This Privacy Policy explains how OFManager (“OFManager,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use ofmanager.com and our apps/APIs (the “Service”).

By using the Service, you agree to this Policy and our Terms of Service. If you do not agree, do not use the Service.

1) What we are (and aren’t)

We provide software tools and hosting for creators and agencies. We are not affiliated with OnlyFans, Fenix International Limited, or any other third-party platform.

2) Scope & roles

• As a service provider/processor: we process data on behalf of creators/agencies to run the Service (hosting, integrations, analytics, support).
  
  
  

• As a business/controller: we process your account/billing/usage data for our own operations (security, billing, product improvement, legal compliance).
  
  
  

If you are a creator/agency, you are responsible for your own privacy notices and consents toward your end users/models.

3) Information we collect

a) You provide

• Account & profile: name/handle, email, password (hashed), role, team info.
  
  
  

• Billing: payment method tokens and billing details (we do not store full card numbers; our PCI-compliant processors do).
  
  
  

• Content & metadata: files you upload (images/videos/text), captions, tags, schedules, messages, logs, and related metadata you choose to store.
  
  
  

• Support: emails, tickets, in-app messages, and call/chat recordings (if applicable).
  
  
  

b) Collected automatically

• Device & usage: IP address, device/browser type, OS version, language, timestamps, pages/screens viewed, features used, crash/diagnostic data.
  
  
  

• Cookies & similar tech: to keep you logged in, secure the Service, and understand product usage (see Cookies, §9).
  
  
  

c) From third parties (integrations)

• If you connect third-party services (e.g., cloud storage, analytics, or social/content platforms), we receive information those services send under your authorization and their terms.
  
  
  

d) Sensitive data

We do not seek to collect government IDs or biometric data. If fraud/abuse investigation requires additional proof, we’ll request only what’s necessary and handle it securely.

4) How we use information

• Provide the Service: account creation, authentication, hosting, storage, backups, support, notifications.
  
  
  

• Security & abuse prevention: rate-limiting, fraud/abuse/CSAM detection, audits.
  
  
  

• Billing & account management: subscriptions, invoices, payments, collections.
  
  
  

• Improve & develop: troubleshoot, analytics, feature testing, quality assurance.
  
  
  

• Legal compliance: respond to lawful requests; enforce Terms; DMCA; CSAM reporting.
  
  
  

• Communication: transactional emails; (optional) product updates you can control.
  
  
  

Legal bases (EEA/UK): contract, legitimate interests (security, improvement), consent (where required), legal obligations, and vital/public interest for safety reporting.

5) How we share information

We share only as needed to run the Service:

• Vendors/Processors: cloud hosting, storage/CDN, email/SMS, analytics, payment processors, error logging, and customer support tools bound by contract to handle data only per our instructions.
  
  
  

• Integrated third parties (you connect): when you link a platform, data flows as you authorize under that platform’s terms.
  
  
  

• Corporate events: merger, acquisition, financing, or sale (your data continues to be protected per this Policy or a successor policy of equal or greater protection).
  
  
  

• Legal/safety: to comply with law, DMCA, CSAM/NCMEC reporting, court orders, or to protect rights, safety, and the Service.
  
  
  

• With your direction: e.g., when you export/share content or invite teammates.
  
  
  

We do not sell your personal information, and we do not share it for cross-context behavioral advertising (CPRA “share”). We also do not use or disclose sensitive personal information for purposes other than those permitted by law and necessary to provide the Service.

6) Your content & hosting specifics

• You own your content. We host and process it only to run, secure, support, and improve the Service.
  
  
  

• Adult content: you are responsible for confirming all persons are 18+, obtaining consents/releases, and complying with 18 U.S.C. § 2257 record-keeping if applicable to you.
  
  
  

• Zero-tolerance for CSAM: we terminate accounts, preserve evidence, and report to NCMEC/law enforcement as required by 18 U.S.C. § 2258A.
  
  
  

• Takedown (DMCA): we honor valid notices and maintain a repeat-infringer policy.
  
  
  

7) Data retention

We keep information only as long as necessary for the purposes above, including:

• Account/billing: for the life of the account + a reasonable period (e.g., 3–7 years) for tax, audit, and legal obligations.
  
  
  

• Hosted content: for the life of the account and then deleted from active systems within a reasonable period; backups roll off per standard cycles.
  
  
  

• Logs/diagnostics: typically 12–24 months (shorter where feasible), unless needed for security, fraud, legal holds, or disputes.
  
  
  

8) Your choices & rights

Controls

• Account settings: update profile, change password, manage connections.
  
  
  

• Emails: unsubscribe from non-transactional emails via email footer or settings (transactional emails are necessary).
  
  
  

• Cookies: manage preferences via our banner and your browser settings.
  
  
  

• Global Privacy Control (GPC): we honor GPC signals to the extent applicable.
  
  
  

U.S. state privacy rights (CPRA/CO/CT/VA, etc.)

Depending on your state, you may request:

• Access/Know, Portability, Correction, Deletion, and to Appeal our decision.
  
  
  

• Opt-out of “sale,” “sharing,” or targeted advertising (we don’t do these; if that changes, we’ll provide a clear “Do Not Sell/Share” link).
  
  
  

• Limit use of sensitive PI (not applicable—see §5).
  
  
  

Submit requests at support@ofmanager.com. We’ll verify and respond as required by law. You won’t be discriminated against for exercising rights.

EEA/UK rights (GDPR)

If GDPR applies, you may request access, rectification, erasure, restriction, objection (including to processing based on legitimate interests), and data portability, or withdraw consent where processing relies on consent. You may also lodge a complaint with your local supervisory authority.

9) Cookies & similar technologies

We use:

• Strictly necessary (login, security, load balancing).
  
  
  

• Functional (preferences).
  
  
  

• Analytics (product usage, performance).
  We don’t use third-party ad cookies. Manage preferences via our cookie banner and your browser settings.
  
  
  

10) Security

We use reasonable administrative, technical, and physical safeguards (TLS in transit, encryption at rest where applicable, access controls, logging, and routine backups). No system is 100% secure. If we detect a security incident that legally requires notice, we will notify you consistent with applicable law.

11) Children

The Service is for adults (18+). We do not knowingly collect personal information from children. If you believe a child has provided data, contact support@ofmanager.com and we will delete it.

12) International transfers

We may transfer, store, and process information in the United States and other countries where we or our vendors operate. Where required, we use appropriate safeguards (e.g., EU Standard Contractual Clauses). By using the Service, you understand your data may be processed outside your country.

13) Third-party links & services

Third-party services you connect to have their own privacy policies. We are not responsible for their practices. Review their terms before connecting.

14) Changes to this Policy

If we make material changes, we will update the “Last Updated” date and, where required, provide additional notice. Your continued use after changes means you accept the updated Policy.

15) Contact us

• Privacy requests: support@ofmanager.com

• Support: support@ofmanager.com
  
  
  

We do not accept service of process by email. Physical service must be made on our registered agent on file with the Wyoming Secretary of State.

16) U.S. “Notice at Collection” (CPRA summary)

Categories collected: identifiers (name, email, IP), account credentials (hashed), commercial/billing data, internet/network activity (usage, logs), device data, geolocation (coarse, based on IP), customer support records, content you upload and its metadata.
Purposes: provide and secure the Service; billing; support; quality and improvement; legal compliance; safety/abuse prevention; DMCA/CSAM obligations.
Sources: you; your devices; integrated third parties you connect; service providers.
Disclosure: to processors/service providers, integrated third parties (you connect), legal/safety recipients, and in corporate transactions.
Sale/Share: No we do not sell or share your personal information for cross-context behavioral advertising.
Retention: see §7.

17) Data Processing Addendum (DPA)

For business customers that need a DPA (including CCPA service-provider/GDPR processor terms), email support@ofmanager.com and we’ll provide our standard DPA. Subprocessor list available on request.