Skip to main content

Documentation Index

Fetch the complete documentation index at: https://help.fanaura.com/llms.txt

Use this file to discover all available pages before exploring further.

Your fans trust you with their personal information — their names, email addresses, phone numbers, and locations. That trust is sacred, and Fanaura is built to honor it. This page explains how fan data is stored, how privacy regulations are met, and what protections are in place.

Data Storage

Where Your Data Lives

Fanaura stores all data in a secure PostgreSQL database, hosted in Frankfurt, Germany (EU — eu-central-1). EU data residency provides a strong privacy foundation, as EU data protection laws are among the strictest in the world.
  • All data in transit is encrypted via TLS/SSL.
  • Database backups are maintained for disaster recovery.

What Data Is Stored

Data TypeExamplesWhere Stored
Fan profilesName, email, phone, location, birthdayEU (Frankfurt)
Engagement historyPresaves, email opens, clicks, purchases, RSVPsEU (Frankfurt)
Campaign dataBlast content, send history, delivery statsEU (Frankfurt)
Flow dataFlow configurations, execution logsEU (Frankfurt)
Integration credentialsAPI keys, OAuth tokensEU (Frankfurt), encrypted
Artist profilesAccount details, settings, preferencesEU (Frankfurt)
Asset dataMusic, tour, merch, extra metadataEU (Frankfurt)

GDPR Compliance

The General Data Protection Regulation (GDPR) is the EU’s comprehensive data protection law. Fanaura is designed with GDPR compliance at its core.
All personal data is stored within the EU (Frankfurt, Germany), satisfying GDPR’s data residency preferences and avoiding complex cross-border data transfer issues.

Data Minimization

Fanaura’s smart link data wrappers are configurable. You can collect only the data you actually need:
  • Required: Email address (minimum for communication).
  • Optional: First name, last name, phone number, birthday, location.
You decide which fields are required and which are optional. Collecting less data is both a privacy best practice and a way to reduce friction for fans.

CCPA Compliance

The California Consumer Privacy Act (CCPA) gives California residents specific rights over their personal data. Fanaura supports CCPA requirements:
  • Right to Know: California fans can request a copy of all personal data collected about them.
  • Right to Delete: California fans can request deletion of their personal data.
  • Right to Opt-Out of Sale: Fanaura does not sell fan data to third parties. Your fan data belongs to you and is never shared, sold, or monetized by Fanaura.
  • Non-Discrimination: Fans who exercise their privacy rights are not treated differently.
Fanaura does not sell fan data to third parties. Your fan data belongs to you and is never shared, sold, or monetized by Fanaura.
Every smart link in Fanaura includes a data wrapper — a privacy-compliant consent screen:
1

Fan Visits Smart Link

The fan visits your smart link.
2

Data Wrapper Appears

The data wrapper explains what data is being collected, why, and how it will be used.
3

Fan Submits

Fan enters their information and submits. Consent is recorded with a timestamp.
4

Content Access

Fan proceeds to the content (presave, streaming links, merch, etc.).
The data wrapper ensures that every fan interaction begins with informed consent. No data is collected without the fan actively choosing to provide it.

Email and SMS Opt-In

When fans provide their email through a smart link, they are opting in to receive marketing emails from you. The consent is logged and timestamped. You can include an explicit consent checkbox for additional clarity.

Opt-Out Mechanisms

Every marketing email sent through Fanaura includes a one-click unsubscribe link in the footer:
  • Fans click the link and are immediately unsubscribed.
  • Their email opt-in status is updated in real time.
  • This complies with CAN-SPAM, GDPR, and CCPA requirements.
When a fan opts out, you cannot manually re-add them to your mailing or SMS list. They must re-subscribe themselves. This protects fans from unwanted re-enrollment and protects you from legal liability.

Row Level Security (RLS)

Fanaura uses Row Level Security at the database level to ensure data isolation between artists:
  • Each artist can only access their own fans, assets, campaigns, and settings.
  • Database queries are automatically filtered by the authenticated artist’s ID.
  • Even if two artists share a fan, each artist only sees their own interaction data.
  • RLS is enforced at the PostgreSQL level, meaning it cannot be bypassed by application code. It is the strongest form of data isolation available in a shared database architecture.

Encryption

Sensitive data stored in the database is encrypted:
  • API keys: All third-party integration credentials are encrypted before storage.
  • OAuth tokens: Spotify and Instagram access tokens are encrypted.
  • Passwords: User passwords are hashed using industry-standard algorithms (never stored in plain text).

Session Management

Fanaura’s security model includes active session management:
  • Active session tracking: See which devices are logged into your account.
  • Device identification: Each session shows the browser, operating system, and approximate location.
  • Session revocation: Revoke individual sessions or all sessions at once.
  • Session heartbeat: Sessions periodically refresh to stay active and provide accurate “last active” timestamps.
See Security Settings for full details.

Data Export

On the Complete plan, you can export your complete fan database and engagement data: fan profiles with all fields, engagement history, campaign results, and delivery stats. Export in standard formats (CSV) for use in external tools. Data export gives you full portability — your data is yours, and you can take it with you.

Third-Party Data Handling

When Fanaura connects with third-party services, data flows in both directions:
IntegrationData SentData ReceivedData Stored
SMS ProviderSMS content, phone numbersInbound SMS, delivery statusMessage logs, phone numbers
Email ProviderEmail content, fan emailsDelivery status, opens, clicksEmail logs, engagement data
ShopifyNone (read-only)Products, ordersProduct data, purchase history
InstagramDM contentDM messages, comments, mentionsMessage logs, trigger data
SpotifyPresave commandsAuthorization tokens, metadataTokens, song metadata
Apple MusicLibrary additionsAuthorization tokensTokens
StripeSubscription dataPayment status, invoicesSubscription state
Fanaura only shares the minimum data necessary with each service for the integration to function.

Best Practices for Artists

Collect only what you need. Just because you can collect birthday, phone number, and location does not mean you always should. For a simple presave campaign, email might be enough. For a tour campaign, adding location makes sense.
Be transparent with fans. Go further than the data wrapper — mention in your social posts why you are collecting data: “Sign up so I can send you exclusive content and tour updates.” Transparency builds trust.
Honor opt-outs immediately. When a fan unsubscribes or texts STOP, respect it. Fanaura handles this automatically, but make sure your team knows not to manually re-add opted-out fans.
Secure your account. Your Fanaura account is the gateway to your fan data. Use a strong password, monitor active sessions, and limit team access to only those who need it.

What Happens Next

Fanaura’s privacy infrastructure works quietly in the background. You do not need to configure anything special — consent tracking, encryption, RLS, and opt-out processing are all built in. Focus on building genuine relationships with your fans, and know that their data is protected by design. If a fan ever requests their data or asks to be deleted, you can handle it directly from their fan profile in Fanaura. For questions about privacy compliance specific to your situation, consult with your legal team or use the Attorney role to give your counsel direct access to Activity Logs for review.