← Back

Privacy Policy

Last updated: March 2026

Security and Fraud Prevention

We collect and process certain technical signals from your device when you access our platform. This section describes how we use this information to prevent abuse and protect our community.

What we collect

When you sign in or access the platform, we process the following technical signals from your device and connection:

  • Browser and hardware characteristics (via client-side JavaScript): Graphics processor characteristics, canvas rendering fingerprint, audio processing characteristics, screen and device properties, timezone. These are processed into a pseudonymous hash — the raw values are never stored.
  • Network connection details: The first three octets of your IP address (for example, 192.168.1 from 192.168.1.100). This is the approximate network location, not your precise IP address.

How we use this information

This information is used solely for the purpose of detecting when a user who has been banned from the platform attempts to create a new account or regain access using the same device or network. It is never used for advertising, analytics, or any purpose other than ban enforcement.

When you sign in, we compare these signals against records associated with previously banned users. If a match is found:

  • The login proceeds normally (we do not block sign-in based on device signals alone, because such signals may occasionally produce false matches).
  • An internal review flag is created for our Trust & Safety team.
  • At the session gate, a strong match will deny access in the same manner as a direct account ban.

Lawful basis

We process this information on the basis of our legitimate interest under Article 6(1)(f) of the UK GDPR and EU GDPR — specifically, our interest in maintaining a safe environment and preventing fraud and abuse on the platform, balanced against your rights and interests. As required by the GDPR, we have completed a Legitimate Interest Assessment (LIA) before processing began.

How long we keep this information

  • For non-banned users: Device fingerprint hashes are retained for 90 days from your last sign-in.
  • For banned users: Device fingerprint hashes are retained for 24 months from the date of the ban, to support detection of evasion attempts during that period.

After these periods, records are deleted automatically.

Your rights

You have the right to object to processing based on legitimate interests. To exercise this right or to request deletion of your device fingerprint records, contact our privacy team at privacy@ourfans.cam.

We will consider all requests. Note that in some cases we may need to retain records to comply with our obligations to prevent serious abuse.

Pseudonymisation

We never store the raw values that make up your device fingerprint. Only the SHA-256 cryptographic hash is stored, which is a one-way transformation that cannot be reversed to recover the original signals.

Contact

For any privacy-related enquiries, contact us at privacy@ourfans.cam.

See also: Terms of Service