BeMe

Privacy policy

Your data, protected by design

Effective date: April 13, 2026  ·  Last updated: April 29, 2026

Data controller: Beme Group Limited, Hong Kong

1. Introduction and scope

This Privacy Policy describes how BeMe collects, uses, discloses, and protects personal data from Creators (content creators who monetize on BeMe), Fans (end users who purchase content from Creators via Telegram, BeMe receives limited Fan transactional data indirectly via payment processor for fraud detection and legal compliance only), and Visitors (anyone accessing the BeMe creator dashboard or related web services).

Data controller: Beme Group Limited (Hong Kong).

This policy complies with:

  • GDPR (General Data Protection Regulation), for EU/EEA residents
  • CCPA (California Consumer Privacy Act), for California residents
  • FOSTA-SESTA, for U.S. legal compliance on age verification records
  • Other local laws as applicable in user jurisdictions

2. Data we collect

2.1 Creator data (identity and verification)

  • Legal name, date of birth, address
  • Government-issued photo ID (processed via Sumsub KYC)
  • Email address and phone number
  • Bank account information for payouts
  • Nationality and residency status
  • Username, profile description, profile photo
  • Content titles, descriptions, pricing, and metadata (not content itself)
  • Earnings, transaction history, payout records
  • Login activity, IP addresses, device information
  • Support tickets and correspondence

2.2 Fan data (received indirectly)

BeMe does not directly collect Fan personal data. The following is received indirectly via payment processor solely for transaction processing, fraud prevention, and legal compliance:

  • Transaction data: billing name, billing address, last 4 digits of card, transaction amount, timestamp
  • Purchase records: content ID purchased, Creator account, price paid

BeMe Agent message processing: Fan messages sent to Creators on Telegram are processed in real-time by the BeMe Agent to generate responses on the Creator's behalf. BeMe processes message content solely to produce BeMe Agent responses and does not store fan conversation history for commercial purposes. This processing occurs under the Creator's instruction.

Credit card numbers, expiration, and CVV are processed by payment processors only, NOT stored by BeMe.

2.3 Visitor data (creator dashboard)

  • IP address, browser type, pages visited
  • Click-through data, time on site, referral source
  • Cookies and tracking identifiers (see Section 6)
  • Device information (OS, screen resolution)

3. How we use data

3.1 Creator data use

  • Platform operations: Account verification, content management, earnings tracking
  • Payment processing: Payout calculations, tax reporting, fund disbursement
  • Legal compliance: Age verification records (required by FOSTA-SESTA), law enforcement requests
  • Fraud prevention: Detecting chargebacks, payment fraud, account abuse
  • Communication: Support, policy updates, payment notifications
  • Analytics: Aggregated data on creator earnings and content types

Creator data is NOT sold to third parties or shared with unaffiliated marketers.

3.2 Fan data use

  • Payment reconciliation: Matching transaction receipts to Creator payouts
  • Age verification: Confirming Fan is 18+ (credit card issuer data)
  • Legal compliance: Record-keeping per FOSTA-SESTA, NCMEC reporting if needed
  • Fraud prevention: Detecting payment fraud and account abuse

Fan data is NOT sold to third parties or used for marketing without explicit consent.

3.3 Data not collected or stored

  • Fan credit card numbers, CVV, or full card data
  • Creator content (stored in Creator's Google Drive)
  • Biometric data (except government ID photo, used for age verification only)
  • Data from minors (all users must be 18+)
  • Cross-site tracking (except analytics platforms listed in Section 6)

4. Data sharing

4.1 Data shared with third parties

Payment processing:

Fan payment method, billing address, and transaction amount, shared on the basis of contractual necessity.

Identity and age verification (Sumsub):

Government ID photo, legal name, date of birth, address (Creator only), required for FOSTA-SESTA compliance.

Analytics (Google Analytics):

Anonymized, aggregated usage data, no personal identifiers. Opt-out via browser privacy settings.

Cloud storage (Google Cloud):

BeMe database servers hosted on Google Cloud, hashed passwords, transaction records, account info.

Law enforcement and legal requests:

BeMe discloses data to law enforcement if required by subpoena, court order, or legal process. BeMe will notify users of legal requests unless legally prohibited.

4.2 Data not shared

  • Creator or Fan data with marketing/advertising companies
  • Personal data with unaffiliated third parties (except as required above)
  • Data for purposes outside this Privacy Policy without explicit consent

5. Data retention and deletion

5.1 How long we keep your data

  • Active accounts: Creator data retained while account is active
  • Deleted accounts: Deleted within 30 days of account deletion, except legally required records
  • Website analytics and cookies: Retained for 24 months; anonymized after 12 months

5.2 User right to deletion

Email legal@bemeapp.ai with subject "Data Deletion Request."

  • Request received and logged
  • Account flagged for deletion within 24 hours
  • Data deleted within 30 days
  • Confirmation email sent

6. Cookies and tracking

6.1 Cookies used

Essential cookies (required):

  • Session tokens (authentication, security)
  • CSRF tokens (cross-site request forgery protection)
  • User preferences (language, theme)

Analytics cookies (optional):

  • Google Analytics (anonymized usage tracking)
  • Hotjar (session replays, anonymized)

6.2 Opting out of tracking

  • Disable cookies in browser settings (may break some functionality)
  • Opt out of Google Analytics: tools.google.com/dlpage/gaoptout
  • Opt out of Hotjar: hotjar.com/policies/opt-out
  • Use Do Not Track (DNT) setting in browser, BeMe honors DNT where applicable

7. Data security

7.1 Security measures

  • Access controls: Role-based access (RBAC); only authorized staff access personal data
  • Audit logging: All data access logged and monitored for unauthorized activity
  • Incident response: Data breach protocol per Section 7.2

7.2 Data breach notification

  • Assessment: BeMe investigates scope and impact within 24 hours
  • Notification: Affected users notified within 72 hours per GDPR requirements
  • Authorities: Competent authorities notified per GDPR if breach poses risk to rights/freedoms
  • Remediation: BeMe provides credit monitoring and identity theft protection if appropriate

8. International transfers

8.1 EU-to-third-country transfers

Creator/Fan data from EU/EEA residents transferred to U.S. (Google Cloud, payment processors) is subject to Standard Contractual Clauses (SCCs) per GDPR Article 46. Users have the right to object to international transfers.

8.2 California (CCPA) compliance

  • Right to access personal data (submit request to legal@bemeapp.ai)
  • Right to deletion (submit deletion request per Section 5.2)
  • Right to opt-out of "sale" of personal data (BeMe does not sell data)
  • Right to non-discrimination for exercising CCPA rights

9. Children and minors

BeMe is not intended for users under 18. If BeMe becomes aware that a minor has provided personal data, the account is immediately suspended and data is deleted within 30 days (except legally required records).

10. Your rights

10.1 GDPR rights (EU/EEA users)

  • Access: Request a copy of personal data BeMe holds (Article 15)
  • Correction: Request correction of inaccurate data (Article 16)
  • Deletion: "Right to be forgotten" (Article 17)
  • Restriction: Request restriction of data processing (Article 18)
  • Portability: Request data in machine-readable format (Article 20)
  • Objection: Object to processing, including for marketing (Article 21)
  • Automated decision-making: Object to profiling or automated decisions (Article 22)
  • Lodge complaint: File a complaint with your local data protection authority (DPA)

Email legal@bemeapp.ai with subject "GDPR Data Request, [Right type]". BeMe responds within 30 days.

10.2 CCPA rights (California users)

  • Access: Request personal data disclosed (CCPA § 1798.100)
  • Deletion: Request deletion of collected personal data (CCPA § 1798.105)
  • Opt-out: Opt out of "sale" of personal data (CCPA § 1798.120)
  • Non-discrimination: Not be discriminated against for exercising rights (CCPA § 1798.125)

Email legal@bemeapp.ai. BeMe responds within 45 days per CCPA requirements.

11. Contact and complaints

Data Protection Officer, Beme Group Limited

Unit 02, 16/F, W668, Nos. 668 Castle Peak Road, Cheung Sha Wan, Kowloon, Hong Kong (Company No. 80224676)

Email: legal@bemeapp.ai

12. Policy changes

BeMe may update this Privacy Policy at any time. Changes take effect immediately for new users and 30 days after notice for existing users (via email and website banner). Continued use of the Platform constitutes acceptance. Users may terminate accounts if they disagree with changes.

This Privacy Policy is supplemented by the Terms of Service and Content Policy.