Data Management Policy

Scope

Governs collection, processing, storage, retention, and access to personal data across FANZ Platforms. Works with the Privacy Policy and this KB's Age Verification policy.

2) End-User Age Verification (Summary)

• • DOB at sign-up; automated checks via VerifyMy; if flagged, government ID
• • Optional credit-card authorization for anti-fraud/age signal
• • Verified users gain access; suspected falsification ⇒ suspension pending review

4) Data Minimization & Storage

• • We collect only what's necessary to operate, verify, pay, secure, and comply
• • Age/ID artifacts: where feasible, verification images and biometric templates are retained minimally to complete verification + short risk window; then deleted or irreversibly de-identified unless law requires retention
• • We retain verification outcomes, timestamps, and compliance metadata to meet 2257, tax, fraud-prevention, and legal defense needs

5) Retention & Deletion

• • 2257/Finance: kept per statute (commonly 3–7+ years)
• • Moderation Logs: retained on a risk-based schedule to deter abuse and support investigations
• • Deletion Requests: honored per applicable law (subject to legal holds and statutory retention)

7) Third-Party & Government Access

• • Only authorized FANZ personnel access personal data
• • Processors (e.g., VerifyMy, payment, hosting, analytics) access data solely to provide contracted services under DPA/SCCs/IDTA where needed
• • Government/lawful requests require valid legal process; emergencies handled per law with documentation

8) Audits & Governance

• • Quarterly compliance audits; periodic third-party assessments as needed
• • New tooling undergoes security and privacy review (threat model + DPIA/LIAs where required)

9) Miscellaneous

• • Disciplinary actions apply for internal policy violations
• • Archiving of critical records occurs at least every 30 days (with integrity checks)
• • Policy conflicts default to the Terms of Service for dispute resolution and limits of liability