Privacy Policy

1. Who we are

ChatClusive (the operating name of this service) provides a Chrome extension and dashboard that help creators on platforms such as OnlyFans, Fansly and JustForFans draft and manage replies to their fans. For fan conversation data, ChatClusive acts as a processor on behalf of the creator: the creator decides what the assistant does with their conversations.

2. Data we collect

Account data: your email address, display name and authentication data needed to operate your account.

Creator configuration: your style card, pricing rules, autonomy level, disclosure settings and similar preferences.

Fan conversation content: messages between a creator and their fans, captured by the Chrome extension from the creator's own logged-in session, on the creator's behalf, so the assistant can suggest replies and measure results.

Operational data: audit log entries, suggestion and attribution records, and billing status.

3. Data we never collect

We never ask for, see, or store your platform passwords or credentials. The extension works on top of the session you already have open in your own browser.

We never store your card details. Payments are processed by Stripe; card data goes directly to Stripe and never touches our systems.

4. Why we process data

We process data to provide the service: generating reply suggestions in the creator's style, enforcing price and safety limits, measuring incremental revenue through A/B attribution, keeping the audit log, handling billing, and providing support.

We do not use your data for advertising and we do not build profiles of fans for any purpose other than serving the creator they belong to.

5. AI processing

To generate reply suggestions, relevant conversation context is sent to large language model (LLM) providers acting as our subprocessors. Every AI-generated suggestion passes through an output safety layer before it can be used, and every action is recorded in the audit log.

6. Encryption and security

Fan messages are encrypted at rest with AES-256-GCM using per-tenant encryption keys, and data is encrypted in transit. Each customer's data is isolated per tenant: queries are scoped so one tenant can never read another tenant's data.

An immutable, hash-chained audit log records the actions the assistant takes, which lets us — and you — verify after the fact what happened and when.

7. Subprocessors

We rely on a small set of infrastructure providers to run the service: Supabase (database and authentication), Cloudflare (application hosting and compute), Stripe (payment processing), and LLM providers (AI processing of conversation context to generate suggestions). Each of them processes data only as needed to provide their part of the service.

8. Retention

We keep your data while your account is active and as long as it is needed to provide the service. When you delete your account or request deletion, we delete or anonymize the data and issue a signed deletion attestation — cryptographic proof that the deletion actually happened.

9. Your rights

You can request access to and export of your data, correction of inaccurate data, and deletion of your data. Deletions come with a signed attestation you can keep or forward to an auditor.

To exercise any of these rights, see the DSAR Requests page or email us directly. Fans whose conversations are processed on behalf of a creator should direct requests to that creator or to the platform; we support the creator in fulfilling them.

10. No sale of data

We do not sell your data, your fans' data, or any derived data. Period.

11. Changes and contact

If we make material changes to this policy, we will update this page and the date at the top. For any privacy question or request, contact noslen.pena@gmail.com.