1.Introduction & Scope
This Cookie Policy is published by SGSuperFans Inc. (“SGSuperFans,” “we,” “us,” or “our”), a corporation incorporated under the laws of Ontario, Canada. It applies to all users who access or interact with:
- The SGSuperFans website at sgsuperfans.com and all its subdomains.
- The SGSuperFans web application accessible when logged in as a Creator, Fan, or Manager.
- Any SGSuperFans mobile application available on iOS or Android platforms.
- Any SGSuperFans-operated landing pages, promotional microsites, or embedded widgets hosted on third-party sites.
Relationship to Other Policies
This Cookie Policy forms part of the SGSuperFans Privacy Policy and should be read alongside it. The Privacy Policy describes how we handle personal data more broadly, including data that may be collected via cookies. This Cookie Policy focuses specifically on the nature of cookies and tracking technologies, their purposes, the data they process, and your rights with respect to them.
Why We Have This Policy
We are subject to privacy and e-privacy laws in multiple jurisdictions, including Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) and its successor legislation, the European Union’s General Data Protection Regulation (“GDPR”) and its national implementations (including the UK GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), Quebec’s Act Respecting the Protection of Personal Information in the Private Sector (“Law 25”), and Canada’s Anti-Spam Legislation (“CASL”). We publish this Cookie Policy to satisfy our transparency obligations under each of these frameworks.
If you have questions about this Cookie Policy or wish to exercise your rights, please contact us as described in Section 22.
2.What Are Cookies & Trackers?
Understanding what we deploy on your device requires familiarity with the technologies involved. This Section explains each one clearly.
Cookies
A cookie is a small text file that a website or application places on your device’s storage (hard drive, memory, or browser storage area) when you visit. Cookies are sent back to the originating server on each subsequent visit, or to another server that recognizes that cookie. Cookies cannot execute code, carry viruses, or access other files on your device. They serve as identifiers that allow a server to recognize your device across visits or requests.
Exist only while your browser is open. Deleted automatically when you close your browser. Used to maintain your current browsing session.
Remain on your device after you close your browser, for a set expiry period. Used to remember your preferences across return visits.
Set by SGSuperFans directly from our own domain. We control these entirely and their data stays within our systems.
Set by external domains embedded in our pages (for example, analytics, payment, or advertising providers). Subject to those providers's own privacy policies.
Similar Technologies
In addition to cookies, we and our partners may use the following tracking technologies:
- Local Storage and Session Storage: Browser-based storage mechanisms that allow websites to store data directly in your browser beyond what cookies permit. They do not expire automatically like session cookies and are not sent to the server with each request.
- Web Beacons (Pixel Tags): Tiny invisible images or code snippets embedded in web pages or emails. When loaded, they signal to a server that a page was viewed or an email was opened, and can log your IP address, browser type, and timestamp.
- Fingerprinting: A technique that collects multiple signals from your device and browser (screen resolution, installed fonts, graphics capabilities, time zone, and similar attributes) to generate a probabilistic unique identifier without storing anything on your device. We use limited, privacy-preserving fingerprint signals for security and fraud prevention purposes only.
- SDKs (Software Development Kits): Code libraries embedded in our mobile applications that collect data about how you use the app. Mobile SDKs operate similarly to third-party cookies in the web context.
- Server-Side Tracking: Some data about your requests is logged by our servers (not your device) as part of our security infrastructure and platform operations. These logs include IP address, request timestamps, and HTTP headers.
3.Categories of Cookies We Use
We group all cookies and trackers we deploy into five functional categories. This structure follows the framework recommended by the UK ICO, CNIL (France), and the IAB Europe Transparency and Consent Framework, and aligns with the consent categories presented to you in our cookie consent banner.
Required for the platform to function. Cannot be disabled. No consent required under applicable law. Examples: login sessions, CSRF tokens, payment security.
Required to protect the platform and its users. Deployed without consent as a legitimate interest. Examples: bot detection, chargeback fingerprinting, rate-limiting.
Remember your choices to provide an enhanced experience. Require consent in GDPR jurisdictions. Examples: language, theme, notification preferences.
Help us understand how users interact with the platform so we can improve it. Require consent. Examples: page views, funnel analysis, Creator dashboard metrics.
Used to deliver relevant promotions and measure ad effectiveness. Require explicit consent. Examples: retargeting pixels, lookalike audience signals.
4.Essential & Security Cookies
Strictly necessary cookies are fundamental to the operation of SGSuperFans. Without them, core services cannot be delivered. We do not require your consent to place these cookies, as their use is considered inherent to the provision of services you have requested. You cannot disable them through our cookie preference center; however, you can block them via your browser settings, but doing so will prevent you from using the platform.
| Cookie / Identifier | Purpose | Duration | Type |
|---|---|---|---|
| sgsfSession | Maintains your authenticated session across page requests. Destroyed when you log out or your session expires. | Session | Essential |
| sgsfCSRF | Cross-Site Request Forgery protection token. Validates that form submissions and API requests originate from our platform. | Session | Security |
| sgsfBotScore | Stores a bot-risk score calculated at login to identify automated access attempts. Used to trigger step-up authentication challenges. | 1 hour | Security |
| sgsfLoadBalancer | Routes your requests to the correct application server in our infrastructure to maintain session consistency. | Session | Essential |
| sgsfCookieConsent | Records your cookie consent choices so we do not show the consent banner on every page visit. | 12 months | Essential |
| sgsfGeoRegion | Identifies your general geographic region (country level) to serve the correct language, currency, and legally required content restrictions. | 24 hours | Essential |
5.Authentication & Session Cookies
Authentication cookies manage your login state and security verification across your session. They enable features like the Creator Dashboard, Fan wallet, messaging, and subscription access. These are strictly necessary cookies for logged-in users.
| Cookie / Identifier | Purpose | Duration | Type |
|---|---|---|---|
| sgsfAuthToken | Encrypted authentication token storing your verified identity. Allows you to navigate between platform pages without re-authenticating. | Session / 30 days (Remember Me) | Essential |
| sgsfRefreshToken | Long-lived token used to obtain a new authentication token after expiry without requiring you to log in again. | 90 days | Essential |
| sgsfMFAVerified | Records that multi-factor authentication was completed for your current session so you are not prompted again on the same device. | Session | Security |
| sgsfDeviceTrust | Marks a device as previously verified by the account holder to reduce unnecessary authentication friction on trusted devices. | 180 days | Security |
| sgsfLoginAttempts | Temporary counter used to detect and rate-limit brute-force login attempts on an account. | 15 minutes | Security |
Security Design Principles
- All authentication cookies are transmitted exclusively over HTTPS (Secure flag set, HTTP Strict Transport Security enforced).
- Authentication cookies carry the HttpOnly flag, preventing them from being accessed by JavaScript and mitigating cross-site scripting (“XSS”) attacks.
- SameSite=Strict or SameSite=Lax attributes are set on all authentication cookies to prevent cross-site request forgery (“CSRF”) attacks.
- Refresh tokens are rotated on use: each time a new access token is issued, the old refresh token is invalidated and replaced.
6.Preference & Functionality Cookies
Preference cookies remember the choices you make on the platform to provide a more personalized and consistent experience. In jurisdictions where consent is required for non-essential cookies (including the EU, UK, and Quebec), these cookies are only deployed after you have given consent.
| Cookie / Identifier | Purpose | Duration | Type |
|---|---|---|---|
| sgsfTheme | Stores your selected display theme (light, dark, or system default) so your preference is remembered across sessions. | 12 months | Functional |
| sgsfLanguage | Records your preferred display language when it differs from the browser default. | 12 months | Functional |
| sgsfNotifPrefs | Stores your in-browser notification preferences, including which event types trigger platform alerts. | 12 months | Functional |
| sgsfFeedLayout | Remembers your preferred content feed layout (grid vs. list) in your Fan or Creator dashboard. | 6 months | Functional |
| sgsfVideoQuality | Stores your preferred default video playback quality setting for live streams and video-on-demand content. | 6 months | Functional |
| sgsfCurrency | Records your selected display currency for prices shown throughout the platform. | 12 months | Functional |
If you decline functional cookies, the platform will still work, but your preferences will not be saved between sessions and you will need to reconfigure settings each time you visit.
7.Analytics & Performance Cookies
Analytics cookies help us understand how the platform is used, where users encounter difficulties, and which features drive engagement. This information informs product decisions and performance improvements. These cookies require your consent and are not deployed in jurisdictions requiring explicit consent unless you have provided it.
What Analytics Cookies Measure
- Page views, session duration, and navigation paths through the platform.
- Feature usage rates (for example, how often Creators use the Data Lab vs. the Finance Hub).
- Conversion funnels (for example, the flow from viewing a Creator profile to completing a subscription purchase).
- Error and crash rates by browser, device type, and geographic region.
- Performance metrics including page load time, API response latency, and Core Web Vitals.
- A/B test assignment tokens used to evaluate design and feature experiments (anonymized at the individual level).
| Cookie / Identifier | Purpose | Duration | Type |
|---|---|---|---|
| _sgsf_analytics | First-party analytics session identifier. Tracks navigation and interaction events within a single session. Not linked to your account ID in external reports. | 30 minutes (session) | Analytics |
| _sgsf_visitor | Persistent first-party visitor identifier used to distinguish unique visitors from repeat visits in aggregate analytics reports. | 13 months | Analytics |
| _sgsf_ab | Stores A/B test variant assignments for active experiments. Ensures you see a consistent experience during an experiment period. | 30 days | Analytics |
| _sgsf_perf | Collects anonymized performance timing data (page load, API latency) for infrastructure monitoring. | Session | Analytics |
Data Minimization in Analytics
We apply the following data minimization practices to our analytics implementation:
- IP addresses collected for analytics purposes are truncated (the last octet is removed) before storage.
- Analytics data is aggregated and anonymized before being shared with any internal team or third party.
- We do not engage in tracking individuals across unrelated third-party websites using our analytics infrastructure.
- Analytics identifiers are not linked to your account name, email address, or government identity without your explicit consent.
8.Creator Monetization Cookies
A category of cookies specific to the SGSuperFans platform supports the Creator monetization ecosystem. These cookies enable accurate revenue attribution, payout calculation, and fraud prevention for Creators and Fans engaging in paid transactions.
Attribution & Revenue Tracking
When a Fan discovers a Creator through a referral link, a promotional campaign, or a platform recommendation engine, attribution cookies establish the origin of that visit so commissions and revenue credits are correctly applied. These cookies are essential for Creators who participate in the referral program and for ensuring that revenue splits are calculated correctly.
| Cookie / Identifier | Purpose | Duration | Type |
|---|---|---|---|
| sgsfRefSource | Records the referral source token from a Creator's unique referral link or platform campaign click. Used to attribute new Fan sign-ups to the correct Creator for commission purposes. | 30 days | Essential |
| sgsfCartSession | Maintains a Fan's active cart or pending purchase across page navigation (for example, when a Fan navigates away during a ticket purchase and returns). | Session | Essential |
| sgsfPurchaseIntent | Records the fact that a purchase initiation occurred to facilitate chargeback evidence preservation and fraud detection. | 90 days | Security |
| sgsfCreatorView | Tracks which Creator profiles a Fan has visited during a session to personalize feed recommendations and measure Creator discovery performance. Anonymized. | Session | Analytics |
9.Marketing & Advertising Cookies
Marketing cookies are used to deliver relevant promotional content, measure advertising campaign effectiveness, and support platform growth through targeted outreach to prospective Creators and Fans. These cookies require your explicit, informed, and freely given consent before being deployed. We do not deploy marketing cookies to users in the EU, UK, or Quebec without a valid consent record.
What Marketing Cookies Enable
- Retargeting: showing SGSuperFans advertisements on third-party websites to users who have previously visited our platform but have not yet signed up.
- Lookalike audience targeting: sharing hashed audience segments with advertising platforms so they can identify users with similar characteristics to our existing community.
- Conversion tracking: measuring whether a user who saw or clicked an advertisement subsequently completed a registration, subscription, or purchase on the platform.
- Campaign attribution: understanding which marketing channels and campaigns drive new Creator and Fan sign-ups at the lowest cost per acquisition.
| Cookie / Identifier | Purpose | Duration | Type |
|---|---|---|---|
| _fbp | Meta (Facebook) Pixel cookie. Used to measure ad conversion events and build custom audiences for Facebook and Instagram advertising campaigns. | 90 days | Marketing |
| _gcl_au | Google Ads conversion linker. Associates ad clicks from Google Search and Display campaigns with platform conversion events. | 90 days | Marketing |
| _ttclid | TikTok Pixel click ID. Used to attribute new registrations and purchase events to TikTok advertising campaigns. | 30 days | Marketing |
| sgsfAdOptOut | Records that you have opted out of marketing cookies. Prevents re-deployment of advertising trackers on your device. | 12 months | Essential |
Your Marketing Cookie Choices
You can withdraw consent for marketing cookies at any time through your Privacy Settings in your account dashboard, or by clicking “Manage Cookie Preferences” in the footer of any platform page. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. We will process your opt-out request within 5 business days.
10.Third-Party Service Providers
We integrate with carefully selected third-party service providers whose technologies are embedded in the SGSuperFans platform. These providers may set their own cookies on your device when you use our platform. Each provider operates under its own privacy and cookie policy, and each has contractually committed to SGSuperFans regarding data processing standards consistent with applicable law.
Categories of Third-Party Providers
Stripe, and similar payment gateway providers, set cookies to maintain payment session state, detect card fraud, and comply with PCI-DSS requirements. These are strictly necessary for transaction processing.
Third-party KYC (Know Your Customer) and age verification service providers set cookies or use SDKs during the identity verification workflow for Creator onboarding. This is a regulatory compliance requirement.
Our customer support chat provider may set functional cookies to maintain your support conversation context and to provide our support team with session information relevant to assisting you.
Our video streaming CDN partner (for live events and video-on-demand delivery) sets performance cookies to optimize stream quality based on your network conditions.
We use a privacy-focused analytics platform subject to a valid Data Processing Agreement. Analytics data is processed in servers located in Canada or in jurisdictions providing equivalent data protection under applicable law.
Anti-bot and DDoS protection services process request metadata (including IP address and browser fingerprint) on our behalf. These are security-essential deployments not subject to consent requirements.
We do not permit third-party service providers to use cookies set on our platform for their own independent advertising or data resale purposes. All third-party processors are restricted to processing data solely on our instructions.
11.Cookies in Payments & Fraud Prevention
Payment and fraud prevention cookies occupy a special status in our cookie ecosystem. Given the financial nature of SGSuperFans transactions involving Creator payouts, Fan subscriptions, and in-platform purchases, these cookies are critical to both platform security and regulatory compliance.
Payment Session Cookies
When you initiate a payment, a payment session token is created and maintained via cookie or local storage. This token cryptographically binds your current session to the payment transaction, preventing session hijacking and transaction interception attacks. Payment session state is never transmitted to any third party other than the designated payment processor.
Fraud Detection & Chargeback Evidence
To protect Creators against fraudulent chargebacks and to protect Fans against unauthorized charges, we collect and retain a limited set of behavioral signals at the time of each transaction:
- Device fingerprint components (browser type, operating system, screen resolution, language settings) as a probabilistic device identifier.
- IP address at the time of purchase.
- Session duration and navigation path leading up to the transaction.
- Time between page load and transaction initiation.
This data is retained for a minimum of 540 days (18 months) as chargeback evidence and for fraud pattern analysis. It may be shared with our payment processor, acquiring bank, or card network in the context of a chargeback dispute.
PCI-DSS Compliance
SGSuperFans does not store, process, or transmit cardholder data directly. All payment card processing is delegated to a Payment Card Industry Data Security Standard (PCI-DSS) compliant payment processor. Cookies deployed in the payment flow are therefore subject to PCI-DSS controls.
12.Cookies & Age Verification
SGSuperFans is an 18+ platform. Age verification is a legal requirement for platforms distributing adult content, and cookies play a role in this compliance process.
Age Gate Verification Cookies
When you access age-restricted content or request Creator status, a separate age verification session is initiated with our third-party identity verification provider. Cookies set during this session serve the following purposes:
- Maintaining the state of your verification session so you do not need to restart if you navigate away mid-process.
- Recording the successful completion of age verification so the platform does not require you to re-verify on each visit from a trusted device.
- Storing the verification timestamp and method for regulatory record-keeping purposes.
Age Verification Data Handling
Age verification data (including document data processed by our KYC provider) is not stored permanently on our platform servers beyond what is required for regulatory compliance. The KYC provider processes document data and returns a verification result to us. We store the verification result and timestamp; the identity document images are retained by the KYC provider according to their data retention schedule and applicable law.
13.Cookies on Mobile & Apps
Mobile applications operate differently from browsers with respect to cookie use. SGSuperFans mobile applications use a combination of local device storage, secure keychain storage (iOS) or Keystore (Android), and SDK-based tracking to achieve the same functional purposes as web cookies.
Mobile Storage Equivalents
- Secure Authentication Tokens: Stored in your device’s secure keychain or Keystore (encrypted, hardware-backed storage). These are the mobile equivalent of authentication cookies and cannot be accessed by other apps on your device.
- App Preferences: Stored in encrypted local storage within the app sandbox. Equivalent to preference cookies. You can clear these by resetting the app’s stored data through your device settings.
- Analytics SDKs: We use privacy-focused mobile analytics SDKs that collect anonymized usage data. These SDKs may create a persistent identifier within the app’s storage scope.
- Push Notification Tokens: When you enable push notifications, your device issues a push token tied to your device and our app. This token is stored server-side and on-device to route notifications. It is not a tracking cookie but functions as an identifier for the notification channel.
Advertising Identifiers on Mobile
Mobile platforms provide advertising identifiers (Apple’s IDFA on iOS and Google Advertising ID on Android) that allow apps to track advertising campaign effectiveness. SGSuperFans accesses these identifiers only with your explicit consent, enforced via the platform-level App Tracking Transparency (ATT) prompt on iOS. You can reset or revoke these identifiers at any time through your device’s privacy settings.
14.Your Cookie Choices & Controls
We are committed to giving you meaningful, accessible controls over the cookies deployed on your device. The following options are available to you.
Cookie Consent Banner
When you first visit the platform, you see a cookie consent banner that presents the five cookie categories described in Section 3. You can accept all, reject all non-essential categories individually, or review and configure each category. Your choices are saved in the sgsfCookieConsent cookie and applied consistently across your session and future visits.
Privacy Settings in Your Account
Logged-in users can update their cookie consent choices at any time by navigating to: Account Settings > Privacy > Cookie Preferences. Changes take effect immediately on save. For non-essential cookies, withdrawal of consent triggers deletion of those cookies from your browser within your next session.
Cookie Preference Center (Footer Link)
A “Manage Cookie Preferences” link is available in the footer of every platform page. Clicking this link opens the cookie preference center where you can review your current consent choices and adjust them without needing to log in.
Legitimate Interest Opt-Out
Where we rely on legitimate interests as the legal basis for deploying security and fraud prevention cookies (Category 2), you have the right to object to this processing under Article 21 GDPR (if applicable). However, we would need to demonstrate compelling legitimate grounds that override your interests to continue processing, which we would be able to do given the financial protection purpose of these cookies. Practical objections should be submitted to privacy@sgsuperfans.com.
All five cookie categories are enabled. Best experience, full personalization.
Only strictly necessary and security cookies are placed. Some features may be limited.
You select which non-essential categories are enabled. Your choices are saved and respected.
15.Browser & Device Settings
In addition to our platform-level controls, all major web browsers provide built-in settings to manage cookies at the browser level. These settings give you control independent of any individual website’s consent mechanism.
Common Browser Controls
Important Considerations
- Browser-level cookie blocking overrides our platform consent settings. If you block all cookies at the browser level, strictly necessary cookies will also be blocked, which will prevent you from logging in or making purchases.
- Deleting cookies from your browser removes your current cookie consent record. The next time you visit our platform, the consent banner will reappear. This is expected behavior.
- Incognito or private browsing modes do not prevent cookie deployment during your session; they simply delete all cookies when the private window is closed.
- Browser extensions such as uBlock Origin, Privacy Badger, or similar ad blockers may block third-party cookies independently of your browser or platform settings.
16.Do Not Track & Global Privacy Control
Do Not Track (DNT)
The Do Not Track (“DNT”) signal is a browser setting that sends a request to websites not to track your browsing behavior. Currently, there is no legally binding requirement in Canada, the EU, or the UK for websites to honor DNT signals, and there is no universal standard for what “compliance” with DNT entails. As a result, we do not currently modify our cookie behavior in response to DNT signals.
Global Privacy Control (GPC)
The Global Privacy Control (“GPC”) is a browser-level signal introduced primarily to enforce CCPA/CPRA opt-out rights in California and similar opt-out rights under other US state privacy laws. Unlike DNT, GPC is legally recognized under the CCPA/CPRA, and we honor it accordingly:
- When we detect a valid GPC signal from a California resident’s browser, we treat it as a “Do Not Sell or Share My Personal Information” opt-out request and suppress the deployment of marketing and advertising cookies for that browser session.
- We update your stored consent record to reflect this opt-out so that the GPC preference is applied on future visits without requiring you to re-assert it.
- GPC signals from non-California users are acknowledged but are not legally required to be honored under currently applicable law. We apply the GPC opt-out globally as a privacy-forward practice where doing so does not conflict with our security or payment processing obligations.
17.Cookie Retention Periods
Each cookie we deploy has a defined maximum retention period. After that period, the cookie expires and is automatically deleted from your device. The following summarizes retention periods by category:
| Category | Maximum Retention | Notes |
|---|---|---|
| Strictly Necessary | Session to 12 months | Consent record retained 12 months. Session cookies cleared on browser close. |
| Security & Fraud Prevention | Session to 18 months | Fraud evidence data retained 18 months per chargeback requirements. |
| Functional / Preference | Up to 12 months | Reset if user manually clears cookies or withdraws consent. |
| Analytics & Performance | Up to 13 months | Aligns with CNIL/ICO guidance on analytics retention limits. |
| Marketing & Advertising | Up to 90 days | Third-party cookies (e.g., Meta Pixel) subject to provider's own retention policies. |
Where a cookie is renewed (refreshed) by the platform on each visit, the maximum retention period restarts from that renewal date. We do not permit cookies to renew indefinitely without user interaction: authentication cookies that have not been refreshed by active use will expire at their stated maximum retention period regardless.
18.Legal Bases for Cookie Processing
Under the GDPR and Canada’s privacy legislation, any processing of personal data via cookies requires a recognized legal basis. The legal basis we rely on varies by cookie category:
Authentication cookies, payment session cookies, and referral attribution cookies are necessary to perform the contract with you as a Fan or Creator.
Age verification cookies and fraud evidence retention cookies are required for compliance with e-privacy, anti-money-laundering, and adult content regulations.
Security and bot-detection cookies where our interest in protecting platform integrity and preventing financial fraud outweighs user data interests. Subject to balancing test.
Functional, analytics, and marketing cookies. Consent is obtained via the cookie consent banner and can be withdrawn at any time without affecting prior lawful processing.
If you are located in Quebec, Canada, cookie processing is additionally governed by Quebec Law 25. Under Law 25, we are required to publish this Cookie Policy, obtain explicit consent for non-essential cookies, and allow you to withdraw consent at any time, all of which we do. Under CASL, we obtain appropriate electronic consent before deploying cookies that track online behavior for marketing or advertising purposes.
19.Cross-Border Data Transfers
SGSuperFans is headquartered in Ontario, Canada. Data collected through cookies may be processed and stored on servers located in Canada, the United States, the European Union, and other jurisdictions where our service providers operate.
Safeguards for International Transfers
Where cookie data is transferred outside of Canada or the EEA, we ensure appropriate safeguards are in place:
- For transfers from the EU or UK to Canada: Canada is recognized by the European Commission as providing adequate protection for personal data under the GDPR adequacy decision.
- For transfers to the United States: We rely on Standard Contractual Clauses (“SCCs”) approved by the European Commission, supplemented by technical safeguards including encryption in transit and at rest.
- For all transfers: We conduct Transfer Impact Assessments (“TIAs”) where required and maintain Data Processing Agreements with all third-party processors that impose GDPR-standard obligations regardless of the processor’s location.
You can request a copy of the applicable transfer safeguards by contacting us at privacy@sgsuperfans.com.
20.Children & Minors
SGSuperFans is strictly an 18+ platform. We do not knowingly deploy cookies to collect data from anyone under the age of 18. Our age verification process (described in Section 12) is designed specifically to identify and prevent access by minors.
If we become aware that cookie data has been collected from a person under 18 years of age, we will:
- Immediately suspend the associated account pending investigation.
- Delete all cookie data and associated personal data collected from that individual to the fullest extent possible.
- Notify relevant authorities where required by applicable child protection laws.
- Review and strengthen any age verification gap identified as contributing to the incident.
If you are the parent or guardian of a minor who has accessed SGSuperFans without authorization, please contact us immediately at trust@sgsuperfans.com. We will act promptly.
21.Changes to This Policy
We update this Cookie Policy periodically to reflect changes in our technology stack, business practices, legal obligations, or regulatory guidance. The date of the most recent revision is displayed at the top of this page.
How We Notify You of Changes
- For material changes (for example, adding a new category of cookies or a new advertising partner), we will display a notice in the cookie consent banner the next time you visit the platform, and send an email notification to registered users.
- For non-material changes (for example, updating the description of an existing cookie or correcting a typographical error), we will update the policy and the version number without sending proactive notification.
- Your continued use of the platform following the effective date of any material change constitutes acceptance of the updated policy. If you do not agree with a material change, you have the right to delete your account.
Version History
We maintain a version history log of material changes to this Cookie Policy. You can request the version history by emailing privacy@sgsuperfans.com.
22.Contact & Cookie Requests
If you have questions about this Cookie Policy, wish to exercise your data protection rights with respect to cookies, or want to file a complaint about our cookie practices, you may contact us through any of the following channels.
GDPR/CCPA rights requests, data subject access requests, consent withdrawal
Toronto, Ontario, Canada
Response Timeframes
- General cookie inquiries: we will respond within 5 business days.
- Data subject rights requests (access, deletion, portability, objection): we will acknowledge within 3 business days and provide a substantive response within 30 days (or as required by applicable law, whichever is sooner).
- Complaints: we will acknowledge within 5 business days and resolve or escalate within 45 days. If you are not satisfied with our response, you may escalate to the Office of the Privacy Commissioner of Canada (Canada), the Information Commissioner’s Office (UK), your national supervisory authority (EU), or the California Privacy Protection Agency (California), as applicable.