CollabPlsBeta

Privacy Policy

Last updated: March 4, 2026

1. Information We Collect

a) X (Twitter) Account Data

When you sign in with X (formerly Twitter), we receive and store the following information from your X profile:

  • Display name, X handle, profile picture URL, and bio
  • Location (if set on your X profile)
  • X account ID and verification status
  • Public metrics: follower count, following count, tweet count, and account creation date

b) Profile Information You Provide

You may provide additional information by editing your CollabPls profile:

  • Display name, bio, avatar (custom upload), and location
  • Content categories (photo shoot, video collab, virtual/livestream, content swap)
  • Niche tags (solo, B/G, G/G, group, fitness, lifestyle, cosplay, fetish, amateur, professional, boudoir, outdoor, studio)
  • Studio availability, studio details, and equipment
  • Experience level and gender
  • STD test date (self-reported date only — we do not collect, store, or request any medical records, test results, or health documentation)
  • Email address
  • Contact methods (up to 2): X DM handle, Telegram, WhatsApp, phone, email, Signal, Discord, or other — revealed only on mutual interest

c) Payment & Financial Data

  • Payments are processed by Stripe — we do not store credit card or bank account numbers
  • We store Stripe reference IDs (customer ID, session ID, payment intent ID) to link transactions to your account

d) Identity Verification Data

  • For optional ID verification ($4.99), Stripe Identity collects a government-issued photo ID and a selfie for biometric face matching
  • CollabPls does not store your ID images or biometric data — Stripe processes and retains this data under their own privacy policy
  • We store only the verification result (verified / not verified) and a Stripe session reference ID

e) Marketplace Data

  • Content library listing details (inventory counts, pricing, compliance status, delivery information)
  • Deal pipeline data (negotiation stages, terms, audit trail)

f) Direct Messages

  • When you send a direct message to another creator, we store the message content, sender, recipient, and timestamp
  • DM conversations are gated by mutual interest — both creators must express interest before messaging is enabled
  • Direct messages are automatically and permanently deleted after 30 days

g) Opportunities Data

  • If you post a paid opportunity on the job board, we collect the listing title, description, and payment amount
  • A Stripe payment reference ID is stored to link the listing fee to your account

h) Emergency Incident Reports

  • If you file an incident report, we collect: reporter name, email, and phone number; incident date, time, and location (full address); suspect details; description; and photo evidence
  • This data is shared with our safety team and emailed to you for your records

2. How We Use Your Information

  • Profile creation: Your X data is used to pre-fill your CollabPls profile so you can get started quickly.
  • Verification: We check your X verification status to display your verification badge on the platform.
  • Discovery: Your profile and listings are displayed to other creators to facilitate collaboration.
  • Notifications: We use your profile data to send in-app notifications and email notifications about collaboration interest and other platform activity. Both the sender and receiver are notified when interest is expressed.
  • Marketplace transactions: When you list content libraries for sale or express interest in purchasing, we facilitate communication between buyer and seller.
  • Payments: Processing boost purchases, sponsor subscriptions, marketplace fees, and featured listings via Stripe.
  • Safety & Moderation: AI-assisted review of user reports and chat messages. Automated systems classify report severity and recommend actions, but all moderation decisions are reviewed by a human before enforcement.
  • Communications: Sending transactional emails (welcome, notifications, verification results) and optional promotional emails. You control email preferences in Settings.
  • Analytics: Aggregating anonymized usage data to improve the platform.
  • Creator Outreach: We may use automated tools to discover and contact potential creators on X to invite them to the platform. These messages identify themselves as being from CollabPls.

3. Automated Decision-Making

  • We use AI (Claude by Anthropic) to assist with content moderation, report classification, and platform operations.
  • AI systems may classify report severity and recommend moderation actions (warn, restrict, ban).
  • All automated recommendations are reviewed by a human administrator before any action is taken against your account.
  • You can contest any moderation decision by contacting us.

4. Cookies & Tracking

Essential Cookies

  • Authentication session cookies (Supabase) to keep you signed in
  • OAuth flow cookies (x_code_verifier, x_oauth_state) with a 10-minute expiry, used during X sign-in

Analytics & Monitoring

  • Vercel Analytics: Privacy-focused, cookie-free page view tracking
  • Vercel Speed Insights: Performance metrics
  • Sentry: Error tracking with 20% trace sampling and no session replay

Custom Event Tracking

We track page views, profile views, listing views, and X click events. Events are batched and sent via your browser. Data is stored with your profile ID and used for analytics.

5. Data Storage

Your data is stored securely using Supabase, a cloud database platform with row-level security. Data is encrypted in transit and at rest. We do not store your X password or authentication tokens beyond the session.

Messages are stored with row-level security.

6. Third-Party Services

We do not sell, rent, or share your personal data with third parties except as required to operate the platform. The following services help us run CollabPls:

  • X (Twitter): OAuth authentication and profile data import. X's privacy policy governs their data collection.
  • Stripe: Payment processing, subscription management, and identity verification. Stripe's privacy policy governs payment and biometric data they process.
  • Supabase: Database hosting with row-level security, real-time features, and file storage. Data is encrypted in transit and at rest.
  • Vercel: Application hosting, serverless functions, privacy-focused analytics, and performance monitoring.
  • Resend: Transactional and promotional email delivery.
  • Sentry: Error monitoring and performance tracing.
  • Cloudflare Turnstile: Bot detection (CAPTCHA alternative). Cloudflare's privacy policy governs their data processing.
  • Anthropic (Claude): AI-powered content moderation, report classification, and platform operations. No personal data is stored by Anthropic beyond the processing window.
  • Upstash Redis: API rate limiting.
  • Google Maps: Address autocomplete in emergency incident reporting only.
  • OpenStreetMap Nominatim: Location geocoding (converting addresses to coordinates).
  • TensorFlow.js (NSFWJS): Client-side image content scanning. This runs entirely in your browser — no image data is sent to our servers for scanning.

We do not use advertising trackers or sell your data to third parties.

7. Email Communications

  • We send transactional emails for account activity (notifications, verification, payments).
  • We may send promotional emails about platform features and updates.
  • You can manage email preferences in Settings, including a “Pause All” option.
  • Every email includes a one-click unsubscribe link.
  • Promotional emails may track whether they were opened or clicked to improve our communications.

8. Your Rights

  • Edit: You can update your profile information at any time from your dashboard.
  • Delete: Self-service account deletion is available in Settings > Danger Zone. This permanently removes your profile, listings, chat messages, and all associated data. Stripe subscriptions are cancelled automatically.
  • Export: You can request a copy of your data by contacting us.

9. Data Retention

  • Active accounts: Your data is retained as long as your account exists.
  • Deleted accounts: All profile data, listings, and messages are permanently removed.
  • Financial records: Retained for 7 years as required for tax and accounting compliance.
  • Direct messages: Automatically and permanently deleted 30 days after being sent.
  • Emergency incident reports: Retained for 7 years (aligns with statute of limitations).

10. Children's Privacy

CollabPls is intended for users 18 years of age and older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected data from someone under 18, we will delete their account and data immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated date. Continued use of CollabPls constitutes acceptance of the revised policy.

12. Contact

For privacy-related questions or data requests, contact us at hello@collabpls.com or on X at @collabpls_.