FootModels.netFootModels.net
Search

Privacy Policy

Effective date: April 24, 2026

1. Introduction

FootModels.net ("we", "us", or "our") operates the website footmodels.net. This Privacy Policy explains how we collect, use, and protect personal information when you visit our site, create an account, sign in, connect an OAuth provider, or create and manage a profile.

2. Information We Collect

Account information. To create and manage a profile you must first create an account. Depending on how you sign up, we may collect your username, email address, password hash, account role, account creation and update timestamps, and your last sign-in time.

Passkey data. If you register a passkey, we store credential data needed to verify future sign-ins, such as a credential ID, public key, counter, backup state, and supported transports. We do not receive or store your fingerprint, face scan, PIN, or other biometric secrets from your device.

OAuth account data. If you sign up or sign in with Google or X, we receive limited profile information from that provider, which may include your provider account ID, email address, display name, avatar URL, and a username hint. We store the linked provider details needed to let you sign in again and, for new OAuth signups, we may temporarily store a suggested username until you confirm your final username. We do not store your Google or X password.

Google OAuth data. If you choose Google sign-in, FootModels.net requests only the basic Google profile scopes needed for account authentication: your Google account ID, email address, display name, and avatar URL. We use this data to create or link your account, suggest a username, keep you signed in, and protect your account. We do not request access to your Gmail, Google Drive, Calendar, contacts, or other Google content, and we do not sell Google user data.

Profile data. After creating an account, you may create a profile draft. We collect the information you provide for that draft or profile, including display name, profile URL slug based on your username, gender, age, city, country, shoe sizes, bio, tags, offered services, social or external links, uploaded avatar and gallery images, draft or published status, and timestamps.

Contact form. When you use our contact form we collect your name, email address, and the message you send.

Technical and usage data. We may collect standard server and security logs such as IP address, browser type, referring URL, and pages visited. We also use short-lived technical records required to complete authentication flows, such as session data and temporary WebAuthn challenge values.

3. How We Use Your Information

  • To create, secure, and maintain your account
  • To let you sign in with a password, passkey, or linked OAuth account
  • To create, save, and update draft profiles tied to your account
  • To display approved profiles in our public directory
  • To review, moderate, and manage profile submissions
  • To respond to enquiries submitted via the contact form
  • To improve the site, prevent abuse, and fix technical issues
  • To comply with legal obligations

4. Data Sharing

We do not sell your personal information. Approved profile data (display name, photos, bio, links, and services) is displayed publicly on the site — this is the core purpose of the directory. We may share data with service providers that help us operate the site (for example, hosting, database, storage, and authentication infrastructure), with OAuth providers when you choose to authenticate through them, and when required by law. Profile drafts, account credentials, linked OAuth account records, and moderation data are not published publicly unless and until the relevant profile information is approved for publication.

5. Data Storage and Security

Your data is stored on servers provided by Cloudflare. We take reasonable technical and organisational measures to protect your data against unauthorized access, loss, or misuse. However, no method of transmission over the internet is 100 % secure.

Password-based accounts are stored using hashed passwords. Passkey sign-in stores public-key credential material rather than your device secret. OAuth sign-in stores provider identifiers and profile details returned by the provider so your account can be linked and reused for future sign-ins.

6. Account and Profile Controls

You can manage your account settings, connected OAuth providers, authentication methods, and profile information from within the site after signing in. If you delete your account, your linked owned profile and uploaded images are also removed as part of that process.

7. Your Rights

You have the right to request access to, correction of, or deletion of your personal data at any time. To make a request, please use our contact form or email us directly. We aim to respond within 5 business days.

8. Cookies and Sessions

We use essential cookies or equivalent session mechanisms required for the site to function correctly, including account sign-in and session management. We may also use short-lived authentication state required to complete OAuth or passkey flows. We do not use advertising cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date.

10. Contact

If you have any questions about this Privacy Policy, please reach out via our contact page.