Privacy Policy
Effective Date: April 18, 2026
This Privacy Policy explains how parasocial.website ("the Platform," "we," "us," or "our") collects, uses, stores, and shares your personal information when you use our service. By using the Platform, you consent to the practices described in this policy.
1. Information We Collect
1.1 Information You Provide
| Data | When Collected | Purpose |
|---|---|---|
| Name, email address, password | Account registration | Account creation, authentication, communication |
| Creator profile info (handle, display name, bio, social links, avatar, banner) | Creator profile setup | Public creator profile page |
| Shipping address (name, street, city, state, postal code, country) | Subscribing to a tier that includes physical goods | Shared with the Creator for physical goods fulfillment |
| Posts, comments, messages, poll votes | When you create content or interact | Providing the Platform's core functionality |
| Payment method details (card information) | Adding a payment method or subscribing | Payment processing — handled entirely by Stripe; we do not store card numbers |
1.2 Information Collected Automatically
| Data | How Collected | Purpose |
|---|---|---|
| IP address | Each authenticated session | Security, fraud prevention, session management |
| User agent (browser/device info) | Each authenticated session | Security, session management |
| Page views, traffic patterns, referral sources | Google Analytics | Understanding usage patterns and improving the Platform |
1.3 Cookies and Similar Technologies
We use the following cookies:
- Session cookie — Set by our authentication system to maintain your logged-in session. This is an essential cookie required for the Platform to function. It is a secure, HTTP-only cookie.
- Google Analytics cookies — Used to collect anonymized usage data about how visitors interact with the Platform. These cookies are set by Google and are subject to Google's Privacy Policy. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
2. How We Use Your Information
- Providing the service: Operating the Platform, processing subscriptions, delivering content, enabling messaging, and handling payments.
- Communication: Sending transactional emails including email verification, new post notifications, payment failure alerts, and tier deletion notices.
- Security: Detecting and preventing fraud, abuse, and unauthorized access. Enforcing our Terms of Service.
- Analytics: Understanding how users interact with the Platform to improve features and performance via Google Analytics.
- Platform administration: Internal event logging for auditing (e.g., sign-ups, follows, subscriptions, moderation actions). This data is only accessible to Platform administrators.
3. How We Share Your Information
We do not sell your personal information. We share data only in the following limited circumstances:
3.1 With Creators
- Public interactions: Your display name and avatar are visible on comments, likes, and follow lists.
- Direct messages: Message content is visible to both you and the Creator.
- Shipping address: If you subscribe to a membership tier that includes physical goods, your shipping address is shared with the Creator solely for the purpose of fulfilling and shipping those goods.
- Subscription status: Creators can see which Followers are subscribed to their tiers (subscriber count and list).
3.2 With Third-Party Service Providers
We use third-party service providers to operate the Platform, including for payment processing, image hosting, email delivery, and analytics. These providers receive only the data necessary to perform their function. All financial transactions are handled by Stripe — your payment card details are processed by Stripe and never touch our servers.
3.3 Legal Requirements
We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
4. Email Communications
We send the following types of emails:
4.1 Emails You Cannot Opt Out Of
- Email verification
- Payment failure notifications
- Subscription cancellation notices (e.g., when a tier is deleted)
- Account security notices
These are essential transactional emails related to your account and billing. They cannot be disabled.
4.2 Emails You Can Opt Out Of
- New post notifications: When a Creator you follow publishes a new post. You can disable these on a per-Creator basis by updating your follow preferences.
5. Data Retention
- Account data: Retained for as long as your account is active.
- Content (posts, comments, messages): Retained until deleted by you, the Creator, or the Platform. Soft-deleted comments remain in the database but are not displayed.
- Session data (IP address, user agent): Retained for the duration of the session and removed when the session expires.
- Payment transaction records: Retained indefinitely for accounting, tax, and legal compliance purposes.
- Event logs: Retained indefinitely for platform auditing and security.
6. Data Security
We implement reasonable security measures to protect your data, including:
- Passwords are hashed using bcrypt and never stored in plain text.
- Payment card details are handled by Stripe and never stored on our servers.
- All data in transit is encrypted via HTTPS/TLS.
- Content Security Policy headers are enforced.
- API rate limiting is applied to prevent abuse (60 requests/min globally, 10 requests/min for authentication endpoints).
- Stripe webhook signatures are verified for all payment events.
- User-submitted HTML content is sanitized server-side to prevent cross-site scripting (XSS).
No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access your personal data — you can view your profile, posts, messages, and subscription information through the Platform.
- Correct inaccurate data — you can update your profile, shipping address, and account settings at any time.
- Delete your account and associated data — contact support@parasocial.website to request account deletion.
- Object to processing — you may opt out of Google Analytics tracking and non-essential email notifications as described above.
- Data portability — contact us to request an export of your data.
8. International Users
The Platform is operated from the United States. If you are accessing the Platform from outside the United States, your data will be transferred to and processed in the United States. By using the Platform, you consent to this transfer.
9. Children's Privacy
The Platform is not intended for anyone under the age of 13. We do not knowingly collect personal information from children under 13, in compliance with the Children's Online Privacy Protection Act (COPPA). We do not perform age verification. If we learn that we have collected data from a user under 13, we will delete their account and data promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Effective Date" at the top of this page. For material changes, we will make reasonable efforts to notify users via email or in-app notification. Continued use of the Platform after changes are posted constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at support@parasocial.website.