Privacy Policy

1. Overview

📋 Key Information

🎯 Our Commitment

We are committed to:

• Protecting your personal data
• Being transparent about our practices
• Giving you control over your information
• Complying with GDPR and all applicable laws
• Never selling your personal data

📍 Scope

This Privacy Policy applies to:

• All Spinhub websites and applications
• All users (creators, supporters, visitors)
• All personal data we process
• All jurisdictions where we operate

2. Information We Collect

📝 Information You Provide Directly

Account Information

• Full legal name
• Email address
• Username and password
• Date of birth
• Profile information (bio, avatar, cover image)
• Account preferences and settings

Identity Verification Data

• Government-issued ID documents (creators only via Stripe Connect)
• Identity verification results from Stripe
• Proof of address (creators only)
• Additional verification documents (when required)

Creator-Specific Information

• Tax identification numbers (VAT, EIN, etc.)
• Banking and payment account details
• Business registration information
• Payout preferences
• Content and media uploads

Payment Information

• Payment card details (tokenized by Stripe)
• Billing address
• Transaction history
• Subscription details
• Purchase records
• VAT/tax information

Communications

• Messages between users
• Support tickets and inquiries
• Community forum posts
• Comments and feedback
• Survey responses
• Email correspondence

Content You Create

• Posts, images, videos, audio
• Livestream data
• Blog articles
• Comments and interactions
• Metadata associated with content

Content Preference Settings

• NSFW content visibility preference (opt-in status)
• Timestamp of preference enablement
• Warning acknowledgment records
• Content filtering choices
• Audit trail of setting changes

🖥️ Information We Collect Automatically

Usage Information

• Pages visited and features used
• Time spent on platform
• Click patterns and interactions
• Search queries and filters
• Content engagement metrics
• Platform navigation paths

Device and Technical Information

• IP address
• Browser type and version
• Operating system
• Device type and identifiers
• Screen resolution
• Language preferences
• Time zone

Location Information

• Country and region (from IP address)
• Language preferences
• Currency preferences
• Content localization data

Cookies and Similar Technologies

• Session cookies
• Preference cookies
• Analytics cookies
• Marketing cookies (with consent)
• [See our Cookie Policy for details]

🤝 Information From Third Parties

Payment Processors

• Transaction confirmations
• Payment success/failure status
• Fraud prevention scores
• Chargeback notifications

Identity Verification Services

• Age verification results
• Document authentication status
• Identity confidence scores
• Fraud indicators

Social Media Platforms (if connected)

• Basic profile information
• Authentication tokens
• Friend lists (with permission)
• Profile photos

Analytics Providers

• Aggregated usage patterns
• Performance metrics
• Error reports
• Conversion data

3. How We Use Your Information

✅ To Provide Our Services

Account Management

• Create and maintain your account
• Authenticate your identity
• Enable platform features
• Manage your preferences
• Provide customer support

Content and Connections

• Display your content to authorized users
• Connect creators with supporters
• Enable messaging and communications
• Facilitate community interactions
• Recommend relevant content

Payment Processing

• Process transactions securely
• Calculate and collect fees
• Handle payouts to creators
• Manage subscriptions
• Prevent fraud
• Generate invoices and receipts

🛡️ For Safety and Security

Platform Protection

• Verify user age (21+ requirement - declaration for supporters, full verification for creators)
• Detect and prevent fraud
• Identify suspicious activities
• Enforce our Terms and Guidelines
• Protect against cyberattacks
• Maintain platform integrity

User Safety

• Investigate reports of violations
• Remove harmful content
• Prevent CSAM and illegal content
• Protect vulnerable users
• Coordinate with law enforcement (when required)
• Implement safety features

Content Access Control

• Enforce age-appropriate content access
• Maintain NSFW content visibility preferences
• Track consent for adult content viewing
• Implement periodic re-confirmation
• Ensure minors cannot access adult content
• Maintain compliance audit trails

⚖️ For Legal Compliance

Regulatory Requirements

• Comply with DAC7 tax reporting
• Meet anti-money laundering obligations
• Respond to legal requests
• Preserve evidence for investigations
• Comply with court orders
• Meet data protection requirements

Tax Obligations

• Calculate and collect VAT
• Generate tax documents
• Report earnings to authorities
• Maintain financial records
• Support creator tax compliance

📊 For Improvement and Analytics

Service Enhancement

• Understand how users interact with Spinhub
• Identify popular features and content
• Improve platform performance
• Develop new features
• Fix bugs and issues
• Optimize user experience

Business Intelligence

• Analyze platform trends
• Measure feature adoption
• Understand user demographics
• Track business metrics
• Inform product decisions

📢 For Communications

Service Communications

• Send account notifications
• Deliver security alerts
• Provide transaction confirmations
• Share platform updates
• Communicate policy changes

Marketing (with consent)

• Share creator recommendations
• Announce new features
• Send promotional offers
• Provide platform tips
• Share success stories

4. Legal Basis for Processing

Under GDPR, we process your data based on:

📄 Contract Performance

We process data necessary to:

• Provide our platform services
• Process payments and payouts
• Enforce our Terms of Service
• Deliver creator content to supporters
• Enable platform features

Data types: Account information, payment data, content, usage data

⚖️ Legal Obligations

We must process data to:

• Verify user age (21+ requirement)
• Report taxes under DAC7
• Comply with anti-money laundering laws
• Respond to lawful requests
• Preserve records as required

Data types: Identity documents, tax information, financial records

💼 Legitimate Interests

We have legitimate interests in:

• Keeping our platform safe and secure
• Preventing fraud and abuse
• Improving our services
• Understanding our business
• Direct marketing to existing users

Data types: Usage data, device information, analytics

We balance these interests against your rights and freedoms.

✅ Consent

We obtain your consent for:

• Marketing communications
• Non-essential cookies
• Sharing data with third parties
• Processing sensitive data
• Using your content in promotions

Data types: Contact preferences, optional profile information

You can withdraw consent at any time.

🛡️ Vital Interests

In rare cases, we may process data to:

• Protect someone's life
• Prevent serious harm
• Assist in emergencies

Data types: As necessary for the situation

🏛️ Public Interest

We may process data for tasks in the public interest:

• Preventing CSAM
• Combating terrorism
• Assisting law enforcement
• Protecting public health

Data types: As required by authorities

5. How We Share Your Information

👥 With Other Users

Public Information

• Username and profile information
• Public content you post
• Creator statistics (subscriber count)
• Public comments and interactions

Limited Sharing

• Content shared with subscribers only
• Private messages (only with recipient)
• Creator-only analytics
• Supporter lists (only to creator)

🤝 With Service Providers

We share limited data with essential service providers:

Payment Processing

• Stripe - Payment processing (payment details only)
• Required for transaction processing
• PCI compliant and secure
• No other financial data sharing

Infrastructure

• Cloud hosting - Amazon Web Services (Ireland)
• Content delivery - Cloudflare
• Email services - SendGrid
• Analytics - Self-hosted Matomo

All providers are:
• Contractually bound to protect data
• Limited to necessary data only
• Prohibited from using data for own purposes
• GDPR compliant

🏛️ With Legal Authorities

We may share data when required by law:

Law Enforcement

• Valid legal requests only
• Minimize data shared
• Notify users when permitted
• Challenge overbroad requests

Regulatory Bodies

• Tax authorities (DAC7 reporting)
• Data protection authorities
• Financial regulators
• Consumer protection agencies

Legal Proceedings

• Court orders
• Subpoenas
• Discovery requests
• Litigation defense

🔄 Business Transfers

If Spinhub is involved in:

• Merger or acquisition
• Asset sale
• Bankruptcy
• Corporate restructuring

Your data may be transferred to the new entity, with continued privacy protection.

✅ With Your Consent

We share data when you explicitly agree:

• Third-party integrations you enable
• Promotional features you opt into
• Research you participate in
• Referrals you make

🚫 We Never

• Sell your personal data
• Share data for others' marketing
• Allow unauthorized access
• Use data beyond stated purposes

6. Data Retention

⏱️ Retention Periods

We keep your data only as long as necessary:

🗂️ Retention Principles

• Minimization - Keep only what's necessary
• Purpose limitation - Delete when no longer needed
• Legal compliance - Meet regulatory requirements
• User control - Honor deletion requests
• Security - Protect retained data

🗑️ Deletion Process

When data is deleted:

1. Removed from active systems immediately
2. Marked for deletion in backups
3. Purged from backups within 30 days
4. Destruction verified and logged
5. Irreversible process

7. Your Privacy Rights

🔑 Your GDPR Rights

As an EU data subject, you have the right to:

🎯 How to Exercise Your Rights

Self-Service Options

• Download your data: Account Settings → Privacy → Export Data (JSON format)
• Update information: Edit Profile
• Delete account: Account Settings → Delete Account
• Cookie preferences: GDPR Management section
• Marketing preferences: Email footer links

Contact Us

• Email: [email protected]
• Form: spinhub.com/privacy-request
• Mail: [Privacy Team Address]

Required Information

• Your account email
• Specific right you're exercising
• Details of your request
• Identity verification may be required

Response Timeline

• Acknowledgment: 48 hours
• Response: Within 30 days
• Complex requests: Up to 60 additional days with notice
• Free of charge (except repeated requests)

🌍 Rights for Non-EU Users

California (CCPA)

• Right to know
• Right to delete
• Right to opt-out
• Right to non-discrimination

Other Jurisdictions

• We respect local privacy laws
• Provide similar rights where applicable
• Contact us for specific information

8. Data Security

🔒 Security Measures

We protect your data through:

Technical Safeguards

• End-to-end encryption for sensitive data
• TLS 1.3 for all connections
• Encrypted storage at rest
• Secure key management
• Regular security updates

Access Controls

• Role-based permissions
• Multi-factor authentication
• Regular access reviews
• Principle of least privilege
• Audit logging

Infrastructure Security

• ISO 27001 certified data centers
• 24/7 monitoring
• DDoS protection
• Regular penetration testing
• Incident response team

Organizational Measures

• Employee security training
• Background checks
• Confidentiality agreements
• Security policies and procedures
• Regular security audits

🚨 Incident Response

If a data breach occurs:

1. Immediate containment
2. Impact assessment
3. Notification within 72 hours (to authorities)
4. User notification if high risk
5. Remediation and prevention
6. Full documentation

🤝 Your Security Role

Help protect your account:

• Use strong, unique passwords
• Enable two-factor authentication
• Don't share login credentials
• Report suspicious activity
• Keep your email secure

9. International Data Transfers

🌐 Transfer Mechanisms

Your data may be transferred outside the EU. We ensure protection through:

Standard Contractual Clauses (SCCs)

• EU-approved contracts
• Binding data protection obligations
• Enforceable rights
• Regular reviews and updates

Adequacy Decisions

• UK (post-Brexit)
• Switzerland
• Other approved countries

Additional Safeguards

• Encryption in transit
• Access controls
• Contractual protections
• Regular audits

📍 Data Locations

Primary Storage

• EU (Ireland) - Main data center
• EU (Germany) - Backup location

Processing Locations

• Payment processing - EU/US (Stripe)
• Email delivery - US (SendGrid)
• Analytics - EU (Self-hosted)
• Support tools - EU

✅ Your Rights

For international transfers:

• Request information about transfers
• Obtain copies of safeguards
• Object to specific transfers
• Lodge complaints with supervisory authority

10. Cookies and Tracking

🍪 Cookie Usage

We use cookies to:

• Keep you logged in
• Remember your preferences
• Understand platform usage
• Improve performance
• Provide relevant content

Cookie Types

• Essential - Required for platform function
• Functional - Enhance experience
• Analytics - Understand usage
• Marketing - Show relevant ads (with consent)

⚙️ Cookie Control

Manage Cookies

• Cookie banner on first visit
• Cookie settings in footer
• Account preferences
• Browser settings

Learn More

See our [Cookie Policy] for detailed information

🚫 Do Not Track

We respect Do Not Track signals for non-essential cookies.

11. Children's Privacy

👶 No Users Under 21

Spinhub is strictly for users 21 and older:

• We don't knowingly collect data from anyone under 21
• Age verification required for all users
• Immediate deletion if underage user discovered
• No content targeted at minors

🛡️ Protection Measures

• Automated age verification
• Manual review for suspicious accounts
• Content moderation for minor safety
• Reporting mechanisms
• Cooperation with child safety organizations

📢 Reporting

If you believe someone under 21 is using Spinhub:

• Email: [email protected]
• Use in-platform reporting
• We investigate within 24 hours

12. Third-Party Services

🔗 External Links

Spinhub may contain links to third-party websites:

• We're not responsible for their privacy practices
• Read their privacy policies
• Links don't imply endorsement
• Exit warnings for external sites

🤝 Integrated Services

Payment Processing

• Stripe - [Privacy Policy](https://stripe.com/privacy)
• Bound by their terms
• PCI DSS compliant
• Data shared only for transactions

Identity Verification

• Jumio - [Privacy Policy](https://jumio.com/privacy)
• Only verification results retained
• Data deleted after verification
• EU-US Privacy Shield

📱 Social Media

If you connect social accounts:

• Limited data access
• Revocable permissions
• Used only for authentication
• No automatic posting

13. Marketing Communications

📧 Types of Marketing

With your consent, we may send:

• Platform updates and features
• Creator recommendations
• Promotional offers
• Tips and best practices
• Community highlights
• Survey invitations

🎯 Marketing Preferences

Opt-In

• Explicit consent required
• Clear description of communications
• Frequency indicated
• Easy consent process

Opt-Out

• Unsubscribe link in every email
• Account settings control
• Email: [email protected]
• Immediate processing

📊 Marketing Data

• We track email opens and clicks
• Used to improve relevance
• Never sold to third parties
• Deleted when you unsubscribe

14. Changes to This Policy

📅 Update Process

We may update this Privacy Policy:

• Regular reviews (at least annually)
• Legal requirement changes
• New features or services
• Industry best practices
• User feedback incorporation

📢 Notification

Minor Changes

• Updated policy posted
• Date changed at top
• Changelog maintained

Material Changes

• 30 days advance notice
• Email notification
• Dashboard announcement
• Clear summary of changes
• Option to object

✅ Your Choices

If you disagree with changes:

• Download your data
• Close your account
• Contact us with concerns
• Continued use implies acceptance

15. Contact Information

📧 Privacy Contacts

🏛️ Supervisory Authority

You have the right to lodge a complaint:

🌐 Additional Resources

• Privacy Portal: spinhub.com/privacy
• Transparency Report: spinhub.com/transparency
• Security: [email protected]
• Legal: [email protected]