Privacy Policy
How OnlyPPV collects, uses, discloses, and safeguards information when you use our Telegram-native AI chatter platform. Compliant with GDPR and CCPA / CPRA.
Introduction
OnlyPPV (“we”, “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Telegram-native AI chatter platform.
By accessing or using OnlyPPV, you acknowledge that you have read this Policy and agree to be bound by it.
Information We Collect
Account information
- Display name and Telegram username
- Email address
- Country / region
- Account creation date
Telegram integration
We store encrypted authorization tokens needed to operate the chatter on your behalf. Your actual Telegram login credentials are never stored on our servers.
Content & persona configuration
- Photos, videos, and other media you upload
- Pricing and bundle metadata
- Persona settings (tone, style, do / don’t rules)
Age verification & content compliance
OnlyPPV does not collect or maintain performer identity documents, government-issued IDs, or consent records. You are legally required to verify all performer ages and to keep age-verification and consent records as required by 18 U.S.C. § 2257 and other applicable law, and to provide them on request.
Payment information
- Telegram Stars transaction history
- Revenue and payout records
- USDT wallet addresses (for crypto payouts)
Usage data
- Chat logs with fans (retained for 90 days)
- Analytics: engagement, conversion, response times
- Session metadata (duration, frequency, timestamps)
- Device information (browser, OS, IP address)
AI processing data
- Messages sent to and from the chatter
- Sentiment and intent analysis results
- Conversation context and history
Legal Basis for Processing (GDPR)
We process your data under the following GDPR legal bases:
Art. 6(1)(b) — Contract performance
- Account management and authentication
- Operating the chatter and delivering content
- Processing payments and payouts
- Customer support
Art. 6(1)(c) — Legal obligation
- Age verification compliance and tracking
- CSAM detection and reporting
- Tax compliance and record-keeping
- Lawful government and law-enforcement requests
Art. 6(1)(a) — Your consent
- GDPR consent at signup
- Marketing communications (only if opted in)
- Optional analytics tracking
- Non-essential cookies
Art. 6(1)(f) — Legitimate interest
We process certain data based on legitimate interest in platform safety: monitoring for illegal content, fraud detection, account security, and service quality. Safeguards: minimal collection, short retention (90 days for chat logs), encryption, and access controls.
How We Use Your Data
Service provision
- Creating and managing your OnlyPPV account
- Operating the AI chatter on your Telegram account
- Delivering paid content to fans through Telegram
- Processing payments and crypto payouts
AI processing
Fan messages are processed by AI models in real time to generate responses, run sentiment analysis, and personalize tone. Some data may be retained transiently by AI providers per their own data-processing terms.
Safety & compliance
- Automated CSAM detection and law-enforcement reporting
- Fraud and abuse detection
- Platform security and integrity
- Investigating Terms violations
Platform improvement
- Analytics and performance monitoring
- Feature development and testing
- User-experience optimization
Data Retention
| Data type | Retention | Legal basis |
|---|---|---|
| Account information | Until deletion or 180 days inactivity | Contract — Art. 6(1)(b) |
| Chat logs (creator-fan messages) | 90 days rolling | Legitimate interest — Art. 6(1)(f) |
| Session analytics | 90 days rolling | Legitimate interest — Art. 6(1)(f) |
| Payment / transaction records | 7 years | Legal obligation — Art. 6(1)(c) |
| Uploaded content | Until deletion by Creator | Contract — Art. 6(1)(b) |
| Persona configuration | Until deletion by Creator | Contract — Art. 6(1)(b) |
| CSAM reports & logs | Indefinitely | Legal obligation — Art. 6(1)(c) |
90 days is the standard window for messaging-platform dispute resolution. It balances operational needs with GDPR’s data-minimization principle.
Your GDPR Rights
You have the following rights under GDPR. All requests are processed within 30 days at no cost.
Art. 15 — Access
Request a JSON export of your data. Email support@onlyppv.com with subject “Data Access Request”.
Art. 16 — Rectification
Correct inaccurate data via your dashboard or by emailing support@onlyppv.com.
Art. 17 — Erasure (“Right to be Forgotten”)
Request account deletion via Settings → Delete Account, or by emailing support@onlyppv.com. We delete within 30 days. Exceptions: tax records (7 years) and CSAM logs (indefinite) are retained by law.
Art. 18 — Restriction
You may ask us to limit processing — e.g. disable analytics. This may reduce service functionality.
Art. 20 — Portability
Receive your data in a machine-readable JSON format on request.
Art. 21 — Objection
Opt out of marketing or analytics. You cannot object to contract-necessary processing.
Art. 22 — Automated decision-making
You may request human review of any automated decision. Our AI is used for response generation, sentiment analysis, and content recommendations.
Art. 77 — Lodge a complaint
You may complain to your local data protection authority. Contact us first at support@onlyppv.com — we will help you exercise your rights.
International Data Transfers
Your data is processed in multiple locations:
- Telegram infrastructure — global, primary operations in Dubai, UAE
- AI providers — various locations including the United States
Safeguards
- TLS 1.3 encryption in transit
- AES-256 encryption at rest
- Minimal data sharing — only what is necessary
- Contractual data-protection obligations with providers
Security
We implement industry-standard security measures:
- AES-256 encryption at rest
- TLS 1.3 encryption in transit
- Role-based access controls with least privilege
- Continuous security monitoring and logging
- Encrypted backups with retention policies
- Documented incident-response procedures
In the event of a data breach affecting personal data, we will notify affected users within 72 hours as required by GDPR, with details of the breach, affected data, and remediation steps. Contact: support@onlyppv.com.
Children’s Privacy
We do not knowingly collect data from minors. Age confirmation is required at signup. If we discover that a minor has bypassed verification, we immediately terminate the account and delete all associated data. Report suspected minors: support@onlyppv.com.
California Residents (CCPA / CPRA)
If you reside in California, you have additional rights:
- Right to know — what we collect and how we use it
- Right to delete — request deletion of your data
- Right to opt out of sale — we do not sell data, but you may opt out anyway
- Right to correct — update inaccurate information
- Right to limit use of sensitive information
Email support@onlyppv.com with “California Privacy Rights” in the subject. Response within 45 days (extendable to 90 days with notice). Free of charge.
Changes to This Policy
We may update this policy. Material changes are posted on this page with a new “Last updated” date. Continued use of the Service after the change constitutes acceptance.
Contact Us
Privacy questions
support@onlyppv.com — response within 7 business days.
GDPR / CCPA requests
support@onlyppv.com with subject “[GDPR] [Request type]” — response within 30 days.
Security issues
support@onlyppv.com — response within 24 hours for critical issues.
Abuse reports
support@onlyppv.com — response within 24–48 hours.
By using OnlyPPV, you acknowledge that you have read, understood, and agree to this Privacy Policy.