Chaturfan Privacy Policy
Effective Date: 18 September 2025
Chaturfan (“we,” “our,” “us”) helps creators sell digital files (music, ebooks, PDFs, tutorials, etc.) directly to fans. Chaturfan integrates with Google Drive and Google Apps Script to store files and run automation, and can optionally connect to Stripe to process payments. You control your data in your own Google account.
1. Overview
Chaturfan is a direct-to-fan (D2F) mobile and web app that enables creators to sell their digital files directly to fans. To deliver this functionality, the app integrates with your Google Drive, Google Apps Script, and (optionally) your Stripe account.
- You own and control your files and data.
- Files and metadata are stored in your Google Drive.
- Automation runs in a user-owned Apps Script project in your Google account.
- We request the minimum Google OAuth scopes needed for these features.
2. Google Data We Access
Google Drive — https://www.googleapis.com/auth/drive.file
Create and manage a dedicated folder and the files the app creates (including data.json and your uploaded products). We do not access or manage files outside the app-created folder.
Google Apps Script (runtime in your account)
script.scriptapp— Configure script behavior.script.external_request— Let your script call Stripe’s API to create products/prices/payment links.script.send_mail— Let your script send buyers a transactional email (download link) from your Google account.
We do not use Google Sheets or Google Picker. We do not access Gmail content or read your email; script.send_mail is used only to send purchase emails.
3. OAuth Consent: Scopes & Data Use
Chaturfan uses two consent flows:
A) Web app scopes (requested by the Chaturfan web app)
openidemailprofile— Sign in and associate the correct Google account.https://www.googleapis.com/auth/drive.file— The web app creates/updates only app-created files and may temporarily enable & later revoke link-sharing for time-limited downloads. No full-Drive access.https://www.googleapis.com/auth/script.projectsandhttps://www.googleapis.com/auth/script.deployments— Programmatically create and deploy a user-owned Apps Script Web App that serves as the backend.
B) Apps Script runtime scopes (requested by your user-owned script during first run)
https://www.googleapis.com/auth/drive.filehttps://www.googleapis.com/auth/script.scriptapphttps://www.googleapis.com/auth/script.external_requesthttps://www.googleapis.com/auth/script.send_mail
These runtime scopes are declared in the script’s appsscript.json and are authorized in a separate consent screen when you open/run the script the first time.
Limited Use
We use Google user data only to provide user-requested features. We do not sell data, serve ads, or transfer Google user data to third parties except as necessary to provide the features (e.g., calling Stripe at your request). OAuth tokens are stored on your device and are not sent to our servers. We do not allow human access to your Google data except with your consent, for security/abuse prevention, or when required by law.
4. Stripe (Optional)
If you connect Stripe, your script creates products and reusable payment links. Stripe processes payments; we do not handle card data. After checkout, your app may receive from Stripe (depending on your Stripe settings): buyer email, name, phone, custom fields (e.g., notes), currency/amount, and Payment Intent ID. Your script stores relevant info in data.json in your Drive.
5. How We Use Your Data
Your Google user data is used only to provide core functionality you initiate:
- Upload your files into a folder you own in Google Drive.
- Maintain
data.json(titles, tags, genres, prices, catalog, sales, fans, revoke schedule). - Deploy and run your Apps Script backend to:
- Generate Stripe payment links.
- Provide time-limited download links via Drive “anyone-with-link” permissions (then revoke).
- Send buyers their download link (
script.send_mail).
We do not sell or share your data for advertising or marketing, and we do not access/manage any files outside the Chaturfan-created folder.
6. Storage & Ownership
- Files: Your uploaded content remains in your Google Drive folder.
- Metadata: Stored in
data.jsonin that folder. - Automation: Runs in your user-owned Apps Script project.
- No vendor hosting: We do not host your files or proxy them through our servers.
Device Data and Tokens
The app stores Google OAuth tokens (e.g., refresh/access tokens) on your device to perform Drive/Apps Script operations on your behalf and does not send them to our servers.
- iOS/Android: Tokens are stored using OS-level encrypted storage (Keychain/Keystore) via Capacitor Secure Storage. If encrypted storage is unavailable, we may fall back to platform Preferences.
- Web: We do not persist refresh tokens. If secure storage is unavailable, we log a warning and skip persistence (you may be asked to sign in again).
You can sign out to clear tokens on the device.
8. Security
We rely on Google’s and Stripe’s OAuth 2.0 and infrastructure for authentication and storage. We do not store your Google password or Stripe credentials.
Token handling: Tokens are stored only on the user’s device (encrypted on mobile); we do not transmit them to our servers.
9. Your Rights & Choices
- Revoke Google permissions anytime in Google Account → Security → Third-party access.
- Delete the app’s Drive folder and Apps Script project to remove access and data.
- Disconnect Stripe in your Stripe Dashboard.
- Remove the app from your device at any time.
10. Children’s Privacy
Chaturfan is not intended for children under 13 (or the local age of consent). We do not knowingly collect data from children.
11. Changes to this Policy
We may update this policy. Updates will appear here with a revised effective date.
12. Contact Us
Questions about this Privacy Policy or how Chaturfan handles your data?
Email: info@chaturfan.com
Website: https://chaturfan.com