Last updated: June 6, 2026

Privacy Policy

This Privacy Policy ("Policy") describes how BrandInGang LLC ("Company," "we," "us," "our") collects, uses, shares, and protects your personal information when you use the BrandInGang Fans platform and related services (the "Service"). This Policy applies to all users of the Service, including creators and subscribers.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Username and display name
  • Password (stored in hashed form only)
  • Date of birth
  • Profile photo and bio (optional)

Creator Verification Information

When you apply to become a creator, we additionally collect:

  • Legal name
  • Government-issued photo identification (passport, driver's license, or national ID)
  • Selfie photograph for identity verification
  • Address and country of residence
  • Tax identification information (SSN/EIN for U.S. persons, equivalent for non-U.S. persons)

Payment Information

  • Payment card details (processed and stored by our PCI-DSS compliant payment processor; we do not store full card numbers)
  • Billing address
  • Transaction history
  • Payout method details (bank account information for creators)

Content

  • Photos, videos, audio, and text content you upload
  • Messages sent through the platform
  • Comments and interactions

Usage Data

  • Pages visited, features used, actions taken
  • Time spent on the Service
  • Search queries
  • Referring URLs

Device & Technical Information

  • IP address
  • Browser type and version
  • Operating system
  • Device type and identifiers
  • Screen resolution
  • Language preferences

2. How We Use Your Information

We use your information for the following purposes:

  • Provide the Service: Operate, maintain, and deliver the features and functionality of the platform.
  • Process Payments: Facilitate transactions between subscribers and creators, process withdrawals, and manage billing.
  • Identity Verification: Verify creator identity and age to comply with legal requirements including 18 U.S.C. § 2257.
  • Fraud Prevention: Detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities.
  • Analytics: Understand how users interact with the Service to improve features, performance, and user experience.
  • Communications: Send service-related notifications, security alerts, account updates, and (with your consent) promotional communications.
  • Legal Compliance: Comply with applicable laws, regulations, legal processes, and government requests.
  • Safety: Enforce our Terms of Service, Acceptable Use Policy, and protect the safety and security of our users.

3. Legal Basis for Processing

We process your personal information under the following legal bases:

  • Consent: Where you have given explicit consent (e.g., marketing communications, optional data collection).
  • Contractual Necessity: Where processing is necessary to perform our contract with you (e.g., providing the Service, processing payments).
  • Legitimate Interests: Where processing is necessary for our legitimate interests (e.g., fraud prevention, security, service improvement), balanced against your rights and freedoms.
  • Legal Obligation: Where processing is necessary to comply with legal obligations (e.g., tax reporting, 2257 record keeping, responding to lawful government requests).

4. Data Sharing & Disclosure

We do NOT sell your personal information to advertisers, data brokers, or any third parties. We share your information only in the following limited circumstances:

  • Payment Processors: We share necessary transaction data with our PCI-DSS compliant payment processor to facilitate payments and withdrawals.
  • Cloud Infrastructure: Your data is stored on secure cloud infrastructure services that act as data processors under our instructions.
  • Law Enforcement: We may disclose information when required by law, subpoena, court order, or government request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
  • NCMEC Reports: If we become aware of CSAM, we are legally obligated to report to the National Center for Missing and Exploited Children.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as a business asset, subject to the same privacy protections.
  • With Your Consent: We may share information with your explicit consent for purposes not covered above.

5. Data Retention

  • Active Accounts: We retain your information for as long as your account is active and as needed to provide the Service.
  • Deleted Accounts: Upon account deletion, we will delete or anonymize your personal information within thirty (30) days, except where retention is required by law.
  • 2257 Records: Age verification and identity records required under 18 U.S.C. § 2257 are retained for a minimum of five (5) years after the content is removed from the Service, as required by law.
  • Transaction Records: Financial transaction records are retained for seven (7) years for tax and audit compliance.
  • Legal Holds: If information is subject to a legal hold, litigation, or government investigation, we will retain it until the matter is resolved.
  • Backups: Residual copies in backup systems are purged within ninety (90) days of account deletion.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Right of Access: Request a copy of the personal information we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete personal information.
  • Right to Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Right to Portability: Request a machine-readable copy of your personal information.
  • Right to Restrict Processing: Request that we limit how we use your information.
  • Right to Withdraw Consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.
  • Right to Object: Object to processing based on legitimate interests.

To exercise any of these rights, contact us at privacy@brandingang.com. We will respond to your request within thirty (30) days. We may require identity verification before processing your request.

7. Children's Privacy

The Service is strictly limited to individuals aged eighteen (18) and older. We do not knowingly collect, solicit, or maintain personal information from anyone under the age of eighteen (18). If we become aware that we have collected personal information from a person under 18, we will immediately terminate their account and delete all associated data within twenty-four (24) hours. If you believe a minor is using the Service, please report immediately to safety@brandingang.com.

8. International Data Transfers

BrandInGang LLC is based in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those of your jurisdiction. By using the Service, you consent to the transfer of your information to the United States. Where required by applicable law, we implement appropriate safeguards for international data transfers, including Standard Contractual Clauses approved by the European Commission.

9. Security Measures

We implement industry-standard security measures to protect your personal information, including:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS).
  • Encryption at Rest: Sensitive data stored in our databases is encrypted using AES-256 encryption.
  • Password Security: Passwords are hashed using bcrypt with appropriate work factors and are never stored in plaintext.
  • Access Controls: Access to user data is restricted to authorized personnel on a need-to-know basis, with role-based access controls and audit logging.
  • Infrastructure Security: Our infrastructure is hosted on enterprise-grade cloud platforms with SOC 2 Type II compliance, regular penetration testing, and vulnerability assessments.
  • Regular Audits: We conduct periodic security audits and assessments of our systems and practices.

While we employ commercially reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Cookies

We use only essential cookies necessary for the operation of the Service:

  • Authentication Cookies: To keep you logged in and verify your identity across requests.
  • Session Cookies: To maintain your session state and preferences during a browsing session.
  • Preference Cookies: To remember your settings such as language, theme, and content preferences.
  • Security Cookies: To support CSRF protection and other security features.

We do NOT use tracking cookies, advertising cookies, analytics cookies from third parties, or any cookies that profile user behavior for marketing purposes. We do not participate in any advertising networks or retargeting programs.

11. Third-Party Services

We use the following categories of third-party service providers:

  • Payment Processor: A PCI-DSS Level 1 compliant payment processor for handling financial transactions. They receive only the information necessary to process payments.
  • Cloud Storage & Hosting: Enterprise-grade cloud infrastructure provider for data storage, computing, and content delivery. They act as data processors under our Data Processing Agreement.
  • Email Service: Transactional email service for sending account notifications and security alerts.

All third-party service providers are bound by contractual obligations to process data only as instructed and to maintain appropriate security measures.

12. Data Breach Notification

In the event of a data breach that compromises your personal information:

  • We will notify affected users within seventy-two (72) hours of confirming the breach.
  • Notification will be sent via email and posted on the Service.
  • The notification will include: the nature of the breach, the types of data affected, the steps we have taken to contain and remediate the breach, and recommendations for protecting yourself.
  • We will notify applicable regulatory authorities as required by law (e.g., supervisory authorities under GDPR within 72 hours).
  • We will provide ongoing updates as our investigation progresses.

13. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
  • Right to Delete: You may request deletion of your personal information, subject to legal exceptions.
  • Right to Opt-Out of Sale: We do not sell personal information. However, you have the right to direct us not to sell your personal information at any time.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Limit Use of Sensitive Personal Information: You may limit the use of sensitive personal information to what is necessary to provide the Service.

To exercise your rights, contact us at privacy@brandingang.com or call us. We will verify your identity before processing requests. You may also designate an authorized agent to make requests on your behalf.

14. EU/EEA Residents (GDPR)

If you are located in the European Union, European Economic Area, or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR:

  • All rights listed in Section 6 above.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local supervisory authority (Data Protection Authority) if you believe our processing of your information violates applicable law.
  • Data Processing Agreement: Where required, we enter into Data Processing Agreements with processors that handle EU/EEA personal data.
  • Data Protection Officer: For GDPR-related inquiries, contact our designated privacy team at dpo@brandingang.com.
  • Transfer Mechanisms: For transfers of personal data outside the EU/EEA, we rely on Standard Contractual Clauses or other approved transfer mechanisms.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will provide at least thirty (30) days' advance notice of material changes by posting the updated policy on the Service and sending an email notification to your registered email address. The "Last Updated" date at the top will be revised. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy. We encourage you to review this Policy periodically.

16. Contact Us

For questions, concerns, or requests related to this Privacy Policy or your personal information:

  • Privacy inquiries: privacy@brandingang.com
  • Data protection officer: dpo@brandingang.com
  • General support: support@brandingang.com
  • Entity: BrandInGang LLC, Delaware, United States