Privacy Policy

1. Who We Are

Fanvora ("Fanvora", "we", "us", "our") is a social media growth service operated by a Romanian business entity, subject to Romanian law and the General Data Protection Regulation (GDPR). We provide social media growth services through the website fanvora.co.

Our services are offered to customers worldwide, and this Privacy Policy applies to all personal data we process in connection with our social media growth services.

For privacy inquiries, contact us at hello@fanvora.co.

2. Data Controller

For the purposes of applicable data protection law, Fanvora acts as the data controller for the personal data described in this Privacy Policy, unless stated otherwise.

3. Data We Collect

We may collect the following types of personal data:

Account data:
Email address, name (optional), and hashed password when you create an account.

Order data:
Social media profile URL, platform, selected package, payment amount, order status, and related metadata when you place an order.

Payment data:
Processed entirely by Stripe. We do not store your card number, expiry date, or CVC. We only retain the Stripe PaymentIntent ID for reference and reconciliation.

Guest checkout data:
Email address for order confirmation if you complete checkout without creating an account.

Review data:
Star rating, review text, and, optionally, your social media handle if you choose to share it publicly.

Authentication data:
If you sign in with Google (via OAuth), we receive your name, email address, and profile picture from Google. We do not access any other Google data.

We do not collect or store your social media account password, API keys, or any other direct login credentials. We only process the public profile link or username you provide. Any data processed by third-party SMM providers (e.g., follower delivery systems) is governed by their own privacy policies and practices, and we do not have direct control over how they use or retain that data.

4. How We Use Your Data

We use your personal data for the following purposes:

• To fulfill your orders and deliver followers or related engagement to the profile you specify.
• To send transactional emails such as order confirmation, delivery updates, discount codes, and password reset links.
• To display approved reviews on our website, but only if you have explicitly opted in to share your handle publicly.
• To prevent fraud, duplicate orders, and abuse of our services.
• To respond to your support requests, including via email or account messages.
• To comply with legal, tax, and accounting obligations in Romania.

We do not sell, rent, or share your personal data with third parties for marketing purposes. We do not send marketing emails unless you have explicitly opted in (currently not offered).

You acknowledge that some of the services we coordinate involve external SMM providers, and the way they process data and deliver engagement is governed by their own systems and policies, not directly by Fanvora.

5. Legal Basis for Processing

We process your personal data on the following legal bases, where applicable:

• Performance of a contract: to create and manage your account, process your orders, provide the services you request, and communicate with you about your orders.
• Legal obligation: to comply with Romanian and EU tax, accounting, fraud-prevention, and consumer protection obligations.
• Legitimate interests: to secure our platform, prevent fraud, investigate misuse, maintain service integrity, and defend legal claims where necessary.
• Consent: where you voluntarily submit a public review, choose to share your social media handle publicly, or where consent is otherwise required by applicable law.

6. Public Profile Information

Because our services are designed around public social media profiles, you acknowledge that profile usernames, profile URLs, and publicly visible account information submitted by you may be processed for service fulfillment purposes.

7. Third-Party Services

We rely on third-party service providers to support our operations. These providers process your data only on our instructions and for the purposes described in this Privacy Policy.

We use the following third-party services:

• Stripe (payment processing) — processes your payment securely. Subject to Stripe's Privacy Policy.
• Supabase (database hosting) — stores your account and order data on servers located within the European Economic Area (EEA). Subject to Supabase's Privacy Policy.
• Resend (transactional email) — sends order and account emails. Subject to Resend's Privacy Policy.
• Vercel (hosting) — serves the website. Subject to Vercel's Privacy Policy.
• Google (OAuth sign-in, if used) — provides authentication. Subject to Google's Privacy Policy.

All third-party services we use are chosen as data processors or sub-processors and are expected to provide appropriate safeguards for your data. Where data may be transferred outside the European Economic Area (EEA), we ensure that such transfers are based on appropriate legal mechanisms (for example, GDPR-approved Standard Contractual Clauses, or adequacy decisions) between us and the provider.

For data related to SMM-panel-type providers used for follower delivery, we do not have direct control over their data processing, and their use of data is governed by their own privacy policies and terms.

8. Third-Party Fulfillment Providers

Some services may be fulfilled through third-party social media delivery providers. We do not control the internal systems, retention practices, or technical methods used by those providers, except to the extent required to coordinate service delivery.

9. International Data Transfers

Because we serve customers globally and use third-party service providers, some personal data may be processed outside Romania or outside the European Economic Area (EEA).

Where personal data is transferred outside the EEA, we rely on appropriate safeguards where required by law, such as adequacy decisions issued by the European Commission or Standard Contractual Clauses (SCCs) with the relevant provider.

10. Cookies

We use strictly necessary cookies for authentication, such as session tokens required to keep your account logged in. We do not use tracking cookies, advertising cookies, or analytics cookies on our website. Stripe may set its own cookies during the payment process, as described in their privacy policy.

11. Data Retention

We retain your personal data only for as long as is necessary to fulfill the purposes described in this Privacy Policy, or as required by law.

• Account data: Retained until you request deletion of your account, unless otherwise required by law.
• Order data: Retained for up to 5 years for legal, tax, accounting, and dispute resolution purposes, after which it is anonymised or irreversibly deleted. Where strictly necessary, anonymised or aggregated information may be retained for longer, without personal identification.
• Password reset tokens: Expire after 1 hour and are marked as used. Old tokens are deleted periodically.
• Reviews: Retained until you request removal, or until we remove them at our discretion.

12. Your Rights (GDPR)

As an EU-based service, we comply with the General Data Protection Regulation (GDPR). You have the following rights where applicable, subject to verification:

• Access: Request a copy of all personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your account and personal data ("right to be forgotten"). Note that order data may be retained for legal compliance.
• Data portability: Request your data in a commonly used machine-readable format.
• Objection: Object to processing of your data where we rely on legitimate interest.
• Withdrawal of consent: Where processing is based on consent, you can withdraw it at any time, though this may affect your ability to use certain services.

To exercise any of these rights, email hello@fanvora.co. We will respond within 30 days where possible, or within the timeframe required by law.

If you reside in another EU Member State, you also have the right to lodge a complaint with the data protection authority of your country of residence, in addition to lodging one with the Romanian authority.

13. Verification of Requests

To protect your privacy and security, we may request reasonable information to verify your identity before responding to requests relating to access, deletion, correction, or portability of personal data.

14. Data Security

We take reasonable technical and organizational measures to protect your data, including:

• Passwords are hashed using bcrypt before storage.
• All connections between your browser and our website use HTTPS/TLS encryption.
• Payment card data is handled entirely by Stripe, a PCI DSS-compliant processor, and we never store full card details.
• Database access is restricted to our application and authorized personnel only.

No data transmission over the internet or storage system can be guaranteed as 100% secure, but we aim to protect your data using industry-standard practices.

15. Children

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately at hello@fanvora.co, and we will take appropriate steps to remove the data.

16. Changes to This Policy

We may update this Privacy Policy from time to time. Changes are effective immediately upon posting on this page. The "last updated" date at the top reflects the most recent revision.

We recommend you periodically review this page to stay informed about how we protect your data.

17. Contact and Complaints

For any privacy-related questions, concerns, or to exercise your data protection rights, contact us at:

Email: hello@fanvora.co

Website: fanvora.co

If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority. In Romania, this is the Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP):

• Website: https://www.dataprotection.ro/

For individuals in countries outside the European Economic Area, this Privacy Policy describes our general data protection practices, and you accept that local laws may impose additional obligations, where applicable.