Legal

Privacy Policy

Effective: 2nd June 2026 Version: 1.0 Company: Blue Silk Limited · No. 17051544

Blue Silk Limited 167-169 Great Portland Street, London, United Kingdom, W1W 5PF
Privacy enquiries: privacy@bluesilk.ai
General contact: contact@bluesilk.ai

1. Who We Are and How to Contact Us

Blue Silk Limited (Company Number: 17051544) is the data controller responsible for your personal data. We operate the BSilk platform, an AI-powered chatting and content monetisation service for creators on OnlyFans, Fanvue, and other supported platforms.

We are registered with the Information Commissioner’s Office (ICO) as required under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Scope of This Policy

This Privacy Policy explains how Blue Silk Limited collects, uses, stores, shares, and protects personal data in connection with the BSilk platform. It applies to:

Creators: individuals who register a BSilk account to use the AI Chatter service in connection with their OnlyFans or Fanvue account;
Agencies: entities that manage one or more Creator accounts through BSilk;
Fans: end subscribers and buyers on Supported Platforms whose data may be processed as part of the AI Chatter service on a Creator’s behalf;
Visitors: individuals who visit the BSilk website without registering.

This Policy should be read alongside our Terms of Service. Where you are a Creator or Agency, you may also be a data controller in your own right in respect of your Fans’ personal data, and you are responsible for providing your own privacy notices to Fans.

3. Data We Collect

3.1 Account and identity data

When you register for a BSilk account, we collect:

name and email address;
username and password (stored in hashed form);
your OnlyFans or Fanvue account identifier (username or profile URL);
account type (Creator or Agency);
date of birth or age verification confirmation (where required);
correspondence and support communications.

3.2 Payment and transaction data

When you purchase BSilk$ Credits, we collect:

transaction amount, date, and currency;
payment method type (card or cryptocurrency);
BSilk$ Credit balance and transaction history;
billing country and VAT information where applicable.

Card payment details are processed exclusively by Stripe, Inc. and are never stored by BSilk. Cryptocurrency transactions are processed by our designated crypto payment provider. We receive only transaction confirmation data, not full payment instrument details.

3.3 Content screening data (AI analysis)

This is a critical processing activity specific to BSilk. Please read this section carefully.

How content screening works
When you connect your Supported Platform account to BSilk, our proprietary AI temporarily downloads your content and fan interaction data directly from the Supported Platform, analyses it to build a semantic profile, then permanently deletes the raw data within seconds of analysis completing. Only the structured output — categories, tone, engagement patterns — is retained and used to configure the AI Chatter for your account.

We DO collect	We DO NOT store
Semantic analysis output — content categories, tone analysis, topic classifications, engagement pattern data	Your actual content (images, videos, audio), the text of fan messages, or any other raw media

The semantic profile is retained for as long as your account is active and deleted within 30 days when your account is closed. The legal basis for this processing is the performance of our contract with you (Article 6(1)(b) UK GDPR).

3.4 Usage and technical data

We automatically collect the following data when you use the Platform:

IP address and approximate geolocation (country/city level);
device type, operating system, and browser;
pages visited, features used, and time spent on the Platform;
referring URL;
error logs and crash reports;
AI Chatter performance metrics (message volume, transaction conversion rates) — these are aggregated and do not identify individual Fans.

3.5 Communications data

If you contact us by email or through the Platform, we collect:

your name and contact details;
the content of your message and any attachments;
our responses and any follow-up correspondence.

4. The Content Screening Process

4.1 What is downloaded

When you authorise BSilk to connect to your Supported Platform account, our system temporarily retrieves:

publicly visible content on your creator profile;
post metadata (titles, descriptions, pricing, content type flags set by the platform);
fan message history accessible via the Supported Platform’s API (where API access permits);
engagement metrics (likes, views, tips) as provided by the Supported Platform API.

We access only data that the Supported Platform makes available via its authorised API. We do not circumvent any platform restriction or access data beyond what you have authorised us to access.

4.2 What the AI does

Our proprietary AI processes the retrieved data to generate:

content category tags (e.g. content type, theme, format);
tone and communication style descriptors (e.g. playful, direct, affectionate);
topic and interest classifications;
engagement pattern data (what types of content or messages generate Transactions);
pricing signal analysis (typical price points for your content).

4.3 Deletion and retention

The raw downloaded content (messages, media metadata, post text) is deleted from our systems within seconds of the AI analysis completing. We operate a technical delete process — not archiving or anonymisation — meaning the data is permanently removed. Only the structured semantic profile output is retained. If you close your BSilk account, your semantic profile is deleted within 30 days.

4.4 Fan data in the screening process

Fan messages processed during content screening are used solely to calibrate the AI Chatter’s communication style for your account. We do not:

create individual profiles of your Fans;
sell or share Fan message content with any third party;
retain any identified Fan message content after analysis.

You, as the Creator, are responsible for ensuring that your use of Fan message data in connection with BSilk complies with applicable data protection law and the privacy notices you have provided to your Fans.

5. How We Use Your Data

Providing the BSilk service: operating your account, running the AI Chatter, processing Credit purchases, and managing Agency-Creator bonds.
Content screening and AI configuration: as described in Section 4.
Referral Programme: tracking referral relationships, calculating and crediting Referral Rewards, and preventing abuse.
Payments: processing Credit purchases, issuing VAT receipts, handling refunds, and complying with financial regulations.
Safety and fraud prevention: detecting, investigating, and preventing fraudulent activity, abuse of the referral or bonus schemes, fake accounts, and violations of our Terms of Service.
Customer support: responding to your enquiries, processing complaints and appeals.
Legal compliance: complying with UK law, court orders, regulatory requirements, and obligations under AML/KYC rules for cryptocurrency transactions.
Platform improvement: analysing aggregated, anonymised usage patterns to improve the AI Chatter and Platform features. We do not use your identifiable content for AI model training without your explicit consent.
Communications: sending service-related emails (account confirmations, Credit balance alerts, policy updates). We will only send marketing communications where you have opted in.

6. Legal Bases for Processing (UK GDPR)

Contract (Article 6(1)(b)): processing necessary to provide the BSilk service to you, including account management, AI Chatter operation, content screening, and payment processing.
Legal obligation (Article 6(1)(c)): processing required to comply with UK law, including AML/KYC obligations, tax requirements, and regulatory obligations.
Legitimate interests (Article 6(1)(f)): fraud prevention, platform security, abuse detection, and aggregated analytics. We have conducted a balancing test and are satisfied our interests do not override your rights.
Consent (Article 6(1)(a)): where we send you marketing communications or use your data for purposes beyond contract performance. You may withdraw consent at any time.

For any processing of special category data (which may arise if content analysis reveals health, religious, or other sensitive topics), we rely on Article 9(2)(a) UK GDPR (explicit consent) or Article 9(2)(f) (legal claims). We take additional safeguards around any special category data derived from content screening.

7. Data Sharing and Sub-Processors

We do not sell your personal data. We share data only in the following circumstances:

7.1 Service sub-processors

We use the following categories of sub-processors to operate the Platform:

Payment processors: Stripe, Inc. (card payments) and our designated cryptocurrency payment provider — receive transaction data only;
Cloud infrastructure provider: our servers and databases are hosted on third-party cloud infrastructure. Data is processed within the UK/EEA or under appropriate transfer safeguards;
Email service provider: used to send transactional and service emails;
Analytics provider: anonymised/aggregated usage data only.

Our proprietary AI screening system runs entirely on our own infrastructure. No creator content or fan data is shared with any third-party AI provider during content screening.

7.2 Legal and regulatory disclosures

We may disclose personal data to law enforcement, regulatory bodies, or courts where required by applicable law, to protect the rights and safety of BSilk or others, or in connection with legal proceedings.

7.3 Business transfers

If Blue Silk Limited is acquired, merges with another entity, or transfers substantially all its assets, personal data may be transferred to the acquiring entity, subject to equivalent protections.

7.4 Agencies and Creators

Where a Creator is bonded to an Agency on BSilk, the Agency will be able to see the Creator’s Commission usage, Credit allocation, and performance metrics within the BSilk platform. The Agency will not have access to the Creator’s semantic profile or content screening output beyond what is necessary to manage the Bond.

8. International Data Transfers

BSilk serves users globally. Where we transfer personal data outside the United Kingdom or European Economic Area, we ensure appropriate safeguards are in place, including:

UK International Data Transfer Agreements (IDTAs) or equivalent approved mechanisms;
transfers to countries with an adequacy decision from the UK Secretary of State;
standard contractual clauses approved by the ICO.

Given the global nature of our user base, Creators should be aware that Fan data originating from outside the UK may be subject to additional obligations under local privacy laws (including the EU GDPR, US state privacy laws such as CCPA/CPRA, and others). Creators are responsible for compliance with applicable laws in the jurisdictions of their Fans.

9. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy or as required by law.

Data type	Retention period
Account data	Duration of account + 6 years after closure (UK tax and legal obligations)
Payment and transaction records	7 years (HMRC requirements)
Content screening output (semantic profile)	While account is active; deleted within 30 days of account closure
Raw content downloaded for screening	Deleted within seconds of analysis completing — not archived
Support communications	3 years after issue is resolved
Usage and technical logs	12 months
BSilk$ Credit balance records	7 years after account closure

10. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data. To exercise any right, contact us at privacy@bluesilk.ai. We will respond within one calendar month.

Right of access (Article 15)You may request a copy of the personal data we hold about you (a Subject Access Request).

Right to rectification (Article 16)You may request correction of inaccurate or incomplete data.

Right to erasure (Article 17)You may request deletion of your data where it is no longer necessary, where you withdraw consent, or where processing is unlawful. Note: we may be required to retain certain data for legal compliance purposes.

Right to restrict processing (Article 18)You may request that we limit how we use your data in certain circumstances.

Right to data portability (Article 20)Where processing is based on consent or contract and is automated, you may request your data in a structured, machine-readable format.

Right to object (Article 21)You may object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.

Right to withdraw consentWhere we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

Rights related to automated decision-making (Article 22)BSilk does not make solely automated decisions that produce legal or similarly significant effects on you without human oversight.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on the BSilk website. A detailed Cookie Policy is available on our website. In summary:

Strictly necessary cookies: required for the Platform to function (session management, authentication). No consent required.
Analytics cookies: help us understand how the Platform is used. We use anonymised/aggregated data only. Requires consent.
Preference cookies: remember your settings and preferences. Requires consent.

You can manage cookie preferences through our cookie consent tool. Withdrawing consent for non-essential cookies will not affect your ability to use the Platform.

12. Children

The BSilk platform is not directed at or intended for use by persons under the age of 18. We do not knowingly collect personal data from anyone under 18. If we discover that we have inadvertently collected data from a minor, we will delete it immediately. If you believe we have collected data from a minor, please contact privacy@bluesilk.ai immediately.

13. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

encryption of data in transit (TLS) and at rest;
access controls and authentication for all systems handling personal data;
strict data minimisation — particularly for the content screening process, where raw content is deleted within seconds;
regular security assessments and penetration testing;
staff training on data protection obligations.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay, as required by UK GDPR Articles 33–34.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email to your registered address at least 14 days before the changes take effect. The current version will always be available on the BSilk website. Your continued use of the Platform after the effective date of any update constitutes acceptance of the revised Policy.

15. Complaints

If you have a concern about how we handle your personal data, please contact us first at privacy@bluesilk.ai. We aim to resolve all privacy complaints within 28 days.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Website: ico.org.uk
Helpline: 0303 123 1113
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

If you are located in the EU, you may also have the right to lodge a complaint with your local supervisory authority.