Privacy policy

1. Introduction

This Privacy Policy describes how The Fan Pass (“The Fan Pass”, “we”, “us” or “our”) collects, uses and protects the personal data of users of the https://thefanpass.com website and its associated services (the “Service”).

The Fan Pass is committed to complying with the provisions of the European Union's General Data Protection Regulation (GDPR) as well as applicable data protection laws in other jurisdictions, including the California Consumer Privacy Act (CCPA) for US users.

2Data controller

3Data collected

We collect several types of data in connection with your use of the Service:

4Purposes of processing

We use your personal data for the following purposes:

• Account creation and management — Legal basis: performance of a contract.
• Payments, invoicing and subscriptions — Legal basis: performance of a contract.
• Provision and improvement of the Service — Legal basis: legitimate interest.
• Performance analysis (Google Analytics) — Legal basis: consent.
• Customer support and technical assistance — Legal basis: performance of a contract.
• Security and fraud prevention — Legal basis: legitimate interest.
• Marketing communications (emails, newsletters) — Legal basis: consent.

5Data retention

• Inactive accounts: deletion or anonymisation after 12 months.
• Billing data: kept for 10 years (legal requirement).
• Technical logs and cookies: up to 13 months.
• Prompts and conversations: deleted upon user request or after 24 months of inactivity.

6Data sharing with third parties

We do not sell any personal data. Some data is shared only with essential service providers:

• Contabo GmbH — server hosting — Germany
• Stripe, Inc. — payments and billing — US / EU
• Google LLC — audience analytics (Analytics) — US
• OpenRouter / OpenAI, Anthropic, etc. — AI text processing — US / EU

All our providers are contractually committed to complying with the European Commission's Standard Contractual Clauses (SCCs) for transfers outside the EU.

7Data security

• HTTPS encryption (TLS 1.3)
• Secure hashing of passwords
• Restricted access management
• Regular backups
• Internal security audits

In the event of a personal data breach, we will notify the competent supervisory authority (e.g. CNIL) and the users concerned in accordance with GDPR.

8Your rights (GDPR and CCPA)

You have the following rights over your personal data:

• Right of access, rectification and erasure
• Right to data portability
• Right to object and to restrict processing
• Right to withdraw your consent at any time

To exercise these rights, please contact us at: support@thefanpass.app.

Users located in California may also request the deletion or non-sale of their data in accordance with the CCPA.

For more information, please see our page on your GDPR rights.

9Cookies and trackers

Cookies are used in particular to:

• Measure audience (Google Analytics)
• Ensure the website functions properly
• Remember language and session preferences

You can manage your preferences via the cookie banner shown on your first visit or from the Cookies management page.

10International data transfers

Your data may be transferred to service providers located outside the European Union. These transfers are governed by appropriate safeguards such as:

• the European Commission's Standard Contractual Clauses (SCCs), or
• participation in the Data Privacy Framework (DPF) for certified US companies.

11Changes to this policy

The Fan Pass may update this Policy at any time. Any material change will be announced on our website at least 15 days before it takes effect.