Agency Connect

Privacy Policy

Last updated: 1 May 2026.

This Privacy Policy explains how Agency Connect ("Agency Connect", "we", "us", "our") collects, uses, and protects personal data when you use the Agency Connect service (the "Service"). Agency Connect is an independent third-party application distributed through the Fanvue App Store; we are not Fanvue and Fanvue does not operate this Service.

1. Who we are

Agency Connect is the controller of the personal data described in this policy. You can contact us at support@agency-connect.xyz for any privacy-related question or general support. For anything that concerns the underlying Fanvue platform itself, please contact Fanvue directly.

2. The data we collect

We collect the following categories of personal data when you use the Service:

  • Fanvue account data. When you sign in with Fanvue, we receive your Fanvue user identifier, handle, display name, profile image, and email address.
  • Creator metrics. If you onboard as a creator, we read aggregated earnings, subscriber counts, tip totals, and chat activity from the Fanvue Insights API. These figures refresh automatically and are displayed only to agencies you apply to, subject to the privacy controls in your Settings.
  • Agency metrics. If you onboard as an agency, we read your managed-creator list, aggregate revenue, and aggregate creator count from the Fanvue Agency API. These figures power your public profile, subject to the privacy controls in your Settings.
  • Application data. The agencies you apply to, any note you include with your application, and the resulting state of each application (pending, accepted, declined, expired, withdrawn).
  • Contact details. The contact method and value a creator chooses to share with a matched agency. These values are encrypted at rest using AES-256-GCM and only revealed to the matched agency after both sides accept.
  • Reviews. Star rating and optional comment a creator leaves about an agency they have matched with, plus metadata about edits, reports, and moderation outcomes.
  • Operational data. Audit events for sensitive actions (suspensions, contact reveals, profile edits, admin actions), rate-limit counters, error logs, and similar telemetry.

3. How we use your data

  • To run the matching flow (apply, accept, contact reveal).
  • To populate creator and agency profiles with verified data drawn from Fanvue's APIs.
  • To send transactional notifications about your applications, matches, and reviews.
  • To keep the Service safe — rate limiting, abuse detection, moderation of reported content.
  • To meet our legal and regulatory obligations and to defend against legal claims.

4. Lawful bases

We rely on the following lawful bases under the UK and EU GDPR:

  • Contract — to provide the Service you signed up for, including running the matching flow and refreshing the metrics shown on your profile.
  • Legitimate interests — to keep the platform safe (rate limiting, abuse detection, moderation) and to improve the Service.
  • Consent — for transactional emails (you can opt out at any time in Settings) and for any non-essential tracking we may add in future.
  • Legal obligation — where the law requires us to retain or share data.

5. Sharing your data

We share data with the following recipients:

  • Fanvue.The Service runs as an App Store integration and reads your account, insights, and agency data from Fanvue's APIs.
  • Agencies you apply to. Agencies see the metrics and contact details you have chosen to make visible. You control this via the privacy toggles in Settings.
  • Creators you manage.If you operate as an agency, your managed creators' aggregated metrics power your public profile.
  • Sub-processors. Vercel (hosting), Neon (database), Resend (email delivery), Upstash (rate-limit storage). Each is bound by a data processing agreement and processes data only on our instructions.
  • Authorities. Where required by law, court order, or to defend our legal rights.

6. International transfers

Some of our sub-processors operate outside the UK or EEA. Where that is the case we rely on Standard Contractual Clauses (SCCs) and equivalent safeguards to ensure your data receives an adequate level of protection.

7. Retention

We keep application records, audit events, and reviews for as long as your account is active and for a reasonable period afterwards to maintain a complete audit trail. Encrypted contact details are deleted when the underlying application or account is deleted. You can request deletion of your account and associated personal data by emailing support@agency-connect.xyz — we respond to deletion requests within 30 days unless we have a legal obligation to retain the data for longer.

8. Security

We protect your data with measures including TLS in transit, AES-256-GCM encryption at rest for sensitive contact information, encrypted refresh tokens, role-based access controls inside the Service, audit logging of consequential actions, and continuous monitoring of unusual activity.

9. Your rights

Under UK and EU GDPR you have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate data;
  • request deletion of your data (the "right to be forgotten");
  • request restriction of processing or object to processing;
  • request data portability in a machine-readable format;
  • withdraw consent at any time, where processing is based on consent;
  • lodge a complaint with the UK Information Commissioner's Office (ICO) or your local supervisory authority.

To exercise any of these rights, email support@agency-connect.xyz.

10. Cookies

We use a small number of strictly necessary cookies to keep you signed in, remember your role choice, and protect against cross-site request forgery. We do not currently use advertising or third-party tracking cookies on the Service.

11. Email preferences

Transactional emails (application accepted, match confirmed, review request) can be turned off at any time on the Settings page or by clicking the unsubscribe link in any email. You will always receive emails strictly necessary for the operation of the Service, such as password or account-security notices.

12. Children

The Service is not intended for anyone under the age of 18. We do not knowingly collect personal data from minors.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the new effective date at the top of the page and, where the change is material, notify you by email or in-app notification before it takes effect.

14. Contact

For privacy questions, data subject requests, or to reach our Data Protection Officer, email support@agency-connect.xyz.