Privacy and Cookie Policy (the "Policy")

Last updated: August 19, 2025
Section 1. General Terms

This acceptable use policy sets out the content standards that apply when you upload content to our Website and/or the Platform, make contact with other Users on our Website, link to our Website, or interact with our Website and/or the Platform in any other way.

We are Culturika s.r.o., Czech company located at Nárožní 2787 / 7a, Stodůlky, 158 00 Prague 5, Czech Republic, registered on July 19, 2018 under the number 07297408.

1) By using our Website and/or the Platform you accept these terms of the Policy

By using our Website and/or the Platform, you confirm that you accept the terms of this Policy and that you agree to comply with them.

If you do not agree to these terms of this Policy, you must not use our Website and/or the Platform.

We recommend that you print a copy of these terms of the Policy for future reference.

2) We may make changes to the terms of this Policy

We amend these terms of the Policy from time to time. Every time you wish to use our Website and/or the Platform, please check these terms of the Policy to ensure you understand the terms of this Policy that apply at that time.

3) Which country's laws apply to any disputes?

If you are an individual, please note that the terms of this Policy, its subject matter and its formation are governed by Czech law. You and we both agree that the courts of Czech Republic will have exclusive jurisdiction.

If you are a business (for any reason), the terms of this Policy, its subject matter and its formation (and any non-contractual disputes or claims) are governed by Czech law. We both agree to the exclusive jurisdiction of the courts of Czech Republic.

4) Definitions

The definitions in this Policy that are not directly defined in the text of this document, shall be treated with Section 1 "Definitions" of One2Fan Terms of Service at https://one2fan.com/terms.


Section 2. Privacy Policy

We respect your privacy and are committed to protecting your Personal Data. This Privacy Policy will inform you as to how we look after your Personal Data when you visit our Website (regardless of where you visit it from), interact on the Platform and tell you about your privacy rights and how the law protects you.

This Website is not intended for children and we do not knowingly collect data relating to children. You shall be at least eighteen (18) years of age and in the event that the laws of your jurisdiction require you to be of a certain minimum age greater than eighteen (18) years.

It is important that you read this Privacy Policy together with any other privacy policies or any other policies we may promulgate on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements other notices and privacy policies and is not intended to override them.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the Czech supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

You should review this Privacy Policy carefully as it contains information about the treatment of your Personal Data and your rights under the Data Protection Law, that means any applicable law from time to time relating to the processing of personal data and/or privacy, including Czech Act No. 110/2019 Coll., act of 12 March 2019 on personal data processing as amended from time to time and the General Data Protection Regulation (EU) 2016/679 (GDPR).


1) Personal Data

Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).

2) Usage Data

Usage Data is data collected automatically either generated by the browsing our Website or from our service infrastructure itself (for example, the duration of a page visit).

3) Data Controller

Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. For the purpose of this Privacy Policy, we are the Data Controller of your Personal Data.

4) Data Processors (or Service Providers)

Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various service providers in order to process your data more effectively.

5) Data Subject (or User)

Data Subject is any living individual who is using our service and is the subject of Personal Data.

6) Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Services to you.

7) Information We Collect

We collect several types of information to provide and improve our services:

2.1 Account Registration Data

When you create an account, we collect:
  • Public name/Username (display name for your profile)
  • Email address (for account verification and communication)
  • Age (to verify you meet our minimum age requirement of 18+).
We use a simple self-declaration system where users confirm their age through a checkbox during registration, stating they are 18 years or older. We do not request, collect, or store any identity documents for age verification purposes, relying instead on users’ responsibility to provide accurate age information during account creation. Users acknowledge that providing false age information violates our Terms of Service, and accounts may be suspended or terminated if we discover through any means that users are under 18 years of age.
  • Password (encrypted and stored securely)

2.2 Profile Information

  • To enhance your experience and help you connect with others, we collect:
  • About me (personal description/bio you provide)
  • Interests and preferences (selected from categories including but not limited to):
  • Arts & Entertainment: Museums & Art, Music & Concerts, Movies, etc.
  • Lifestyle: Shopping, Fashion, Cooking, etc.
  • Sports & Recreation: Biking, Camping, Diving, Hockey, etc.
  • Hobbies & Activities: Games, Hobbies & Crafts, Reading books, etc.
  • Travel & Outdoor: Travelling, Nature, Sailing, etc.
  • Social & Wellness: Dancing, Party & Night Clubs, Meditation & Yoga, etc.
  • Profile photos and media (images and videos you upload)
  • Location information (if you choose to share it)

2.3 Payment and Subscription Data
All purchases and subscriptions are processed exclusively through our third-party payment provider Stripe.
We do not process, store, or access any of the following:
  • Payment method details (e.g., card number, CVV)
  • Billing information (e.g., name, billing address)
  • Payment verification data (e.g., SMS or email confirmation codes)
Stripe handles all payment operations — including processing, verification, and security — in full compliance with international standards such as PCI DSS.
We only receive non-sensitive confirmation from Stripe that a payment or subscription was successfully completed (e.g., subscription status or transaction ID).

2.4 Content and Communication Data
  • Messages and communications (direct messages, comments, posts)
  • Content uploads (photos, videos, and other media you share)
  • Interaction data (likes, follows, subscriptions, tips, and other platform interactions)
  • Creator content and earnings (for content creators on our platform)
  • Fan interactions (subscriptions to creators, content preferences)

2.5 Technical and Usage Data
  • Device information (device type, operating system, browser type)
  • IP address and general location data
  • Usage patterns (pages visited, time spent, features used)
  • Log data (access times, error logs, performance data)
  • Session information (login/logout times, session duration)
  • Cookies and tracking technologies (detailed information available in our Cookie Policy)


8) How We Use Your Information

We use your personal data for the following purposes:

3.1 Service Provision
  • Creating and managing your account
  • Facilitating content creation and sharing
  • Enabling communication between users (fans and creators)
  • Providing customer support

3.2 Platform Functionality
  • Personalizing your experience based on interests and preferences
  • Recommending content and creators that match your interests
  • Facilitating connections between users with similar interests
  • Enabling fan-creator subscription and interaction features
  • Customizing your feed and content recommendations

3.3 Safety and Security
  • Verifying user identity and age (18+ requirement)
  • Preventing fraud and unauthorized access
  • Monitoring for prohibited content and behavior
  • Enforcing our Terms of Service
  • Protecting user safety and platform integrity
  • Securing payment transactions

3.4 Communication
  • Sending important account notifications
  • Providing customer support responses
  • Sharing platform updates and new features
  • Payment confirmations and receipts
  • Marketing communications (with your consent)

3.5 Analytics and Improvement
  • Analyzing platform usage and performance
  • Improving our services and user experience
  • Developing new features and services
  • Conducting research and analytics on user behavior and preferences

Note: Some analytics data is collected through cookies and similar technologies. For detailed information about our use of cookies, please see our Cookie Policy.

9) Legal Basis for Processing Personal Data under the GDPR

If you are from the European Economic Area (EEA), the Company has legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

We may process your Personal Data because:

  • We need to perform a contract with you;
  • You have given us permission to do so;
  • The processing is in our legitimate interests and it is not overridden by your rights;
  • To comply with the law

10) Data Retention

Data Retention Principles

We retain your personal data for the minimum period necessary to:
  • Provide our services to you
  • Comply with mandatory legal obligations
  • Resolve disputes and enforce agreements (limited to active legal proceedings)
  • Fulfill legitimate business purposes (with clear justification and time limits)

User Control: You may request early deletion of most data categories at any time, subject only to mandatory legal retention requirements.

Specific Retention Periods

Account and Profile Data
  • Active account: Retained while account is active
  • After closure: 2 years maximum
  • Age declaration: Retained with account data (user’s self‑declaration of being 18+)
  • Early deletion: Available immediately upon request via user dashboard
  • Legal basis: Contract performance and legitimate interests

Content Data
  • Active content: Retained while published or until user requests deletion
  • Deleted content: Permanently removed within 30 days of deletion request
  • User-generated content: Deleted with account closure or upon user request
  • Content analytics: Anonymized after 6 months, deleted after 2 years
  • Early deletion: Available immediately

Communication Data
  • Customer support: 1 year maximum (reduced from 2 years)
  • Direct messages: Deleted with account closure or upon user request
  • Platform notifications: 90 days maximum
  • Early deletion: Available anytime via settings or support request

Technical and Usage Data
  • Session logs: 30 days maximum
  • Security logs: 1 year maximum (reduced from 2 years)
  • Analytics Anonymized after 6 months, aggregated data retained for 2 years
  • IP addresses: 90 days maximum unless required for active security investigation
  • Early deletion: Available for non-anonymized data

Additional Categories

  • Content Moderation Data:
  • Violation reports: 2 years maximum for platform safety
  • Appeal decisions: 1 year maximum
  • Safety investigations: 3 years maximum (serious violations only)

Deletion Process

Self-Service Deletion:
  • Most data categories available for immediate deletion via user dashboard
  • Automated deletion confirmation within 24 hours
  • Complete removal within 30 days maximum

Mandatory Retention Exceptions:
  • Active legal proceedings: Data relevant to ongoing disputes temporarily retained
  • Regulatory investigations: Limited retention for compliance purposes only
  • Safety investigations: Data related to serious violations (fraud, abuse) temporarily retained

Your Deletion Rights

Immediate Deletion Available:
  • Account and profile information (including age declaration)
  • Content uploads and messages
  • Communication history
  • Most technical data and logs
  • Usage analytics (non-anonymized)

Delayed Deletion (Legal Requirements):
  • Active dispute documentation (until resolution)
  • Safety investigation data (until completion)
  • Regulatory compliance data (per specific legal requirements)

Request Process
1. Self-service: Use “Data Deletion” in account settings
2. Support request: Email support@one2fan.com with “Delete My Data”
3. Verification: Identity confirmation for security
4. Completion: Written confirmation within 30 days


11) Data Sharing and Disclosure

11.1 Public Information
Some information is publicly visible by design:
  • Your public profile information (public name, bio, selected interests)
  • Content you choose to make public
  • Your public interactions (likes, comments on public content)
11.2 Service Providers
We share data with trusted third-party service providers who help us operate our platform:

11.2.1 Payment Processors
We rely entirely on third-party payment service providers to handle all payment-related operations. These providers include:
  • Stripe Inc. (USA) – for payment processing and subscription management
  • Link by Stripe (USA) – for secure customer authentication and payment verification
Transfer Safeguards:
Data transfers to the USA are safeguarded by the EU–US Data Privacy Framework and Standard Contractual Clauses in accordance with GDPR.
Note:
We do not collect, store, or process any payment card details, billing addresses, or payment verification data. All such information is handled directly and exclusively by the above‑listed providers.

11.2.2 Infrastructure and Technology Services
  • Cloud storage providers – for secure data hosting and backup
  • Analytics services – for platform optimization and user experience improvement
  • Customer support tools – for providing user assistance
  • Security services – for fraud prevention and platform safety
  • Communication services – for email and SMS delivery

11.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new entity, subject to the same privacy protections.

11.4 Legal Requirements
We may disclose your information when required by law, court order, or to:
  • Comply with legal obligations
  • Protect our rights and property
  • Ensure user safety and prevent harm
  • Prevent illegal activities or fraud
  • Respond to lawful requests from public authorities

12) Marketing

We strive to provide you with choices regarding certain Personal Data uses, particularly around marketing and advertising.

13) Promotional offers from us

We may use your identity, contact details and information we hold about you to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving that marketing.

14) Change of purpose

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

15) Security of Data

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

16) Your Data Protection Rights under the GDPR

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. The Company. aims to take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Data.

If you wish to be informed about what Personal Data we hold about you and if you want it to be removed from our systems, please contact us on support@one2fan.com.

Under certain circumstances, you have rights under data protection laws in relation to your Personal Data.

  • The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your Account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
  • The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
  • The right to object. You have the right to object to our processing of your Personal Data.
  • The right of restriction. You have the right to request that we restrict the processing of your personal information.
  • The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
  • The right to withdraw consent. You also have the right to withdraw your consent at any time where the Company relied on your consent to process your personal information.
Please note that we may ask you to verify your identity before responding to such requests. You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

17) No fee usually required

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

18) What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

19) Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

20) Links to Other Websites

Our Services may contain links to other websites that are not operated by us. If you click a third-party link, you will be directed to that third-party's website. We strongly advise you to review the privacy policy of every website you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party websites or services.

21) Data Protection Officer

The Company may appoint an expert on data privacy who works independently to ensure that the Company is adhering to the policies and procedures set forth in the Data Protection Law (data protection officer). The data protection officer assists the Company in monitoring internal compliance, informs and advises on data protection obligations, provides advice regarding data protection impact assessments and acts as a point of contact for data subjects and supervisory authorities.

The information about the appointment of the data protection officer will be provided by the Company by inserting the appropriate details of such officer into this Policy.

22) Automated Decision-Making and Profiling

We use automated systems to personalize your experience on our Platform, including:

22.1 Content Recommendations
  • Purpose: To show you relevant content, creators, and posts based on your interests and activity
  • Data Used: Your selected interests, interaction history, viewing patterns, and profile information
  • Process: Automated algorithms analyze your behavior to suggest personalized content

22.2 Interest-Based Suggestions
  • Purpose: To recommend creators, content categories, and platform features that may interest you
  • Data Used: Your declared interests, browsing history, and engagement patterns
  • Process: Machine learning systems match your preferences with similar users and content

22.3 User Matching and Discovery
  • Purpose: To help users discover others with similar interests and preferences
  • Data Used: Interest selections, location (if provided), and activity patterns
  • Process: Automated systems suggest potential connections based on compatibility

22.4 Your Rights Regarding Profiling
Under GDPR Article 22, you have the right to:
  • Object to profiling that significantly affects you
  • Request human intervention in automated decision-making processes
  • Express your point of view regarding automated decisions
  • Challenge automated decisions that have legal or significant effects

Important: Our profiling activities are designed to enhance your user experience and do not result in decisions that have legal or similarly significant effects on you.
To exercise these rights or opt-out of profiling, contact us at:
📧 support@one2fan.com


Section 3. Cookie Policy

Our Website uses cookies to distinguish you from other Users of our Website. This helps us to provide you with a good experience when you browse our Website and also allows us to improve our Website and the Platform.

EU legislation requires all website operators to inform website visitors about their usage of cookies and similar technologies, e.g. pixels, (hereinafter "cookies") and to collect the user's consent to such cookie usage.

1) Cookie Consent

If you visit our Website for the first time, you will see our Cookie Banner and, when you click on Cookies Settings, you can execute choice and control over the cookies we drop on your device.

2) What are cookies?

Cookies are small text files which are sent to your device (computer, laptop, smartphone, tablet) by the website you visit. Cookies are stored on your device in your browser's file directory. Your browser sends these cookies back to the website each time you revisit it so it can recognize your device and improve your user experience on each subsequent visit. Cookies allow us e.g. to tailor a website to better match your interests or to store your password so that you do not need to re-enter it every time.

Please note that certain functions of our Website may no longer work or work not correctly without cookies.

3) Categories of cookies

Depending on their function and their intended purpose, cookies can be assigned to the following categories: strictly necessary cookies, performance cookies, functional cookies and targeting cookies.

i) Strictly necessary cookies

Strictly necessary cookies are required to navigate our Websites and operate basic Website functions. Examples for strictly necessary cookies are login cookies, shopping cart cookies or cookies to remember your cookie settings. Without these cookies certain basic functionalities cannot be offered. Strictly necessary cookies are always active and will be placed without your consent.

To the extent that information processed in connection with strictly necessary cookies should qualify as personal data, the legal ground for that processing is the Company's legitimate interest to operate its Website (Art. 6 (1) lit. (f) GDPR).

(ii) Performance cookies

Performance cookies – aka analytics cookies - collect information on your usage of our Website. They identify e.g. your internet browser, operating system, visited websites, duration and number of website visits, previously visited website, most commonly visited websites and errors you experienced. The information collected is aggregated and anonymous. It does not allow a personal identification. It only serves the purpose of evaluating and enhancing the user experience of our websites.

To the extent that information processed in connection with performance cookies should qualify as personal data, the legal ground for that processing is your consent (Art. 6 (1) lit. (a) GDPR).

(iii) Functional cookies

Functional cookies enable a Website to store information and options you have already previously entered (e.g. username, language settings, layout settings, contact preferences or your location) in order to offer you improved personalized functions. They are also used to enable requested functions, like playing videos.

To the extent that information processed in connection with functional cookies should qualify as personal data, the legal ground for that processing is your consent (Art. 6 (1) lit. (a) GDPR).

(iv) Targeting cookies

Targeting cookies – aka cookies for marketing purposes - are used to offer more relevant and interest-specific content to you, to limit the display frequency of ads and to measure the efficiency of an advertising campaign. They register if you have visited a promoted website or not, and which content you used. Such information may be shared with third parties, e.g. advertisers.

It also includes so named social media cookies. These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other websites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

Legal basis for the processing of personal data in connection with targeting cookies (if any) is your consent (Art. 6 (1) lit. (a) GDPR).

4) Cookies we use on our Website

We may use all cookies defined in clause 3) this Section 3 above.

5) How you can disable cookies

The effect of disabling cookies depends on which cookies you disable but, in general, the Website may not operate properly if all cookies are switched off.

If you want to disable cookies on our Website, you need to change your Website browser settings to reject cookies. How you can do this will depend on the browser you use.


Contact us for any queries:

Culturika s.r.o.

Nárožní 2787 / 7a, Stodůlky, 158 00 Prague 5, Czech Republic

EMAIL

support@one2fan.com