How does OnlyFans's OnlyFans Privacy Policy affect users?

The policy establishes that OnlyFans collects government identification documents, selfie-based verification imagery, financial account information, and complete records of user communications and activity. Creators operate under collection and processing of residential address, tax forms, and bank account details shared with third-party service providers. Users may access, correct, or request deletion of personal data by submitting requests to privacy@onlyfans.com or through account settings a…

How often is OnlyFans's OnlyFans Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when OnlyFans updates this document?

Yes. Monitor subscribers ($19/month) can add OnlyFans to their watchlist and receive same-day email alerts whenever this document or any other OnlyFans document changes.

CA-D-000724

OnlyFans Privacy Policy

OnlyFans

Last change detected May 5, 2026 Privacy policy

SHA-256: 9ceccbe0e248e2cb726… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at OnlyFans ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

4 High severity

6 Medium severity

0 Low severity

Summary

This document establishes OnlyFans' practices for collecting, processing, and sharing personal information from both content creators and users. The policy authorizes collection of government-issued identification documents, facial imagery for age and identity verification, payment and banking details, and all user communications and platform activity. For creators, the policy permits collection of residential address, tax identification numbers, bank account information, and government ID, with transmission of specified data to third-party verification and payment processors.

Technical / Legal Breakdown

This privacy policy, published by Fenix International Limited (operator of OnlyFans), governs the processing of personal data for Creators, Fans, and Content Collaborators under a data controller framework, citing contract performance, legal obligation, legitimate interests, and consent as lawful bases under GDPR. The policy states that OnlyFans collects an extensive range of data categories including government identity documents, selfie-based age verification (including biometric-adjacent face estimation data for some users), financial data (bank account details, tax forms including W-9 and 1099 forms), technical and usage data, and communications content such as chat messages; the terms also authorize sharing this data with third-party service providers, payment processors, identity verification vendors, advertising partners, and law enforcement. Notably, the policy explicitly carves out 'Face Recognition Data' as a distinct category separate from general onboarding data, suggesting awareness of biometric data regulation, and it discloses age estimation processing for Fans via third-party providers, a practice that may engage biometric or sensitive data obligations depending on jurisdiction; the policy asserts that aggregated or de-identified data falls outside its scope, which is an assertion that may require evaluation under regulations such as CCPA where re-identification risk standards apply. The policy engages GDPR (as Fenix International Limited is a UK-registered entity), UK GDPR post-Brexit, CCPA and other U.S. state privacy laws (addressed in a dedicated Section 18), and potentially Illinois BIPA and similar state biometric laws given the face estimation and identity verification processes described; compliance considerations include the adequacy of consent mechanisms for biometric-adjacent data, the lawfulness of international data transfers, and the sufficiency of data subject rights mechanisms for users across multiple jurisdictions.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

High — 4 provisions

Biometric-Adjacent Age Estimation and Identity Verification Compare →

When you sign up as a Fan, OnlyFans may ask you to take a selfie video (.gif) which is processed by a third-party provider to estimate your age or verify your identity. The results and metadata of this process are collected and stored.

Added May 10, 2026 Standard Seen across 284 platforms
Government ID and Selfie Collection from Creators Compare →

Creators must provide a copy of their government-issued ID and a selfie holding that ID to OnlyFans as part of the registration and verification process. Third-party social media handles may also be collected to further verify identity.

Added May 8, 2026 Standard Seen across 284 platforms
Financial Data Collection Including Bank Account and Tax Information Compare →

Creators must provide bank account details, tax identification numbers, and US tax forms (W-9, 1099) to OnlyFans, which collects and processes this financial data to facilitate payouts and comply with tax reporting obligations.

Added May 10, 2026 Standard Seen across 284 platforms
Face Recognition Data as Separate Category Compare →

The policy explicitly carves out 'Face Recognition Data' as a distinct data category separate from the selfie-based age estimation and identity verification data described in the onboarding sections.

Added May 10, 2026 Standard Seen across 284 platforms

Medium — 6 provisions

Third-Party Data Sharing with Service Providers and Partners Compare →

OnlyFans shares your personal data with a range of third-party providers including identity verification vendors, payment processors, and potentially advertising partners, who process your data on the platform's behalf.

Added May 10, 2026 Standard Seen across 284 platforms
Policy Updates Effective Upon Posting Compare →

OnlyFans can update its privacy policy at any time, and the new version takes effect as soon as it is posted. The company says it will try to notify you of major changes through a feed notification or chat message, but notification is not guaranteed.

Added May 10, 2026 Standard Seen across 284 platforms
Data Subject Rights (Access, Erasure, Portability, Objection) Compare →

The policy states that users have rights to access, correct, delete, and export their personal data, and can exercise these rights by contacting OnlyFans through designated channels including email.

Added May 10, 2026 Standard Seen across 284 platforms
Chat Messages and Content Stored as Account Data Compare →

OnlyFans stores all chat messages, posts, comments, and customer support queries as part of your account data, meaning the content of private communications is retained and processed by the platform.

Added May 10, 2026 Standard Seen across 284 platforms
Age Restriction and 18+ Representation Compare →

OnlyFans requires all users to be 18 or older and states that by using the platform you are confirming you meet this age requirement. The platform uses age verification processes to enforce this restriction.

Added May 10, 2026 Standard Seen across 284 platforms
Content Collaborator Data Collection Compare →

People who appear in content uploaded by a Creator (Content Collaborators) must provide their full name, residential address, government ID, and a selfie with their ID, along with a signed release form, as part of the platform's verification process.

Added May 10, 2026 Standard Seen across 284 platforms