Privacy Policy

Last updated: 2026-05-21

⚠️ Placeholder copy. This template describes what the application actually does, but it has not been reviewed by a privacy lawyer. Replace with legally reviewed text before public launch. See frontend/pages/privacy.js.

Who we are

47Creative ("we", "us") operates this private OnlyFans management CRM. We collect and process data on behalf of the agency that runs the account — agencies are the data controller for fan + creator data; we are the data processor.

What we collect

How we use it

Strictly to deliver the CRM features the agency configures — syncing messages, surfacing fans, computing earnings, coordinating staff shifts. We do not sell data. We do not use it to train models. We do not share it with advertisers.

Where it lives

All data lives in the agency's isolated database scope. Backups are encrypted in transit and at rest. The encryption key is held by the operator, not the cloud provider.

How long we keep it

Active data is retained while the agency subscription is active. After cancellation, we retain it for 30 days in a recoverable state, then purge. Audit logs are retained for 90 days by default (configurable per agency).

Your rights

If you are an end-user (creator or fan) whose data has been imported by an agency, your data-subject rights (access, erasure, portability) are exercised through the agency — they are the controller. Mission Control administrators can fulfil deletion requests; see docs/runbook.md.

Cookies + storage

We use localStorage to hold your session token while you're logged in. No third-party cookies. No advertising or analytics trackers.

Contact

Privacy questions: privacy@47creative.example (replace before launch).