account verification, password resets, subscription confirmations)
  • Notify you of material changes to our Terms or this Privacy Policy
  • Send service-related announcements
  • Respond to your support requests

We will only send you marketing communications about Fanflet if you have opted in to receive them. You can opt out at any time using the unsubscribe link in any marketing email.

2.4 Aggregate Data and Analytics

We use de-identified, aggregated Usage Data to:

  • Generate platform benchmarks (e.g., average engagement rates by industry or resource type)
  • Power non-generative machine learning features (e.g., resource recommendations, engagement scoring)
  • Produce anonymized industry research and reports
  • Provide Sponsors with platform-wide engagement benchmarks (without identifying individual Speakers, Subscribers, or Audience Members)

Aggregate Data cannot reasonably be used to identify any individual. We apply a minimum group size of five (5) accounts before reporting any aggregate metric. See our Terms of Service, Section 8, for details.

2.5 For Safety and Security

We use technical data and Usage Data to:

  • Detect and prevent fraud, abuse, and security threats
  • Enforce rate limits to protect the platform
  • Investigate potential violations of our Terms of Service
  • Comply with legal obligations

---

3. How We Use Your Data for AI

Fanflet uses AI to improve features like recommendations and analytics. Here is what that means for your data:

  • Speaker Content (resources, files, text, configurations) is never used to train AI models — by us or anyone else.
  • Subscriber Data (email addresses, survey responses, engagement data) is never used for AI training.
  • Sponsor Content is never used for AI training without a separate written agreement.
  • Fanflet uses de-identified, aggregated usage patterns (like "which resource types get more clicks across the platform") to improve features through non-generative machine learning. No individual account is identifiable in this analysis.
  • When Fanflet uses third-party AI services, those providers are contractually prohibited from using Fanflet customer data for their own model training.
  • If we change this approach, we will update this policy and notify you before it takes effect.

For full details, see our Terms of Service, Section 7.

---

4. How We Share Your Information

4.1 With Your Audience

When you publish a fanflet, the following information is publicly visible to anyone with the link or QR code:

  • Your Speaker profile (name, photo, bio)
  • Your fanflet content (title, event name, resource blocks)
  • Sponsor Content on your fanflet (if Sponsor Connections are active)

4.2 With Speakers (for Subscriber Data)

When an Audience Member subscribes to a fanflet, the Speaker receives the Subscriber's email address and any survey responses. Speakers are data controllers for this information and are responsible for their own use of it.

4.3 With Sponsors (Limited)

Sponsors receive aggregate engagement metrics for their own Sponsor Content (total clicks, conversion rates). Sponsors do not receive:

  • Individual Subscriber email addresses or names
  • Individual Audience Member browsing behavior
  • Speaker analytics beyond their own Sponsor Content performance

4.4 With Service Providers

We share information with trusted service providers who help us operate the Services, including:

ProviderPurposeData Shared
Supabase (supabase.com)Database hosting, authentication, file storageAccount credentials, speaker profiles, fanflet content, subscriber emails, analytics events, uploaded files
Vercel (vercel.com)Application hosting, CDN, edge networkServer logs, request metadata, performance metrics
Vercel Analytics (vercel.com)Client-side performance monitoringPage view counts, web vitals, performance data (no PII)
Twilio (twilio.com)SMS message delivery (SMS Bookmark feature)Phone number (one-time use for message delivery; not retained by Fanflet)
Resend (resend.com)Transactional email deliveryRecipient email address, email subject and body content
Inngest (inngest.com)Background job processing and event orchestrationEvent metadata for sponsor resource workflows (no PII)
Stripe (stripe.com)Payment processing and subscription billing (planned)Payment information, billing address, transaction details

All service providers are bound by data processing agreements that restrict their use of your data to providing services to Fanflet.

4.5 For Legal Reasons

We may disclose your information if required by law, legal process, or government request, or if we believe disclosure is necessary to:

  • Comply with applicable law, regulation, or legal process
  • Protect the rights, property, or safety of Fanflet, our users, or the public
  • Detect, prevent, or address fraud, security, or technical issues
  • Enforce our Terms of Service

4.6 Business Transfers

If Fanflet is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

4.7 What We Do Not Do

  • We do not sell personal information to third parties (as defined under CCPA/CPRA)
  • We do not share personal information for cross-context behavioral advertising
  • We do not provide Subscriber email lists to Sponsors or any third party
  • We do not use personal information for AI model training (see Section 3)

---

5. Data Retention

Data TypeRetention PeriodNotes
Account informationDuration of account + 30 days30-day export window after account deletion
Speaker ContentDuration of account + 30 daysAvailable for export for 30 days post-deletion
Subscriber DataDuration of Speaker account + 30 daysDeleted when the collecting Speaker's account is deleted
Usage Data (identifiable)90 daysIP addresses and device-level identifiers
Usage Data (de-identified)IndefiniteAggregate analytics retained as Aggregate Data
SMS phone hashes90 daysUsed only for rate limiting; no plaintext phone storage
Billing records7 yearsAs required by tax law
Security and fraud logs1 yearFor security investigation purposes
Backup systemsRolling 90-day purgeEncrypted backups purged on a rolling cycle

---

6. Your Rights and Choices

6.1 All Users

  • Access your data: Log in to your dashboard to view your information, or contact privacy@fanflet.com for a data export
  • Update your information: Edit your profile and settings through your dashboard
  • Delete your account: Delete your account through dashboard settings or by contacting support@fanflet.com
  • Opt out of marketing emails: Use the unsubscribe link in any marketing email
  • Manage cookies: See Section 7

6.2 California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act and California Privacy Rights Act, California residents have the right to:

  • Know what personal information we collect, use, and disclose
  • Delete personal information we hold about you
  • Opt out of sale/sharing of personal information (Fanflet does not sell or share personal information for advertising)
  • Non-discrimination — we will not discriminate against you for exercising your rights
  • Correct inaccurate personal information

To exercise these rights, contact privacy@fanflet.com or use the controls in your account settings.

6.3 EU/EEA/UK Residents

Fanflet acknowledges the rights granted under the General Data Protection Regulation. While Fanflet is a US-based service that does not currently maintain full GDPR compliance infrastructure (such as an EU representative, Data Processing Agreement, or EU data residency), we will honor reasonable data subject requests from EU/EEA/UK residents, including:

  • Access — Request a copy of your personal data
  • Rectification — Request correction of inaccurate data
  • Erasure — Request deletion of your data
  • Data Portability — Receive your data in a structured format

To exercise these rights, contact privacy@fanflet.com. We aim to respond within 30 days.

---

7. Cookies and Tracking Technologies

7.1 What We Use

Cookie/TechnologyTypePurposeDuration
Session cookieEssentialAuthentication and session managementSession
CSRF tokenEssentialSecurity (cross-site request forgery protection)Session
PreferencesFunctionalRemember your settings (theme, timezone)1 year
Cookie consentFunctionalRemember your cookie preference1 year
Analytics eventsPerformanceServer-side event tracking for usage analyticsN/A (server-side)
Google Tag ManagerAnalyticsSite traffic analysis and marketing optimization (loaded only with consent for users outside the US and Canada)Varies

7.2 Third-Party Analytics Cookies

Fanflet uses Google Tag Manager (GTM) to analyze traffic on our marketing pages and understand how visitors interact with the site. GTM may set third-party cookies from Google Analytics and related services.

For users in the United States and Canada, GTM loads automatically. US and Canadian law does not currently require opt-in consent for analytics cookies.

For users outside the United States and Canada, GTM is blocked until you provide consent through our cookie banner. You may accept or decline analytics cookies when prompted. If you decline, GTM will not load and no third-party analytics cookies will be set. Our server-side analytics and Vercel Analytics (which are cookie-free) continue to operate regardless of your choice.

7.3 What We Do Not Use

  • We do not use third-party advertising cookies
  • We do not use cross-site tracking pixels for behavioral advertising
  • We do not participate in ad networks or retargeting programs

7.4 Your Choices

Essential cookies are required for the Services to function. If you previously accepted or declined analytics cookies, you can clear the cookie_consent cookie from your browser to reset your preference and see the consent banner again on your next visit.

---

8. Security

We implement industry-standard security measures to protect your information, including:

  • Encryption in transit (TLS/HTTPS for all connections)
  • Encryption at rest (database encryption)
  • Row-level security (RLS) policies ensuring data isolation between accounts
  • Hashing of sensitive data (phone numbers are SHA-256 hashed immediately upon receipt)
  • Access controls (role-based access, admin authentication with privilege checks)
  • Regular security reviews of our codebase and infrastructure

No method of transmission or storage is 100% secure. If we become aware of a security breach that affects your personal data, we will notify you and any applicable regulatory authorities as required by law.

---

9. Children's Privacy

The Services are not directed at children under 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will delete it promptly. If you believe a child under 18 has provided us with personal information, please contact privacy@fanflet.com.

---

10. International Data Transfers

Fanflet processes and stores all data in the United States (US East Coast region). If you are located outside the United States, your information will be transferred to and processed in the United States.

Fanflet does not currently offer regional data processing or EU-based data storage. Our subprocessors (listed in Section 4.4) process data in accordance with their own data processing agreements, which may include Standard Contractual Clauses or other transfer mechanisms. However, Fanflet has not independently executed Standard Contractual Clauses for EU data transfers at this time.

Users outside the United States should review this policy and our Terms of Service to determine whether the Services meet their data protection requirements.

---

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will:

  • Provide notice via email to account holders at least 30 days before the changes take effect
  • Post the updated policy with a new "Last Updated" date on our website
  • Where required by law, obtain your consent before the changes take effect

---

12. Contact Us

If you have questions about this Privacy Policy, your data, or your rights, please contact us:

Privacy inquiries: privacy@fanflet.com

General support: support@fanflet.com

Website: fanflet.com

For GDPR-specific inquiries, please include "GDPR Request" in the subject line.

---

This Privacy Policy was last updated on March 10, 2026.

Questions about this policy? Contact us or email support@fanflet.com.