Privacy Policy
Last updated: 2026-07-06
Who we are
Who this covers
What we collect
- Account data: email, name, and contact handles you provide (e.g. Telegram or Discord), plus, for affiliates, your traffic-source description and estimated monthly views.
- Membership & payment data: when you buy a membership, our payment processor (Stripe) collects your card and billing details and processes the charge. We do not receive or store your full card number — we receive your email, a payment/subscription identifier, billing country/postal code, and transaction status.
- Payout data (affiliates): bank or wire details you provide so we can pay you. Stored encrypted at rest (libsodium secretbox) and decrypted only to generate a payout.
- Advertiser data: agency name, billing details, team members’ emails, and the OnlyFans account/connection metadata needed to run your offers.
- Usage & tracking data: clicks on tracking links, including a salted hash of the visitor’s IP (not the raw IP), user agent, and country code.
- Conversion data: subscription/sale events sourced from OnlyFansAPI for the offers promoted, including subscriber identifiers from the advertiser’s system.
- Advertising & measurement data: see “Advertising and the Meta Pixel” below — this includes Meta cookies, a first-party identifier we set, and events about your activity on our pages.
- Device & log data: IP address, browser/device info, and timestamps captured automatically by our hosting and security layers.
How we use it
- To provide the membership, affiliate platform, and advertiser portal.
- To process payments, subscriptions, and renewals, and to send affiliate payouts.
- To track conversions and calculate commissions earned and amounts owed.
- To measure and improve our advertising (see Meta section below).
- To send transactional email — sign-in links, status changes, billing and payout notices — via Resend.
- To prevent fraud and abuse, and to audit administrative actions.
- To comply with legal, tax, and accounting obligations.
Advertising and the Meta Pixel
- Event data (e.g. PageView, ViewContent, InitiateCheckout, Purchase) with timestamps and the page URL.
- Meta cookies _fbp and _fbc (the latter only when you arrive from a Meta ad), and a first-party identifier we set in a noctis_xid cookie for matching.
- Your email address in hashed (SHA-256) form, plus IP address and user agent, used by Meta to match events to accounts. We do not send your raw email to Meta for this purpose.
This helps us attribute conversions and optimize campaigns. Depending on your jurisdiction, this sharing may be considered “sharing” or “sale” of personal information for targeted advertising — see “Your rights.” You can also limit ad tracking via your browser and your Meta ad preferences.
Payments
Who we share it with
- Stripe — payment and subscription processing.
- Meta Platforms — advertising measurement (see above).
- OnlyFansAPI — offer-side tracking links and conversion data. They see tracking-link metadata, not your name, payout details, or contact info.
- Resend — transactional email (sees your email address).
- Supabase — database hosting (data at rest).
- Vercel — application hosting and edge network.
- Discord — if you join or link our community, your use is also governed by Discord’s privacy policy.
We may also disclose information to comply with law, enforce our terms, prevent fraud, or in connection with a merger or acquisition. Noctis admins (our staff) have access to account data, including decrypted payout details when generating a payout.
Cookies
International transfers
Security
Retention
Your rights
Children
Changes
Contact
This policy is provided for transparency and is not legal advice. Specific jurisdictions may grant additional rights, which we honor where applicable. Have counsel review before relying on it at scale.