Agency Connect
Privacy
Last updated: 2026-04-30. This is a draft skeleton — Fanvue legal will review and replace the // LEGAL TBD blocks before App Store submission.
Who we are
Agency Connect is a Fanvue App Store integration operated by Fanvue Limited. // LEGAL TBD: full registered entity, address, DPO contact.
What we collect
- Fanvue OAuth profile. When you sign in we receive your Fanvue user UUID, handle, display name, avatar, and (where permission is granted) email address.
- Creator metrics.If you onboard as a creator we read earnings and subscriber metrics from Fanvue's Insights API to populate your profile for agencies.
- Application contents. The note you write to an agency, the agencies you select, and the resulting state of each application (pending / accepted / rejected / expired / withdrawn).
- Contact info. The contact method and value you give an agency when you match. Stored encrypted at rest with AES-256-GCM.
Why we collect it
- To run the matching flow (apply, accept, reveal).
- To populate agency-side decision context (creator profile data).
- To send transactional notifications about your applications.
Third parties
- Fanvue.All data originates from Fanvue's OAuth + APIs. Their privacy policy applies upstream.
- Vercel hosts the application.
- Supabase / Postgres stores rows described above.
- Resend sends transactional email when enabled.
- Upstash Redis backs rate-limit counters.
Retention
Application records are retained indefinitely so the audit log remains complete. // LEGAL TBD: deletion request process + SLA.You can request deletion by emailing the support address below.
Encryption
Sensitive fields (creator contact info, encrypted Fanvue refresh tokens) are encrypted at rest using AES-256-GCM with a per-app key derived via scrypt. See src/lib/encryption.ts.
Your rights (UK / EU / EEA)
// LEGAL TBD: GDPR rights summary, right to be forgotten, data portability, supervisory authority pointer.
Contact
For privacy questions reach support@fanvue.com. // LEGAL TBD: dedicated DPO inbox.