Fankado Privacy Policy

Effective date: Apr 21, 2026

This Privacy Policy describes how Fankado, Inc. (“Fankado,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards personal information when you use our websites, apps, and services that link to this Policy (collectively, the “Service”), as well as our marketing, events, social media, creator programs, and promotions.

Fankado, Inc. is the data controller responsible for the processing of personal information described in this Policy.

By using the Service, you agree to the practices described here. If you do not agree, do not use the Service.

1. Personal information we collect

We collect information in three main ways: (A) you provide it; (B) it’s collected automatically; and (C) we receive it from third parties.

A. Information you provide

• Contact & profile data: name, email, phone, mailing/shipping address; age or date of birth (for eligibility checks); username; avatar or display image.
• Verification data: Government-issued ID, date of birth, selfies/liveness checks, proof-of-control over official social channels (e.g., posting a one-time code), public agent/management contact details you provide for verification.
• Social handles and visibility settings: (e.g., X/Twitter, Instagram, TikTok), your creator follow/subscribe choices, and messaging preferences.
• Account security: passwords or credential fragments (hashed/salted where applicable), multi-factor details.
• Purchase & fulfillment data: items purchased (Cards, Packs), quantities, price paid, currency, order IDs, delivery preferences, shipping details (printed cards).
• Financial & payout data (Creators): tax forms (e.g., W-9/W-8), payout preferences, bank/processor account tokens; information needed to calculate and remit creator revenue shares and to resolve chargebacks/fraud.
• Compliance data: KYC/AML screening outputs (where required), sanctions screening results, proof of identity, age, or residency for Promotions/AMOE eligibility.
• Communications: emails, support chats, survey responses, feedback.
• User-generated content: profile information, comments, ratings, photos, artwork or other materials you upload, and associated metadata.

B. Automatic data collection

When you access the Service, we (and our service providers) automatically collect:

• Device & network data: IP address, device identifiers, OS, browser type, screen resolution, language, carrier, approximate location (city/region), and similar diagnostics.
• Online activity data: pages viewed, links clicked, time on page, referring/exit pages, in-app events, session dates/times, marketing campaign attribution, email open/click signals.
• Location data (if enabled): coarse or precise device location.

Cookies, local storage, pixels, and SDKs: We use cookies and similar technologies to operate and secure the Service, remember your preferences, perform analytics, measure campaigns, and (where applicable) support advertising. (Definitions patterned on the attached guide.)

C. Information from third parties

• Payment, fraud, and risk partners: payment processors, chargeback/fraud prevention tools, identity verification and sanctions-screening vendors.
• Screening vendors:we may receive verification signals (e.g., public blue-check status, platform account metadata, agent/management listings) and results from identity and sanctions-screening vendors.
• Login/linked services: if you choose to link or log in via a third-party service, we receive profile elements permitted by that service’s settings.
• Marketing/analytics partners: channel performance, attribution data, audience insights.
• Public sources: public profiles, social content you tag to us, public records.

We may receive social graph/handle verification from linked platforms if you connect them.

2. How we use personal information

We use personal information to:

• Provide and improve the Service: operate accounts; process orders (Cards, Packs); ship printed Cards; enable opening/auto-reveal windows; provide creator portals; calculate revenue shares; deliver features; debug and improve performance.
• Enable creator-to-buyer communications; share your chosen identifiers (e.g., email address, phone number, display name, purchased items, opted-in handles/contact) with the creator(s) you purchased from.
• Payments, payouts, and tax: process purchases and refunds; evaluate and manage chargebacks; hold or release creator payouts based on fraud/chargeback risk; generate tax forms and comply with tax obligations.
• Security, fraud, and compliance: authenticate users; detect, prevent, and investigate fraud, abuse, cheating or market manipulation; perform KYC/AML and sanctions screening as required; enforce our Terms and policies.
• Identity Verification: Verify creator identity and authenticity (including proof-of-control over official channels), detect and prevent impersonation and fraud, and determine eligibility for the Creator Program.
• Communications: send transactional messages (receipts, shipping updates, pack-reveal notices, policy changes); respond to support requests; send marketing messages where permitted (you can opt out).
• Research and analytics: analyze engagement, Pack open rates, rarity/odds performance at population level, product testing, and quality assurance.
• Promotions and AMOE: administer giveaways, sweepstakes, and alternate method of entry, verify eligibility, and deliver prizes.
• Legal: comply with law and legal process; protect our, your, or others’ rights, safety, and property.
• Create de-identified/aggregated data: for analytics and business purposes (we will not attempt to reidentify it).

Legal bases for processing (EEA/UK/Switzerland).

Where applicable, we process personal data under the following legal bases:

• Performance of a Contract: to provide the Service, including account creation, transactions, creator onboarding, and payouts
• Legitimate Interests: including fraud prevention, platform security, product improvement, analytics, and communications with existing users
• Consent: where required by law, including for marketing communications and non-essential cookies
• Legal Obligations: including tax, accounting, sanctions screening, and regulatory compliance

We only process personal data where at least one legal basis applies.

3. How we share personal information

We share personal information with:

• Creators: we share your display name, purchased items, and any opt-in social handles or contact details with the creator(s) whose products you purchased, for customer support and product updates. Creators are independent controllers of any personal data they receive from us and must comply with applicable law and your preferences.

• Service providers: hosting, cloud, security, fraud/chargeback prevention, identity verification and sanctions screening, email/SMS, analytics, customer support, printing/fulfillment, and shipping carriers. These recipients may also include third party companies and individuals to administer and provide the Services on our behalf (such as customer support, hosting, email delivery and database management services), as well as lawyers, bankers, auditors, and insurers. We will only provide these third parties with your personal information to the limited extent necessary to deliver the services.

  These service providers act as data processors and process personal data on our behalf under contractual obligations that include confidentiality, security, and data protection requirements.

  Such service providers include:

  • Google Analytics. We use Google Analytics as one way to uniquely identify site visitors, and track page visits on our Sites.

  You may permit us to share your personal information with other companies or entities of your choosing. Those uses will be subject to the privacy policies of the recipient entity or entities.

• Verification & compliance vendors: We share verification data with third-party providers that perform identity, liveness, sanctions/PEP screening, and fraud-risk analysis.
• Payment & payout processors: to process your purchases and creator payouts (they collect and use data under their own privacy policies).
• Login/linked platforms: if you choose to log in with or link another service, information flows as permitted by your settings.
• Marketing and analytics partners: to measure and improve campaigns and the Service.
• Promotion vendors: for entry management, winner selection, and prize fulfillment
• Professional advisors: lawyers, auditors, insurers, bankers.
• Authorities and legal requests: to comply with law, enforce our terms, or protect rights/safety.
• Business transferees: in connection with mergers, acquisitions, financings, or sale of assets.
• Other users/public: content you make public (e.g., profile, marketplace listings, comments) can be viewed, shared, cached, or copied by others.

We do not sell your personal information for money. We may “share” identifiers and online activity data with advertising/analytics providers in a way that could be considered “targeted advertising” or “sharing” under certain U.S. state laws; see Your Privacy Rights for how to opt out.

4. Your choices

• Access, correction, deletion: If you have an account, you can review and update certain information in your account settings. You can also submit a privacy request as described below.
• Marketing opt-out: Unsubscribe from marketing emails via the link in our messages. You will still receive transactional/administrative emails.
• Cookies & analytics: Use your browser controls to block/clear cookies. Where required by law, we obtain your prior consent before placing non-essential cookies. You can manage your cookie preferences at any time through our cookie consent tool.
• Linked services: Adjust sharing in your third-party account; changes there won’t remove data already obtained.
• Do Not Track: We do not respond to DNT signals at this time.

5. Your privacy rights

Depending on your jurisdiction, you may have the following rights:

For EEA/UK/Switzerland Users

• Right to access your personal data
• Right to correct inaccurate data
• Right to request deletion (“right to be forgotten”)
• Right to restrict processing
• Right to object to processing
• Right to data portability
• Right to withdraw consent at any time

We will respond to requests within 30 days as required by applicable law.

You also have the right to lodge a complaint with your local data protection authority.

How to exercise your rights

Submit requests at privacy@fankado.com or via in-product tools (when available). We will verify your identity (and authority, if an agent is used) consistent with applicable law and respond within required timelines. You will not be discriminated against for exercising your rights.

Appeals (certain U.S. states): If we deny your request, you may appeal by replying to our decision or emailing privacy@fankado.com with “Appeal” in the subject.

California: We provide this Policy as our notice at collection. We disclose the categories described above for the purposes outlined, retain data as described below, and do not collect “sensitive personal information” for inferring characteristics without consent.

EEA/UK/Switzerland: You may contact your local data protection authority. Where we rely on consent, you may withdraw it at any time (this won’t affect processing already performed). For creator verification, we rely on performance of contract (to onboard Creators), legitimate interests (preventing impersonation and fraud, platform safety), and legal obligations (sanctions/AML screening where applicable). Where consent is required (e.g., accessing a platform to post a verification code), you may withdraw it at any time.

6. Retention

We retain personal information for as long as necessary to provide the Service (e.g., account lifecycle, order history, fraud/chargeback windows, tax/accounting retention), comply with legal obligations, resolve disputes, and enforce agreements. We may retain de-identified/aggregated data indefinitely. We retain creator verification logs and artifacts for as long as needed to onboard and maintain the account, resolve disputes, comply with financial crime rules, and meet card-network/processor audit windows; then we delete or securely archive them consistent with our retention schedule.

Retention periods vary depending on the type of data:

• Account data: retained for the duration of the account and a reasonable period thereafter
• Transaction data: retained for financial reporting, tax, and chargeback obligations
• Communications: retained for support and dispute resolution
• Verification data: retained as necessary for compliance, fraud prevention, and audit requirements

7. Security

We employ administrative, technical, and physical safeguards designed to protect personal information appropriate to its sensitivity (e.g., encryption in transit, network segmentation, access controls, logging/monitoring). No system is perfectly secure; you use the Service at your own risk. (Security posture described in the attached guide.) Verification images/documents are stored with access controls, encryption in transit and at rest, and limited to personnel and vendors who need access for verification, fraud, or compliance purposes. We implement security measures appropriate to the risk, including encryption, access controls, and monitoring systems designed to protect personal data.

8. International data transfers

Fankado is based in the United States and may transfer personal data to the United States and other jurisdictions.

Where required by law, we implement appropriate safeguards for such transfers, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Contractual obligations with service providers to ensure GDPR-compliant handling

By using the Service, you understand that your information may be transferred to countries that may not provide the same level of data protection as your home jurisdiction.

9. Children

The Service is not for individuals under 18. If you believe we collected a child’s personal information in violation of law, contact privacy@fankado.com and we will delete it as required.

10. Third-party sites and services

The Service may link to or integrate third-party services (e.g., payment processors, login providers, shipping and identity-verification vendors). Their handling of your information is governed by their privacy policies; we are not responsible for their practices.

11. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify you by updating the effective date and providing additional notice as required (e.g., in-product notice or email). Your continued use of the Service after the effective date indicates acceptance of the updated Policy.

12. Contact us

Email (privacy): privacy@fankado.com
Email (general): support@fankado.com
Postal mail: Fankado, Inc., Attn: Privacy, 60 Rausch Street, San Francisco, CA, 94103

13. EU Representative

If required under applicable law, we will designate a representative in the European Union to act on our behalf regarding data protection matters.

Notes for Creators (payout recipients)

• We process tax forms, payout preferences, and fraud/chargeback signals to calculate Net Revenue and manage holds/reserves in line with our Terms. We may require identity verification and sanctions screening before releasing funds.
• We may disclose Creator information to payment/payout processors, tax authorities (as required), and professional advisors.