Privacy Policy
Last updated: August 2025
FANA (“we” or “us”), the operator of the Botbabe platform, is committed to protecting your privacy. This Privacy Policy explains what personal information we collect, how we use and share it, and your rights regarding that information. This policy applies to all users of Botbabe and any related services. Because Botbabe is an adult-oriented service, we particularly do not collect data from minors, and we aim to follow applicable privacy laws including the EU General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) in a lean, startup-friendly way (we do not use tracking cookies or sell data).
By using Botbabe, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the service.
1. Information We Collect
1.1 Information You Provide to Us:
Account Data: When you register as a creator on Botbabe, we collect personal information such as your email address, a chosen username or account name, and a password. We may also collect your display name or other profile details you provide (e.g. an avatar image) if you choose to add them. This information is required to create and maintain your account and identify you on the platform.
Communications: If you contact us (e.g. via support email), we will collect and retain your contact information and the content of your communication. This could include support inquiries or feedback.
Payment Information: Botbabe does not collect the personal payment details of fans (such as credit card numbers or full billing information). Payments for Botbabe service subscriptions are processed by third-party services (e.g., Gumroad), and fans provide their payment and personal information directly to those processors, which govern that data under their own terms and privacy policies. As a creator using Botbabe, we may collect certain payment-related metadata about your earnings and transactions (e.g., transaction ID, timestamps, content purchased, price paid, and confirmation from the payment processor) in order to deliver content to fans and display your earnings in your dashboard. Additionally, for the purpose of processing payouts of your earnings, Botbabe will use Payoneer to collect and store the bank account or payment details you provide (such as account number, bank name, and account holder information) solely to remit your payouts. We do not store or share this information with other users or fans, and it is used only for payout processing and compliance purposes.
Content Data: As a creator, you will input and generate content on Botbabe (such as your chatbot’s persona script, automated messages, and media you upload for fans). We store this content on our servers to operate the service. Some of this content may include personal information if you choose to include it (for example, if you write personal details in a broadcast message), but generally this content is under your control. We do not consider user-generated content to be “personal data” we collect for our own purposes, but it may contain personal data of you or third parties. If you include personal data in content, you are responsible for ensuring you have the right to do so.
Optional Information: We may in the future request or allow you to provide additional information, such as a profile bio, social media links, or identity verification (especially if required for age or payment verification). Providing such info will be voluntary unless mandated (e.g., age verification for adult creators might be required by payment processors or law).
1.2 Information We Collect Automatically:
When you use Botbabe, some data is collected automatically by virtue of your interactions:
Log and Usage Data: Our servers automatically log certain information about your use of the service. This can include your IP address, device type, browser type, access times, and pages/features accessed. We also log actions you take in the dashboard (e.g., creating a bot, scheduling a message) for security and auditing. This data helps us troubleshoot issues, secure the service, and understand usage patterns.
Device and Network Information: We might collect information about the device you use to access Botbabe, such as the operating system and version, unique device identifiers, and network information. This is standard for web server logs and helps in maintaining compatibility and security.
Cookies and Similar Tech: Botbabe’s website and dashboard use minimal cookies. We do not use any tracking or advertising cookies. We may use a session cookie for login (to keep you signed in) or to remember preferences. These cookies are typically exempt from consent requirements as they are necessary for service functionality. Apart from that, we do not place analytics or third-party cookies for our own purposes. (Note: if our site integrates any third-party content that uses cookies, or if Gumroad’s embed on the purchase flow uses cookies, those are under the third party’s control. We ourselves do not use cookies to collect personal data or track you across other sites.).
1.3 Information from Third Parties:
We generally do not purchase or receive personal data about you from third-party data brokers or marketing firms. However, we do rely on certain third-party services in our operations, and they may share limited data with us:
Payment Processors: As mentioned, if a fan purchases credits (e.g., Telegram Stars) through the Telegram app to spend on your content, we may receive confirmation from Telegram or its payment partners that credits have been purchased and used in your Botbabe chatbot. This confirmation may include transactional metadata such as the number of credits spent, the timestamp, and, if provided by the payment processor, the fan’s country. We treat this information as purely transactional and do not add it to our marketing or user databases. If you, as a creator, purchase a subscription plan for Botbabe’s services, that payment is processed through Gumroad (or other processors we may use in the future). Gumroad may provide us with your payout-related details (e.g., email address or account ID) for the purpose of reconciling service fees, commissions, or referral payments.
Telegram: Our service integrates with Telegram’s API to create and manage your chatbot. Through this integration, we may indirectly receive data such as your Telegram Bot API token (which you input to connect your bot), and fan interactions with the bot. For example, when fans send messages to your bot, our system processes those messages (which might include the fan’s Telegram username or ID and the content of their message) to generate a response. However, we do not store personal information about your fans from Telegram in our databases beyond what is needed momentarily to send replies. We do not create profiles of your fans or collect their contact info. The fan’s entire interaction can remain within Telegram. We might log an event like “User X’s bot sent Y messages today” or aggregate data like subscriber counts, but we do not keep personally identifying details of fans (such as their names or phone numbers). In essence, no “fan data” is persistently collected by Botbabe; fans remain anonymous to us aside from an ID or handle used transiently for routing messages.
1.4 Special Category Data: We do not intentionally collect any sensitive personal data about you (such as government IDs, health information, biometric data, etc.), unless you voluntarily provide it (for instance, if we later implement identity verification for age, that might involve collecting an ID document via a secure third-party verification service – but we currently have no such feature). We ask that you not send us or upload any sensitive personal data about others through the service.
2. How We Use Your Information
We use the collected information for the following purposes, in accordance with applicable data protection laws (GDPR legal bases in parentheses where relevant):
To Provide and Maintain the Service: We use personal data to operate Botbabe and provide you with the features you expect. This includes using your registration information to create your account and authenticate you at login, using your bot content to run the chatbot (e.g., replying to fans), and processing transactions (by relaying purchase confirmations to deliver content). (Legal basis: performance of a contract with you).
Service Communications: We will use your email to send you important administrative or service-related messages. For example, we may send confirmations of account actions, notifications of important service changes or outages, updates to terms or policies, or security alerts (like if we detect suspicious activity). These communications are considered part of the service. (Legal basis: legitimate interests in maintaining our service and/or performance of contract).
Customer Support: If you contact us for help, we will use your information (like your email and any details you provide) to assist you and resolve any issues. (Legal basis: performance of contract and legitimate interest in providing good customer service).
Improvement and Analytics: We may use aggregated or de-identified information about how users interact with Botbabe to improve our platform. For example, analyzing overall usage patterns or common points of failure in the user experience can help us identify what features to improve. We may also use your direct feedback to make changes. We do not use personal data for any invasive profiling or behavioral analysis beyond what is needed to properly serve you. Any analytics we do would primarily be internal and focused on service improvement (e.g., measuring how many active bots or messages per day to scale infrastructure). (Legal basis: legitimate interests in improving and optimizing our service).
Payments and Fraud Prevention: We use transaction metadata to ensure creators get paid and content is delivered. We keep records of payments for accounting and to comply with financial regulations (like tax or anti-fraud requirements). We may analyze transactions for fraudulent activity (for instance, multiple chargebacks could cause us to investigate). (Legal basis: performance of contract; compliance with legal obligations; legitimate interest in preventing fraud).
Legal Compliance: We may process and retain personal data as needed to comply with laws, regulations, legal process (such as subpoenas or court orders), or to respond to lawful requests by authorities. For example, keeping logs may be necessary to comply with records-keeping laws or to be able to respond to DMCA takedown requests. We will also use and disclose data as required to enforce our Terms of Service, to address disputes or claims (including investigation of potential violations), or to protect the rights, property, or safety of FANA, our users, or the public. (Legal basis: legal obligation or legitimate interests in enforcing our rights and preventing harm).
Marketing (Minimal): We currently do not run any marketing email campaigns or targeted advertising using your data. We might in the future send creators occasional product updates or newsletters if you opt-in. If we do so, it will be infrequent and you will have the ability to opt out of such communications. We will not spam you or sell your data for marketing. (Legal basis: consent for any non-essential communications).
We do not use your personal data to make any automated decisions with legal or similar significant effects on you (no automated profiling beyond perhaps basic analytics that doesn’t affect your account).
3. How We Share Your Information
We understand that your personal information is important, and we are careful about how we share it. We do not sell your personal information to third parties (no “sale” as defined by CCPA) and we do not share it with third parties for their own direct marketing purposes.
We only share your data in the following circumstances:
Service Providers: We use third-party companies to help us run Botbabe (for example, cloud hosting providers, database services, email service for sending notifications, etc.). These third parties may process your data on our behalf and under our instructions. We only share the data that is necessary for them to perform their function. For instance, our cloud host will store the data (including personal data) on their servers, an email delivery service will receive your email address and the content of emails we need to send you, etc. We contractually require these service providers to protect your data and use it only for providing services to us.
Payment Processors and Financial Partners: As described, transactions are handled by third parties like Gumroad. When a fan makes a payment, they provide data directly to Gumroad (which acts as an independent data controller for that transaction). Gumroad may share back with us certain data (transaction confirmation, etc.). We may also share limited data with Gumroad as needed for transaction processing – for example, confirming a user’s account status or an item ID for a purchase. Similarly, if we integrate other payment providers in the future (Stripe, PayPal), similar data exchanges will occur. These processors have their own privacy policies governing the information they collect.
Telegram: We integrate with Telegram’s platform to deliver the chatbot service. In doing so, our systems necessarily exchange data with Telegram’s servers (such as receiving messages from fans and sending responses). Telegram is an independent third party; any personal data that passes through Telegram (like usernames, chat content) is subject to Telegram’s privacy policy. We do not control Telegram’s data practices. We do not actively share your personal info with Telegram beyond what is needed for the bot to function (e.g., your bot’s name, and content of messages which by nature go through Telegram’s network). If you use Telegram, you are also subject to Telegram’s terms.
Legal Requirements: We may disclose your information if required to do so by law or in response to valid legal requests (e.g., a court order, subpoena, or government demand). We will carefully review the legality and scope of such requests. If a request is overly broad, we may challenge it or seek to narrow it. When permitted, we may attempt to notify you of such demands.
Enforcing Our Policies and Protecting Rights: We may share information with law enforcement or other authorities, or with private plaintiffs, when we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to anyone’s safety, or violations of our Terms of Service. For example, if we become aware of child exploitation material, we will report it to appropriate authorities (as required by law). If a user is engaging in harassment or hate crimes via our service, we might provide data to law enforcement under appropriate legal process.
Business Transfers: If FANA (Botbabe’s operator) is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of assets, or transition of service to another provider, your information could be disclosed in connection with that transaction. We would ensure that any new owner or resulting entity either continues to honor this Privacy Policy or gives you notice and a chance to opt-out of the transfer of your data.
With Your Consent: We may share your information for other purposes if you explicitly ask us to or consent to it. For instance, if in the future we partner with another platform and you opt in to share your Botbabe data with them for cross-promotion or features, we would do so only with your permission.
Data Sharing Summary: In simple terms, we share minimally: your data primarily stays within FANA and our trusted service providers that help run Botbabe. We do not share your personal details with other creators or users; creators on the platform cannot see each other’s personal info (unless you choose to share it with them yourself). Fans interacting with your bot remain anonymous to us except for necessary technical identifiers. We do not share fan identities with creators beyond what Telegram inherently shows (e.g., if a fan’s Telegram username is visible in chat, that’s by Telegram’s design, not something we independently share).
4. International Data Transfers
Botbabe is available worldwide, and your data may be processed in South Korea, the United States, and other countries where we or our service providers have facilities. For example, our servers might be hosted in the US or EU, and our team operates in South Korea. This means your personal information may be transferred to and stored on servers in a country different from your own, which may have different data protection laws. We will take steps to ensure appropriate safeguards are in place for these transfers, as required by GDPR and other laws.
If you are in the European Economic Area (EEA) or UK, and your data is transferred outside of it, we will rely on mechanisms such as Standard Contractual Clauses (SCCs) or an adequacy decision (if applicable) to legitimize the transfer. By using Botbabe, you understand that your information may be transferred to countries including South Korea (where FANA is based) and the United States (where some infrastructure may be) which may not have the same level of data protection as your home country, but we will handle it as described in this policy.
5. Data Retention
We keep your personal data only as long as necessary for the purposes described in this policy or as required by law. Here are some specific retention practices:
Account Information: We retain the personal information associated with your account (like email, username, profile info) for as long as your account is active. If you delete your account or if we terminate it, we will initiate deletion of your personal data from our live systems within a reasonable period, typically within 30 days, except as noted below.
User Content: Content you have created (bot dialogue, messages, media) will generally be deleted or made inaccessible when you delete it or delete your account. However, some content that was transmitted to fans may remain in their devices/Telegram. We do not control that. On our side, we will remove it from our servers unless it has been shared with others and they have not deleted it (e.g., if content was in a broadcast that many users received, copies might exist in backups or logs). We will also honor any specific requests to delete personal data contained in content, where feasible.
Transactional and Financial Records: We retain records of transactions and payouts for at least the duration required by tax and accounting laws. In Korea and many jurisdictions, financial records need to be kept for a number of years (e.g., 5-7 years) for legal compliance. These records may include personal data such as email (as identifier) and transaction amounts. We securely store such records and restrict access.
Logs: Server logs and security logs (including IP addresses and usage logs) are retained typically for a short period (a few months) unless used for security analysis. We may retain specific logs longer if investigating abuse or as evidence for legal matters.
Backups: Our system may maintain backups or archives that include personal data. If we delete data from the main system, it may persist in backup storage for a period until those backups are rotated out. We have backup retention policies (e.g. incremental backups that might be kept for some weeks). We ensure that if restoring from backup, any data of deleted users is not reintroduced (or we re-delete it after restore).
Legal Holds: If we are dealing with a legal dispute or have received a legal order to preserve data, we will retain relevant information until it is resolved, even if that extends beyond normal retention periods.
When we no longer need personal data, we will either delete it or anonymize it (so it can no longer be associated with you).
6. Your Rights and Choices
Depending on your location and applicable laws, you may have certain rights regarding your personal information. We strive to honor all users’ requests to the extent possible, but the availability of rights can vary. Here are key rights and how to exercise them:
Access and Portability: You have the right to request a copy of the personal data we hold about you, and to get information about how it’s used. This is sometimes called a Subject Access Request. We can provide you with a summary of your account data and potentially an export of content you have provided (data portability). For example, you can request a copy of your profile information and any logs that are associated with your account. If you require this, contact us at master@fana.club. We will verify your identity and respond within the timeframe required by law (typically within 30 days for GDPR, 45 days for CCPA, etc.).
Rectification: If any personal data we have is incorrect or outdated, you have the right to ask us to correct it. You can update some info (like your email, if allowed, or profile details) directly in the account settings. For any information you cannot change, contact us and we will correct it if appropriate.
Deletion (Right to be Forgotten): You can request deletion of your personal data. The easiest way is by deleting your account through the settings or by contacting support. Upon such request, we will remove or anonymize personal data associated with your account, except for data we are required or permitted to retain (see Data Retention above). Note that complete deletion may not be immediate if some data is in backups, but we will ensure it’s deleted from active systems and not used further. Also, if you are a California resident, this covers your CCPA right to request deletion; we will honor legitimate deletion requests and confirm once done.
Withdrawal of Consent: In cases where we rely on your consent to process data (e.g., if we ever ask consent for a specific use like sending marketing emails), you have the right to withdraw that consent at any time. For instance, if you agreed to receive a newsletter, you can unsubscribe or contact us to opt out. Withdrawal of consent does not affect processing already done, but we will stop the specific use going forward.
Objection and Restriction: Where we rely on legitimate interests to process your data, you have the right to object to that processing if you have reasons related to your particular situation. For example, if we were to use your data for some analytics or product development purpose you find intrusive, you can object. We will evaluate requests and stop or modify processing unless we have compelling legitimate grounds to continue (or if the processing is needed for legal claims). Similarly, you can request that we temporarily restrict processing of your data if you contest its accuracy or our right to use it.
Opt-Out of “Sale” (CCPA): We do not sell personal data as defined by CCPA (we don't exchange it for money or valuable consideration for others’ use). Therefore, there is no need for a “Do Not Sell My Info” opt-out on our service. If this ever changes, we will provide a clear opt-out method.
Non-Discrimination (CCPA): If you exercise any privacy rights (such as accessing or deleting data), we will not discriminate against you for doing so. That means we won’t deny you services or charge you different prices just because you made a privacy request. Our service access for creators is generally uniform (aside from any premium features unrelated to privacy choices).
Complaints: If you are in the EU/EEA or certain other jurisdictions, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your privacy rights. For example, in the EU you might contact your country’s Data Protection Authority; in the UK, the ICO. We encourage you to contact us first so we can try to address your concerns directly.
To exercise any of these rights, please contact us at master@fana.club with your request. For security, we may need to verify your identity (for example, by confirming control of your email address or asking for certain info that only the account holder would know). We will respond within the timeframe applicable under relevant law (and in any event as soon as reasonably possible). Some requests (like access or deletion) are free, but if they are excessive or manifestly unfounded, we might charge a reasonable fee or refuse (as allowed by law). We will explain our reasoning in such cases.
Please note: If you are a creator user of Botbabe, we are the “controller” of your data you provided to our service. If you are a fan interacting with a Botbabe chatbot, FANA is not collecting your data directly (the creator and Telegram are more relevant controllers for your interaction). Nevertheless, if you believe a Botbabe creator has used your personal data via our service (for example, uploaded something about you without permission), you can contact us and we will assist in remedying any privacy issue to the extent we can (such as deleting unwanted data).
7. Data Security
We take reasonable measures to protect your personal information from unauthorized access, use, alteration, or destruction. These measures include:
Encryption: We use encryption in transit (HTTPS/TLS) for our website and APIs, so that data exchanged between you and us is encrypted. Passwords are stored using secure hashing algorithms. We encourage you to use a strong, unique password for Botbabe to protect your own account.
Access Controls: We limit access to personal data to FANA personnel and contractors who need it to operate the service or assist you. All such personnel are subject to confidentiality obligations. We also employ access control mechanisms in our software (such as authentication tokens, role-based permissions) to ensure only authorized queries retrieve personal data.
Monitoring: We monitor for potential security breaches and have procedures in place to detect and respond to incidents. If we discover a data breach that affects your personal information, we will notify you and the appropriate authorities as required by law.
Secure Development: We follow best practices in software development to reduce vulnerabilities (e.g., using prepared statements to avoid SQL injection, validating inputs, etc.). We keep our systems updated and apply security patches regularly.
Third-Party Security: When we work with service providers (hosting, etc.), we choose reputable firms and use contracts that require them to also implement adequate security measures.
Despite our efforts, no system can be 100% secure. You also play a role in keeping your data safe. Please maintain the secrecy of your login credentials – do not share your password, and change it if you suspect any compromise. If you notice any suspicious activity on your account or suspect a vulnerability, notify us immediately.
8. Special Notice for International & Minor Users
Users Outside South Korea: As noted, if you use Botbabe from outside of South Korea, please be aware that your information will be transferred to and processed in South Korea and possibly the United States or other countries. Those data protections may differ from your country’s. However, we protect all user data as described herein, wherever it is processed. By using the service, you consent to your data being transferred internationally for the purposes of hosting and processing.
California Residents: If you are a California resident, in addition to the rights already described (access, deletion, etc.), you have the right to request a notice disclosing the categories of personal information we have collected about you, the categories of sources, the business purpose for collection, the categories of third parties with whom we share it, and the specific pieces of info we have about you. This essentially overlaps with what this Privacy Policy provides. If you need further detail or to exercise rights, contact us. Also, as stated, we do not sell personal information and we do not share personal information with third parties for their direct marketing without consent (California “Shine the Light” law compliance).
EU/EEA Users: FANA is the data controller for personal data collected through Botbabe. Our contact email is master@fana.club (see Contact Us section below for address). We do not currently have an EU representative or Data Protection Officer given our small size, but we will respond to any GDPR inquiries via the contact methods. The legal bases for processing your data are outlined in Section 2. We rely on performance of contract (Article 6(1)(b) GDPR) for most processing related to providing the service, legitimate interests (6(1)(f)) for some internal improvements, security, fraud prevention, etc., consent (6(1)(a)) for any optional uses, and legal obligation (6(1)(c)) for compliance tasks. You have the rights as detailed in Section 6. If you have an unresolved privacy concern, you can lodge a complaint with an EU Data Protection Authority.
Children’s Privacy: Botbabe is not intended for anyone under 18. We do not knowingly collect personal information from children (under 13, under 16 in some jurisdictions) and we prohibit minors from using the service. If we become aware that a child or minor has provided us with personal data, we will take steps to delete such information. If you are a parent or guardian and believe your child has used Botbabe or provided personal data, please contact us so we can remove the data and terminate the account. This stance is in compliance with COPPA in the U.S. and analogous youth protection laws. Additionally, creators on Botbabe are required to be 18+ and to ensure no minors appear in content.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make a significant change, we will notify you by an appropriate means – for example, by emailing you (to the address associated with your account) or by posting a notice on our website or dashboard. The “Effective Date” at the top will always indicate when the last changes were made.
It is important that you review any changes to understand how your information is used. If you continue to use Botbabe after an update takes effect, you will be considered to have agreed to the revised policy. If you do not agree with the changes, you should discontinue use of the service and may request deletion of your data.
10. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
FANA (Botbabe Operator)
Attn: Privacy Officer (or CEO)
4F, BNK Digital Tower, 398 Seocho-daero, Seocho-gu
Seoul, South Korea
Email: master@fana.club
We will do our best to address and resolve your inquiry in a timely manner. Your privacy is very important to us, and we welcome feedback on how we can improve our policies or practices.
Thank you for trusting Botbabe with your personal information. We are dedicated to providing a secure and private experience for our creator community.