Privacy Policy

Effective: March 28, 2026

1. What We Collect

We collect only what is necessary to operate the Service:

  • Account data — email address (if using magic-link sign-in), or Nostr public key (if using Nostr sign-in). Never your password.
  • Profile data — username, Lightning address, and optional “About” text you choose to add.
  • Upload metadata — title, tags, price, NSFW flag, and creation timestamp for images you upload. The original image file is never seen by our servers (see §3).
  • Payment metadata — Lightning payment hashes and invoice strings for unlock and tip transactions. We do not store credit card numbers or bank details.
  • Usage data — basic view counts per image. We do not use third-party analytics trackers.
  • Session data — a secure HTTP-only cookie used to keep you signed in.

2. How We Use Your Data

  • To authenticate you and maintain your session
  • To route Lightning payouts to the address you provide
  • To display your public profile and uploads (if you set a username)
  • To enforce our content policies and respond to reports

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. End-to-End Encrypted Images

Images are encrypted with AES-256-GCM in your browser before upload. Our servers only receive the encrypted blob — we never see the original image or video. The encryption key is stored server-side in encrypted form and is only released to a buyer after a confirmed Lightning payment. This means even in the event of a server breach, raw image content cannot be recovered.

4. Nostr Profile Data

If you sign in with Nostr, we fetch your public profile (kind 0 event) from public Nostr relays to populate your display name and profile picture. This data is public on the Nostr network and is not collected from you directly. You can update or remove it at any time in your account settings.

5. Cookies

We use a single secure, HTTP-only session cookie to keep you signed in. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. If you decline cookies, you will not be able to maintain a signed-in session.

6. Third-Party Services

  • Lightning Network / Alby — used to create and settle Lightning invoices. Payment data flows through the Bitcoin Lightning Network, which is pseudonymous by design.
  • Nostr relays — public relays used to fetch profile metadata for Nostr users.

We do not integrate with any social media advertising networks.

7. Data Retention

Account data is retained as long as your account is active. Uploaded images (encrypted) are retained until you delete them or until we remove them under our content policies. Payment records are retained for a minimum of 3 years for fraud-prevention purposes.

8. Your Rights

You may request deletion of your account and associated data by emailing privacy@fuzzpic.com. Note that payment hashes stored for fraud-prevention may be retained in anonymized form even after account deletion.

9. Children's Privacy

FuzzPic is intended for users 18 and older. We do not knowingly collect data from anyone under 18. If you believe we have collected data from a minor, contact us immediately at privacy@fuzzpic.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the effective date above and, where appropriate, notify users via email. Continued use of the Service after an update constitutes acceptance.

Terms of Service← Back to FuzzPic