Data Processing Agreement - Creator Privacy Promise

Date: May 27, 2026

Patreon empowers creators on our platform ("Creators", "You") to start an offering by directly connecting with their biggest fans and turning them into free or paying members of your community, or one time purchasers of your offering(s) ("Members").

To facilitate this direct connection with Members and enable Your offering(s)' rewards and obligations to be fulfilled, Patreon provides some personal data of Members ("Member Data") to Creators. Creators then process Member Data in order to provide Members any and all products, services, or updates as part of that Creator's offering(s) on Patreon (collectively known as "Membership Services"). All Creators agree to this Data Processing Agreement ("Privacy Promise") to ensure that Creators respect the privacy rights of Members when processing Member Data.

This Privacy Promise is between Patreon and Creators, taking effect from the moment a Patreon account is created and applies exclusively to the Member Data collected by Patreon and provided to Creators for the purpose of running an offering or business with Patreon.

This Privacy Promise is an extension of Patreon's Terms of Service and Privacy Policy and will outline certain requirements for Creators to process Member Data during and beyond their relationship with Patreon.

I. Definitions.

1. "Data Protection Legislation" means all applicable laws relating to privacy and the processing of personal data that may exist in any relevant jurisdiction, including, where applicable, the guidance and codes of practice issued by the supervisory authorities. Data Protection Legislation includes, but is not limited to, European Directives 95/46/EC and 2002/58/EC (as amended by Directive 2009/136/EC) and any legislation and/or regulation implementing or made pursuant to them, or which amends, replaces, re-enacts or consolidates any of them, including the General Data Protection Regulation (Regulation (EU) 2016/679), UK Data Protection Act 2018, Brazilian Data Protection Law (LGPD) (As amended by Law No. 13,853/2019), and U.S. state privacy laws, including the California Consumer Privacy Act 2018 Cal. Civ. Code § 1798.100 et seq.
2. "Good Industry Practice" means exercising the same skill, expertise, and judgement and using facilities and resources of a similar quality as would be expected from a person who: (a) is skilled and experienced in providing the services in question, seeking in good faith to comply with his contractual obligations and seeking to avoid liability arising under any duty of care that might reasonably apply; (b) takes all proper and reasonable care and is diligent in performing his obligations; and (c) complies with the Data Protection Legislation.
3. The terms "data controller", "data processor", "service provider", "subprocessor", "data subject", "personal data", "processing", and "appropriate technical and organizational measures" shall be interpreted in accordance with Directive 95/46/EC, or other applicable Data Protection Legislation, in the relevant jurisdiction.

II. Scope.

The parties agree that Patreon is a data controller and that Creator is a data processor or service provider, as applicable, in relation to Member Data that Creator processes in the course of providing Membership Services. The subject matter of the data processing, the types of personal data processed, and the categories of data subjects will be defined by, and/or limited to, those necessary to carry out the Membership Services. The subject matter, duration, nature, and purpose of the processing of the personal data as well as the type of personal data and categories of data subjects covered by this Privacy Promise are as follows:

1. The subject matter of the data processing is Member Data.
2. The duration of the processing is for as long as Creator holds Member Data.
3. The nature and purpose of the processing under this Privacy Promise is limited to a Creator's fulfillment of Membership Services to the Member.
4. The type of personal data covered by this agreement is purchase information, including, but not limited to, amount, start date, and end date, and contact information, including, but not limited to, username, email address, and shipping address.
5. The category of the data subjects are website and mobile app users who sign up for both free and paid memberships, or make a one time purchase, on Patreon.

III. Data Protection.

Creator shall adhere to the following requirements:

1. Processing as Instructed. Creators will process Member Data only in accordance with Patreon's Terms of Service and Privacy Policy, and this Privacy Promise and only in compliance with Data Protection Legislation. The nature and purpose of the processing shall be limited to that necessary to carry out such instructions, and not for Creator's own purposes, or for any other purpose except as required by law. If Creator is required by law to process the personal data for any other purpose, Creator will inform Member of such requirement prior to the processing unless prohibited by law from doing so.
2. Extent of Processing. Creator will process the personal data only to the extent, and in such manner, as is necessary for the provision of Membership Services.
3. International Data Transfer.
   1. Transfer between parties: To the extent the Member Data is transferred from a country deemed to provide an adequate level of protection under Data Protection Legislation to a country not deemed as providing adequate protection, the parties will rely on Module Two (controller to processor) of the then-current standard contractual clauses (SCCs) for the transfer of Personal Data or other transfer mechanisms as provided for by Data Protection Legislation, which are incorporated herein by reference. The information required by the Annexes of the SCCs is set forth in Appendix 1 to this Privacy Promise.
   2. No onward transfers: Creator will not transfer or authorize the transfer of Data to countries outside the European Economic Area (EEA) or jurisdictions not deemed to provide an adequate level of protection under Data Protection Legislation, without the prior consent of Patreon. To the extent that Patreon approves an onward transfer, Creator will ensure that such transfers are made in compliance with applicable cross-border data transfer laws. In particular, Creator must rely on the then-current standard SCCs for the transfer of Personal Data or other transfer mechanisms as provided for by Data Protection Legislation.
4. Appropriate Technical and Organizational Measures. Creator will implement and maintain appropriate technical and organizational measures designed to protect the personal data against unauthorized or unlawful processing and against accidental loss, destruction, damage, theft, alteration, or disclosure. The measures shall be appropriate to the harm which might result from any unauthorized or unlawful processing, accidental loss, destruction, damage, or theft of the personal data and having regard to the nature of the personal data which is to be protected and as a minimum shall be in accordance with the Data Protection Legislation and Good Industry Practice.
5. Transfer to Third Parties. Creator will not give access to, sell, share, or transfer any personal data to any third party (including any affiliates, group companies or subcontractors) without the prior consent of Patreon, with Patreon's prior consent granted to share with any third party listed on Patreon's App Directory at https://www.patreon.com/apps, as updated from time to time, solely as necessary to provide Membership Services. Creator must also ensure the reliability and competence of such third parties, its employees or agents who may have access to the personal data processed in the provision of Membership Services, and must ensure that the third party is subject to provisions protecting Member Data which are equivalent to those in this Privacy Promise and Patreon's Terms of Service and as are required by applicable Data Protection Legislation.
6. Reliability and Competence of Creator Personnel. Creator will take reasonable steps to ensure the reliability and competence of any Creator personnel who have access to Member Data. Creator will ensure that all Creator personnel required to access the personal data are informed of the confidential nature of the personal data and comply with the obligations set out in this Privacy Promise.
7. Acknowledgement of Data Protection Legislation and Assistance. Creator will take all reasonable steps to assist Patreon in complying with applicable Data Protection Legislation. For example, Creator will promptly inform Patreon in writing if it receives: (i) a request from a data subject concerning any personal data; or (ii) a complaint, communication, or request relating to Member's obligations under Data Protection Legislation.
8. Destruction or Return of Property Upon Membership Services Completion or Upon Leaving Patreon's Platform. Creator will not retain any of the personal data for longer than is necessary to provide Membership Services. At the end of Membership Services, upon Patreon's request, or upon Member's request, Creator will securely destroy or return (at Member's election) the personal data to Member. If Creator leaves Patreon's platform, Creator will securely destroy personal data in accordance with this Privacy Promise and will have no further rights to process Member Data.
9. Loss or Security Breach. If Creator becomes aware of any accidental, unauthorized or unlawful destruction, loss, alteration, or disclosure of, or access to Member Data processed by Creator in the course of providing Membership Services, it will do the following:
   1. Provide notice to Patreon. Creator shall promptly and without undue delay notify Patreon and provide Patreon with: a detailed description of the loss or security breach; the type of data that was the subject of the loss or security breach; the identity of each affected person if known, and the steps Creator has taken or will take in order to mitigate and remediate such security breach, in each case as promptly as such information can be collected or otherwise becomes available (as well as periodic updates to this information and any other information Patreon may reasonably request relating to the loss or security breach); and
   2. Investigate the matter promptly. Creator shall promptly take action, at its own expense, to investigate the loss or security breach and to identify, prevent and mitigate the effects of the loss or security breach and to carry out appropriate recovery actions to remedy the loss or security breach.
10. Compliance with Data Protection Legislation. Creator shall comply at all times with and assist Patreon in complying with its applicable obligations under Data Protection Legislation. Creator shall provide reasonable information requested by Patreon to demonstrate compliance with the obligations set out in this Privacy Promise. Creator will notify Patreon immediately if, in Creator's opinion, an instruction for the processing of personal data given by Patreon violates any country's data privacy legislation.

For the Appendix to this Privacy Promise, including the list of parties, description of transfer, and technical and organizational measures, please visit Appendix to the Creator Privacy Promise.