innrcirql

Privacy Policy

Last updated: April 13, 2026

This Privacy Policy describes how innrcirql (“we,” “us,” or “our”) collects, uses, and shares personal information when you use our Platform. By using the Platform you consent to the practices described here.

1. Information We Collect

You provide:

  • Account data: username, email, password hash, date of birth.
  • Identity verification (KYC): for Creators, we collect your legal name, date of birth, address, government-issued photo ID (front and back where applicable), a selfie holding your ID, and a short liveness video. These are stored in a private, access-controlled bucket and retained as required by 18 U.S.C. § 2257.
  • Payment data: we use Stripe for payments. We do not store full card numbers; Stripe handles PCI-scope data directly. We store a Stripe customer/account ID and transaction metadata.
  • Content: posts, messages, stories, media, tips, subscriptions, comments, likes, and other activity you generate.
  • Communications: messages to support, feedback submissions, and email notifications you opt into.

Automatically collected:

  • Usage data: pages visited, clicks, search queries, feed impressions, device type, browser, OS, referring URL.
  • IP address and approximate location derived from IP (country/region, not precise GPS).
  • Cookies and similar technologies for authentication, preferences, security, and analytics.
  • Performance and error data via Sentry and similar services to diagnose bugs.

2. How We Use Your Information

  • To operate the Platform, including authentication, content delivery, and payment processing.
  • To verify identity and age as required by law.
  • To detect, prevent, and respond to fraud, abuse, and illegal activity.
  • To send transactional emails (verification, password reset, receipts, KYC updates, payout notifications) and, where you have opted in, engagement emails (new subscribers, tips, messages, digests).
  • To improve the Platform — diagnose problems, analyze usage patterns, and develop new features.
  • To comply with legal obligations, respond to law enforcement requests, and enforce our Terms.

3. Legal Bases (GDPR users)

If you are in the EU/EEA or UK, we process your personal data under one or more of these legal bases: (a) performance of our contract with you; (b) your consent (which you may withdraw at any time); (c) our legitimate interests in operating and securing the Platform; and (d) compliance with legal obligations.

4. Sharing Your Information

We share personal information only in these situations:

  • Service providers who help us run the Platform, under contracts that require them to protect your data — including Stripe (payments), Mux (video), Cloudflare (storage and CDN), Supabase (database), Resend (email), Upstash (cache), Sentry (error tracking), and PostHog (analytics).
  • Other users — profile information (username, display name, avatar, bio, banner, tags, public posts) is visible to other users and, for public profiles, anonymous visitors.
  • Legal and safety — when required by subpoena, court order, or law, or to protect the rights, property, or safety of innrcirql, our users, or others. We report child sexual abuse material to the National Center for Missing & Exploited Children (NCMEC) and cooperate with law enforcement.
  • Business transfers — if innrcirql is involved in a merger, acquisition, or asset sale, your information may be transferred, subject to this Policy.

We do not sell your personal information. We do not share your information with advertisers for cross-context behavioral advertising.

5. Retention

We keep personal data for as long as your account is active and as needed to provide the Platform. After account deletion, we anonymize most personal data within 30 days. We retain certain data longer where required by law:

  • KYC records and ID documents: retained indefinitely (minimum 7 years post-activity) under 18 U.S.C. § 2257.
  • Financial records: retained as required by tax and anti-money-laundering laws (typically 7 years).
  • Content moderation logs: retained to enforce bans and respond to repeat violations.
  • Backups: routine backups may contain deleted data for up to 90 days before being purged.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and associated data (subject to legal retention).
  • Export your data in a machine-readable format.
  • Object to or restrict certain processing.
  • Withdraw consent where we rely on consent.
  • Lodge a complaint with a data protection authority.

You can exercise these rights in Settings → Account, or by emailing [email protected].

7. California Residents (CCPA/CPRA)

California residents have the right to know what personal information we collect, to delete it, to correct it, to limit the use of sensitive personal information, and to opt out of sale or sharing. We do not sell personal information. To exercise these rights, email [email protected].

8. Security

We use industry-standard measures to protect your information — encryption in transit (TLS) and at rest, access-controlled storage for KYC documents, bcrypt-hashed passwords, optional two-factor authentication, rate limiting, DRM for video content, and forensic watermarking. No system is perfectly secure; you use the Platform at your own risk.

9. Children

The Platform is strictly for adults 18+. We do not knowingly collect information from anyone under 18. If we learn that we have collected such information, we will delete it immediately. If you believe a minor has an account, contact [email protected].

10. International Transfers

We are based in the United States and process data there. If you are in the EU/EEA, UK, or another jurisdiction with data transfer restrictions, your information will be transferred to and processed in the U.S. under appropriate safeguards such as Standard Contractual Clauses.

11. Cookies

We use essential cookies for authentication and security, functional cookies for preferences, and analytics cookies to understand usage. You can control cookies through your browser settings; disabling essential cookies will break core features like login.

12. Changes

We may update this Policy. If we make material changes, we will provide notice by email or in-app at least 14 days before the change takes effect.

13. Contact

For privacy questions, email [email protected].

This Policy is provided for informational purposes and should be reviewed by qualified legal counsel before final publication.