Privacy Policy

Last updated: March 1, 2026

1. Overview

OhMyFans.org ("OhMyFans," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, how we store it, and your rights regarding your personal information. By using the Platform, you consent to the practices described in this policy.

2. What Data We Collect

We collect the minimum data necessary to operate the Platform:

  • Account Information: Username, email address (optional for subscribers), and hashed password.
  • Profile Information: Display name, bio, avatar image, cover image, and location (all optional and user-provided).
  • Face Descriptor Data: If you use our face-based authentication, we store an encrypted mathematical representation (face descriptor) of your facial features. This is not a photo -- it is a numerical vector that cannot be reverse-engineered into an image.
  • Creator Verification Data: For creators publishing content, we collect legal name, date of birth, ID type, ID number, expiration date, a photo of the ID, and a selfie for verification purposes. This data is required by 18 U.S.C. 2257.
  • Wallet Addresses: Your Coinbase wallet address for receiving payouts, and a platform-generated deposit wallet address for receiving subscriber funds.
  • Transaction Records: Records of all on-platform transactions including subscriptions, tips, content purchases, and message unlocks.
  • Usage Data: IP addresses, request timestamps, and basic access logs for security and rate-limiting purposes.

3. What We Do NOT Collect

We are intentionally designed to minimize data collection. We do NOT collect:

  • Social Security Numbers (SSN) -- We never ask for or store your SSN.
  • Bank Account Information -- We do not collect bank account numbers, routing numbers, or any traditional banking credentials.
  • Credit Card Numbers -- All payments are processed through Coinbase in USDC. We never see or store credit card data.
  • Government Tax IDs -- We do not collect EINs, ITINs, or any other tax identification numbers.
  • Real Names of Subscribers -- Subscriber accounts do not require real names.

4. Face Descriptor Data

If you opt into face-based login or verification, the following applies:

  • Your face descriptor is a mathematical vector (an array of numbers) generated client-side in your browser. We do not process facial images on our servers.
  • The descriptor is stored encrypted in our database and is associated with your user account.
  • Face descriptors are never shared with third parties.
  • Face descriptors cannot be reverse-engineered to recreate your likeness.
  • You can delete your face descriptor at any time from your account settings.

5. Creator Verification Records

Federal law (18 U.S.C. 2257) requires platforms hosting sexually explicit content to maintain age verification records for all content producers. As a result:

  • Creator verification records (legal name, date of birth, ID copy, selfie) are stored securely on encrypted storage (Cloudflare R2).
  • These records must be retained for a minimum of 7 years after the content is last publicly available, as required by federal law.
  • Verification records cannot be deleted upon account deletion due to legal requirements. They will be retained for the legally mandated period and then destroyed.
  • Access to verification records is restricted to authorized personnel and law enforcement upon valid legal process.

6. Blockchain Transactions

OhMyFans uses the Solana blockchain for USDC payments. Blockchain transactions are inherently public -- anyone can view transaction amounts, sender and receiver wallet addresses, and timestamps on a blockchain explorer. OhMyFans does not control the public nature of blockchain data. Your wallet address is not publicly linked to your username or identity on the Platform, but the transactions themselves are recorded on a public ledger.

7. Cookies and Local Storage

We use minimal cookies:

  • Authentication Cookie (token): A secure, HTTP-only JWT cookie used to maintain your logged-in session. This cookie expires after 7 days.
  • We do not use tracking cookies, advertising cookies, or analytics cookies.
  • We do not use third-party cookie-based tracking services like Google Analytics or Facebook Pixel.

8. Third-Party Services

We use the following third-party services:

  • Coinbase Commerce / Coinbase Onramp: For processing USDC payments and fiat-to-crypto conversions. When you purchase USDC through our platform, you interact with Coinbase's systems, which are subject to Coinbase's Privacy Policy.
  • Cloudflare R2: For secure storage of uploaded media files and creator verification documents. Files are encrypted at rest.
  • Solana Blockchain: For processing USDC transfers. Transaction data on the blockchain is public and immutable.

We do not sell, rent, or share your personal data with any third parties for marketing or advertising purposes.

9. Data Deletion

You may request full account deletion at any time. Upon deletion:

  • Your profile, uploaded content, messages, and transaction history will be permanently deleted from our systems.
  • Your face descriptor data will be deleted.
  • Your referral relationships will be removed.
  • Exception -- 2257 Records: Creator verification records (legal name, date of birth, ID copy) will be retained for the legally mandated 7-year period per 18 U.S.C. 2257, even after account deletion. These records are stored separately from your platform data.
  • Exception -- Blockchain Data: Transactions that have already been recorded on the Solana blockchain cannot be deleted, as they exist on a public, immutable ledger.

10. Data Security

We implement industry-standard security measures including encrypted data storage, secure HTTPS connections, hashed passwords (bcrypt), HTTP-only authentication cookies, rate limiting, and access controls. However, no system is 100% secure. We cannot guarantee the absolute security of your data, and you use the Platform at your own risk.

11. Children's Privacy

OhMyFans is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we discover that a user is under 18, their account will be immediately terminated and all associated data will be deleted.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or in-app notification. The "Last updated" date at the top of this policy indicates when it was last revised. Continued use of the Platform after changes constitutes acceptance of the updated policy.

13. Contact Information

For questions about this Privacy Policy or to exercise your data rights, please contact us at privacy@ohmyfans.org.