EU Rights & DSA Transparency
Last updated: 10 April 2026
This page describes the rights of users based in the European Union or European Economic Area (EU/EEA) under the EU General Data Protection Regulation (GDPR) and the EU Digital Services Act (DSA). These rights are in addition to those described in our Privacy Policy and Terms of Service.
1. EU GDPR — your rights
As a resident of the EU/EEA, your personal data is processed in accordance with Regulation (EU) 2016/679 (the GDPR). You have the following rights:
- Right of access (Art. 15): Obtain a copy of the personal data we hold about you and information about how it is processed.
- Right to rectification (Art. 16): Have inaccurate or incomplete personal data corrected.
- Right to erasure (Art. 17): Have your personal data deleted ('right to be forgotten'), subject to exceptions for legal obligations.
- Right to restriction of processing (Art. 18): Restrict how we process your data in certain circumstances.
- Right to data portability (Art. 20): Receive your personal data in a structured, machine-readable format.
- Right to object (Art. 21): Object to processing based on legitimate interests, including profiling.
- Rights related to automated decision-making (Art. 22): Not to be subject to solely automated decisions that produce significant legal or similar effects.
- Right to withdraw consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
To exercise these rights, contact privacy@fanluma.com. We will respond within one calendar month.
If you are dissatisfied with our response, you have the right to lodge a complaint with your national Data Protection Authority (DPA). A list of EU DPAs is available at edpb.europa.eu.
2. Legal basis for processing EU data
We process personal data of EU/EEA residents on the following legal bases under EU GDPR Art. 6:
| Processing activity | Legal basis |
|---|---|
| Platform service provision, account management | Art. 6(1)(b) — contract |
| Payment processing, fee calculation, referral payouts | Art. 6(1)(b) — contract |
| Age verification (18+ gate) | Art. 6(1)(c) — legal obligation; Art. 6(1)(b) — contract |
| Creator KYC identity verification | Art. 6(1)(c) — legal obligation; Art. 6(1)(b) — contract |
| Fraud prevention, platform security | Art. 6(1)(f) — legitimate interests |
| Service emails (receipts, notifications) | Art. 6(1)(b) — contract; Art. 6(1)(f) — legitimate interests |
| Marketing emails (optional) | Art. 6(1)(a) — consent |
| Analytics, platform improvement | Art. 6(1)(f) — legitimate interests |
| Legal compliance, NTD, CSAM reporting | Art. 6(1)(c) — legal obligation |
| DSA content moderation transparency | Art. 6(1)(c) — legal obligation |
3. International transfers
Personal data may be transferred to countries outside the EU/EEA (primarily the United States) where our cloud hosting (Replit), email delivery (Resend), and payment processor (Stripe) are based. These transfers are protected by the EU Standard Contractual Clauses (SCCs) adopted under Commission Decision 2021/914, or adequacy decisions where applicable. You can request a copy of the applicable transfer mechanisms by emailing privacy@fanluma.com.
4. EU Digital Services Act (DSA) — your rights
FanLuma operates as an online intermediary subject to Regulation (EU) 2022/2065 (the Digital Services Act). Under the DSA, EU/EEA users have the following additional rights:
Right to a statement of reasons
If we restrict, suspend, or remove your content or account, we will provide you with a clear statement of reasons for that decision, including the specific policy that was violated.
Right to appeal content moderation decisions
You have the right to challenge any content moderation decision we make about your content or account. To appeal a decision, email legal@fanluma.com with the subject "DSA Appeal" and a description of the decision you are appealing. We will review appeals in a timely manner.
Right to use an out-of-court dispute settlement body
If you disagree with the outcome of an internal appeal, you have the right to refer the matter to a certified out-of-court dispute settlement body under Article 21 DSA. A list of certified bodies will be made available by the European Commission.
Right to report illegal content
You may report content you believe to be illegal under EU law or the laws of any EU member state by emailing compliance@fanluma.com. We will process notices in accordance with DSA requirements and acknowledge receipt promptly.
Transparency reporting
FanLuma publishes transparency information about our content moderation activities as required by the DSA. This includes the number of content removal notices received and actioned, appeals received, and automated moderation systems used.
Recommender systems
Where FanLuma uses algorithmic systems to recommend content or creators, you have the right to understand the main parameters used. Content recommendations on FanLuma are based on your subscription history, browsing activity, and creator popularity. You may adjust your preferences in your account settings.
Advertising transparency
FanLuma does not display targeted advertising. Any promotional content displayed is general (not personalised) and will be clearly labelled as such.
5. DSA Single Point of Contact
As required by Art. 11 DSA, FanLuma designates the following contact for direct communication with EU member state authorities and the European Commission:
6. EU consumer protection
EU consumers have rights under applicable EU consumer protection law including the Consumer Rights Directive (2011/83/EU) and the Unfair Contract Terms Directive (93/13/EEC). These rights cannot be waived by contract. If you have a consumer complaint, you may use the EU Online Dispute Resolution platform: ec.europa.eu/consumers/odr.
Cancellation rights: EU consumers who have purchased a digital content subscription may have a right of withdrawal of 14 days from purchase, unless the digital content has already been provided with your prior express consent. Fan payments to creators are processed in real-time and are considered immediately delivered.
7. Contact
FanLuma Ltd
Privacy (GDPR): privacy@fanluma.com
Legal / DSA: legal@fanluma.com
Compliance / Illegal content: compliance@fanluma.com