Privacy Policy

This Privacy Policy explains how DiscreetFan.com (“DiscreetFan”, “we”, “us”) collects, uses, discloses, and protects personal data when you visit, create an account, upload content, purchase access, or otherwise use our services (the “Services”). By using the Services you agree to this Policy.

1) Regulatory Basis and Roles

Jurisdiction. We operate under the Philippine Data Privacy Act of 2012 (Republic Act 10173), its IRR, NPC circulars, the E-Commerce Act, the Cybercrime Prevention Act, and other applicable laws.
Roles. We act as Personal Information Controller for Fans, visitors, and most Creator account data. We act as Personal Information Processor for certain Creator-submitted model releases or KYC files processed on a Creator’s behalf. Where we determine purposes or means jointly with a Creator, we may be joint controllers.

2) What We Collect

2.1 Account and Profile Data. Name, display name, username, email, mobile number, country, payout details (e.g., GCash number or bank account name and number), preferences, support tickets.
2.2 KYC / Verification Data (Creators). Government ID images, selfies or liveness checks, age, date of birth, signature meta, audit trail (IP, device, timestamp).
2.3 Transaction Data. Purchase history, subscription status, PPV purchases, tips, invoices, payout records, chargeback and refund data, gateway tokens or references (e.g., PayPal/BPI/GCash reference numbers). We do not store full card numbers.
2.4 Content and Metadata. Posts, messages, file names, thumbnails, captions, tags, stream titles, and technical metadata generated by transcoding and delivery.
2.5 Device and Usage Data. IP address, user-agent, device type, operating system, language, referrer, pages viewed, session duration, approximate location by IP, crash logs, and security signals (e.g., failed logins, token mismatches).
2.6 Cookies and Similar Tech. See §9.
2.7 Reports and Moderation Records. Reports you file or receive, policy violation history, takedown notices, appeals, and outcomes.
2.8 Communications. Emails, notices, in-app alerts, push tokens, and marketing preferences.

Special / Sensitive Data. We minimize collection of sensitive personal information. Creator KYC may include data printed on IDs. We do not intentionally process data about minors and we prohibit any content depicting minors.

3) Legal Bases for Processing

• Contract – to create accounts, deliver purchased content, process payouts.

• Legitimate Interests – to secure the platform, prevent fraud or piracy, improve the service, and protect users and IP.

• Consent – for optional features such as marketing emails, certain analytics cookies, and Creator publicity materials.

• Legal Obligation – tax, bookkeeping, law-enforcement requests, sanctions screening, and compliance with NPC directives.

4) How We Use Personal Data

4.1 Provide the Services. Authentication, profiles, content hosting and streaming, orders, tips, subscriptions, payouts.
4.2 Safety and Compliance. KYC, age verification, fraud checks, piracy detection, abuse prevention, geo-controls, and enforcement of our policies and local laws.
4.3 Support. Respond to tickets and requests.
4.4 Analytics and Product Improvement. Site performance, feature usage, errors, and A/B testing with privacy safeguards.
4.5 Marketing (optional). Email updates and promotions when you opt in; you can unsubscribe anytime.
4.6 Legal. Handling disputes, chargebacks, audits, and lawful requests.

5) Sharing and Disclosure

We share personal data only as needed for the purposes above:

• Payment and Payout Providers. e.g., PayPal, banks, card processors, GCash; we share references needed to process transactions and payouts.

• Cloud/Infrastructure & Anti-Piracy Vendors. Content storage and delivery (e.g., S3-compatible storage/CDN, streaming and WebSocket providers), security tools, DDoS protection, watermarking, link-tokenization.

• Verification Providers. ID and liveness checks, sanctions and fraud screening.

• Analytics/Comms. Email delivery, error logging, site analytics (e.g., Google Analytics; see §9).

• Professional Advisors and Authorities. Auditors, legal counsel, courts, and regulators when lawfully required.

We do not sell personal data. We require processors to follow confidentiality, security, and data-processing terms consistent with RA 10173.

6) International Transfers

Your data may be processed on servers or by processors located outside the Philippines, including Singapore, the EU, or the US. We implement contractual safeguards, access controls, encryption in transit and at rest, and vendor due diligence.

7) Data Retention

• Account data: for the life of the account plus up to 3 years after closure for support or legal claims.

• Transactions and payout records: 5–10 years to satisfy accounting and tax obligations.

• KYC and verification: 5 years after last payout or as required by law.

• Logs and security telemetry: 12–24 months.

• Backups and disaster recovery copies: up to 180 days, then purged on a rolling basis.
  We may retain minimal data to enforce bans or respond to legal holds.

8) Your Rights (Philippine Data Privacy Act)

You have the right to be informed, object, access, rectify, erase or block, data portability where applicable, and claim damages for violations. To exercise rights:

• Use the Contact page: https://discreetfan.com/contact or email admin@discreetfan.com.

• We may request identity verification.

• We will respond within 30 calendar days or explain any lawful extension.

You may also file a complaint with the National Privacy Commission (NPC) if you believe your rights have been violated.

9) Cookies, SDKs, and Similar Technologies

We use:

• Strictly Necessary Cookies. Login sessions, CSRF tokens, load balancing, paywall tokens.

• Preference Cookies. Language, layout, playback settings.

• Analytics Cookies. Page views, engagement, funnels (e.g., Google Analytics/gtag).

• Security Cookies. Rate limiting, bot detection.

You can control cookies via your browser. Blocking essential cookies can break site features. To opt out of Google Analytics, you can use the GA opt-out browser add-on or disable analytics cookies if our banner provides that option.

10) Children and Minors

Our Services are 18+ only. We do not knowingly collect data from minors. We remove and report accounts and content that depict or involve minors.

11) User-Generated Content and Messages

Content you upload, post, or stream may be visible to Fans who purchase access. Private messages may be processed for spam and abuse detection. Do not share personal data that you do not want others to view.

12) Security

We implement layered security measures: HTTPS/TLS, encryption at rest for stored files, secret-scoped tokens, least-privilege access, MFA for staff systems, network segmentation, logging and alerting, periodic vulnerability assessments, and vendor reviews. No system is perfect. You should use a strong unique password and enable available security controls.

13) Anti-Piracy and Abuse Controls

We use link tokens, session binding, watermarking, API rate limits, and automated abuse signals to deter scraping or redistribution. We investigate reports and may disable access, issue takedowns, or report unlawful activity.

14) Automated Decision-Making and Profiling

We use limited automated rules to detect risky logins, fraudulent payments, bot activity, or policy violations. You may request manual review of decisions that significantly affect you.

15) Third-Party Links

Our Services may link to third-party sites or payment pages. Their privacy practices are governed by their own policies.

16) Data Breach Notification

If a personal data breach is likely to cause serious harm, we will notify affected users and the NPC as required by law, generally within 72 hours of becoming aware when feasible, including remedial steps and contact details.

17) Changes to this Policy

We may update this Policy to reflect operational, legal, or regulatory changes. The “Last updated” date will change. Material changes will be announced through the site or email. Continued use means you accept the updated Policy.

18) Contact and Data Protection Officer

Data Protection Officer (DPO): DiscreetFan Admin
Email: admin@discreetfan.com
Contact page: https://discreetfan.com/contact

Please include your account email or username and a clear description of your request.