Sign in

Privacy Policy

Fusey B.V. - Last updated: April 2026
This Privacy Policy explains how Fusey B.V. ("Fusey", "we", "us", "our"), a private limited company registered in the Netherlands, collects, uses, stores, and protects your personal data when you use the Fusey platform ("Platform").
We process personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Dutch Uitvoeringswet Algemene verordening gegevensbescherming (UAVG).

1. Data Controller

Fusey B.V. is the data controller responsible for your personal data.
Registered address: Tesselschadestraat 39, 2026SM, Haarlem, the Netherlands
Email: fuseybusiness@gmail.com
This is our registered business address. We do not accept visits or postal correspondence at this location. For all enquiries, please contact us via the Platform or by email.

2. Personal Data We Collect

2.1 Account Data (provided by you or your OAuth provider)

  • Username and display name
  • Email address
  • Profile picture (avatar) and banner image
  • Bio and description
  • Preferred language and timezone

2.2 Authentication Data (from third-party providers)

We offer sign-in via Google, Discord and X/Twitter. When you authenticate, we receive:
  • Provider account identifier
  • Provider profile information (name, avatar)
  • OAuth tokens (stored encrypted, used solely to maintain your session)
We do not receive or store your password from any provider.

2.3 Social Media Data (Creators only)

When Creators connect social media accounts for verification, we collect:
  • Platform type (Discord, YouTube and X/Twitter)
  • Account identifier and display information
  • Public metrics (subscriber/follower/member counts, view counts)
This data is synced periodically to display accurate analytics on Creator profiles.

2.4 Transaction Data

  • Order details (packages purchased, prices, timestamps)
  • Delivery content links and notes
  • Community instructions provided by Sponsors
  • Dispute information (reason, resolution)
  • Payout and withdrawal history

2.5 Communication Data

  • Messages exchanged between users on the Platform
  • File attachments (max 5 files per message/order, max 5 MB each)

2.6 Technical Data

  • Browser type and version (from HTTP headers)
  • IP address (server logs, not stored long-term)

2.7 Analytics Data

We use Plausible Analytics, a privacy-friendly analytics tool, self-hosted on our own infrastructure. Plausible does not use cookies, does not collect personal data, and does not track users across sites or sessions. The data collected is aggregated and anonymised:
  • Page visited and referrer source
  • Browser type and operating system
  • Country (derived from IP address; IP is not stored)
We do not use tracking pixels, advertising cookies, or fingerprinting.

3. Legal Basis for Processing

PurposeLegal Basis (GDPR Art. 6)
Account creation and authenticationPerformance of contract (Art. 6(1)(b))
Payment processing and escrowPerformance of contract (Art. 6(1)(b))
Dispute resolutionPerformance of contract (Art. 6(1)(b))
Email notifications about ordersPerformance of contract (Art. 6(1)(b))
Social media metrics displayConsent (Art. 6(1)(a)) - you choose to connect accounts
Platform security and fraud preventionLegitimate interest (Art. 6(1)(f))
Aggregated analytics (Plausible)Legitimate interest (Art. 6(1)(f)), no personal data
Legal compliance (tax, financial regulations)Legal obligation (Art. 6(1)(c))

4. How We Use Your Data

We use your personal data to:
  • Create and manage your account.
  • Process transactions between Creators and Sponsors.
  • Hold funds in escrow and process payouts via Stripe.
  • Facilitate communication between users.
  • Display Creator profiles with connected social media metrics.
  • Send order-related email notifications.
  • Resolve disputes between users.
  • Detect and prevent fraud or abuse.
  • Measure aggregated, anonymised platform usage via Plausible Analytics (no personal data involved).
  • Comply with legal obligations.
We do not sell, rent, or share your personal data with third parties for marketing purposes.

5. Third-Party Processors

We share personal data with the following processors, each bound by Data Processing Agreements:
ProcessorPurposeData SharedLocation
StripePayment processing, payouts, identity verificationName, email, financial dataEU/US (EU SCCs)
Google / Discord / X/TwitterAuthenticationOAuth tokens, profile dataUS (EU SCCs)
Discord / YouTube / X/TwitterCreator social media sync (analytics, metrics)OAuth tokens, public metricsUS (EU SCCs)
Transactional emails are sent from our own mail server. No third-party email processor is used.
All processors are required to protect your data in accordance with GDPR standards. Where data is transferred outside the EU/EEA, appropriate safeguards (Standard Contractual Clauses) are in place.

6. Cookies

We use only strictly necessary and functional cookies. We do not use tracking cookies, analytics cookies, or advertising cookies.
Cookie NamePurposeTypeDuration
authTokenKeeps you signed in to your account. Contains an encrypted authentication token.Strictly necessary10 years
I18N_LOCALERemembers your preferred language.Functional10 years
TIMEZONERemembers your preferred timezone.Functional10 years
oauth_stateProtects against cross-site request forgery (CSRF) during the sign-in process.Strictly necessary10 minutes
Under the Dutch Telecommunicatiewet (Art. 11.7a) and the EU ePrivacy Directive (Art. 5(3)), consent is only required for cookies that are not strictly necessary for the service requested by the user. All cookies on Fusey are either strictly necessary (authentication, security) or functional (language preference). Therefore, no cookie consent banner is required.

7. Data Retention

Data TypeRetention Period
Account dataMarked inactive on deletion, anonymized after 3 years
Transaction dataPreserved indefinitely (Dutch fiscal retention obligation, Algemene wet inzake rijksbelastingen Art. 52)
MessagesDeleted 3 years after self-deletion (cascade during anonymization). Retained indefinitely for admin-banned accounts.
File uploadsDeleted when associated order or account data is removed
Authentication tokensDeleted immediately on account deletion
Social media OAuth tokensDeleted 3 years after account deletion (during anonymization)
SessionsAutomatically cleaned up after 1 month of inactivity
Server logs (IP, user agent)Dependent on infrastructure, not stored long-term
When you delete your account, your email is cleared and the account is marked inactive. After 3 years, all remaining personal data (display name, avatar, bio, social media connections, conversations, and messages) is permanently anonymized or deleted. Transaction records are preserved for legal and financial compliance.
If your account has been disabled by Fusey administration (e.g., due to a ban for Terms of Service violations), your account data is retained indefinitely and is not subject to the anonymization schedule above. This is necessary to enforce bans and prevent re-registration using the same credentials (GDPR Art. 17(3)(b), processing necessary for the establishment, exercise, or defence of legal claims).

8. Your Rights Under GDPR

You have the following rights regarding your personal data:
  • Right of access (Art. 15) - Request a copy of your data. Available via Settings > Privacy & Data > Export My Data.
  • Right to rectification (Art. 16) - Update your profile information at any time.
  • Right to erasure (Art. 17) - Delete your account via Settings > Privacy & Data > Delete My Account. Subject to legal retention obligations. Account deletion may be temporarily restricted if you have active or in-progress orders, or if you are a Creator with an outstanding balance to withdraw. Resolve these before requesting deletion.
  • Right to restriction (Art. 18) - Request that we limit processing of your data.
  • Right to data portability (Art. 20) - Export your data in a machine-readable format via the Export function.
  • Right to object (Art. 21) - Object to processing based on legitimate interest.
  • Right to withdraw consent (Art. 7(3)) - Withdraw consent for social media connections at any time by disconnecting the account.
To exercise any right not available through the Platform interface, contact us at fuseybusiness@gmail.com.
We will respond within 30 days as required by GDPR Art. 12(3).

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:
  • Encrypted data transmission (HTTPS/TLS)
  • Encrypted storage of OAuth tokens
  • JWT-based authentication with secure, HttpOnly cookies
  • Access controls and role-based permissions
  • Regular security assessments

10. Children's Data

Fusey is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has created an account, contact us and we will delete the account.

11. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you. Automated order actions (e.g., auto-decline after 72 hours) are contractual processes, not profiling.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or Platform notification at least 30 days in advance. The "Last updated" date at the top reflects the most recent revision.

13. Supervisory Authority

If you believe we are processing your data unlawfully, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):
Autoriteit Persoonsgegevens
PO Box 93374, 2509 AJ The Hague

14. Contact

Fusey B.V.
Registered address: Tesselschadestraat 39, 2026SM, Haarlem, the Netherlands
Email: fuseybusiness@gmail.com
This is our registered business address. We do not accept visits or postal correspondence at this location. For all enquiries, please contact us via the Platform or by email.