FanLuma
Log inGet started

Children's Access Assessment

Published in compliance with the Online Safety Act 2023 · Last updated: 8 April 2025

This document is publicly accessible.

FanLuma is required by the Online Safety Act 2023 ("OSA") to publish and maintain a Children's Access Assessment explaining what measures we have taken to prevent children (persons under 18) from accessing primary priority content (content that is harmful to children) on our platform.

1. Platform description

FanLuma (fanluma.com) is a creator monetisation platform that permits adult creators to share and monetise content with paying subscribers. The platform hosts user-generated adult content including nudity and sexually explicit material. This constitutes primary priority content as defined by the OSA (content that is pornographic or extremely harmful to children).

2. Assessment of likelihood of child access

We have assessed the risk that children may attempt to access FanLuma and concluded that the risk is non-negligible without robust age assurance. Contributing factors include:

  • The platform is publicly accessible via the internet.
  • Children routinely access the internet and may encounter links to adult platforms.
  • Without age assurance, a determined child could register with a false date of birth.

In light of this assessment, FanLuma has implemented a layered age assurance system described below. We conclude that, with these measures in place, the likelihood of a child accessing primary priority content on FanLuma is low.

3. Age assurance measures

Layer 1 — Age gate (all visitors)

Every visitor to fanluma.com, whether logged in or not, must pass an age gate before accessing any content. The gate requires:

  • Entry of a date of birth confirming the visitor is 18 or older.
  • Selection of their country of residence.
  • Confirmation that viewing adult content is legal in their jurisdiction.
  • Explicit tick-box confirmation of age and consent to the Terms of Service.

Upon passing, a cryptographically signed HMAC cookie (av_confirmed) is set for 1 year. The cookie is HttpOnly, SameSite=Strict, and cannot be read or modified by JavaScript. If the cookie is absent, expired, or tampered with, the gate is shown again. There is a prominent "Leave this site" button for visitors who do not meet the age requirement.

Layer 2 — Date of birth at registration

All users must provide a date of birth when registering. Persons who indicate they are under 18 cannot complete registration. The date of birth is stored against the user record and used to confirm age at the platform level.

Layer 3 — Creator identity verification (KYC)

Creators (users who publish content) must pass a manual identity verification process before publishing any content. This requires:

  • Submission of legal full name.
  • Submission of a date of birth, which must show the creator is 18 or older.
  • Upload of a government-issued photo ID (passport, driver's licence, or national ID card).
  • Upload of a selfie photograph holding the ID document.
  • Manual review and approval by a FanLuma admin before the creator can publish.

If a creator's documents indicate they are under 18, their account is immediately terminated and any uploaded material deleted.

Layer 4 — Authenticated user bypass

For authenticated users, the age gate is bypassed only when the user's account record contains a verified date of birth (stored on registration) confirmed to be 18+. This bypass uses a secure admin-only metadata flag set at authentication time and is not modifiable by users.

Layer 5 — Content gating

Premium and subscriber-only content is gated behind an active paid subscription. Payment processing requires a valid payment card, which provides an additional practical barrier against minors (who typically do not have access to payment cards).

4. Limitations acknowledged

We acknowledge that the age gate relies on self-declaration at the point of first access for anonymous visitors. While this approach aligns with current common industry practice, it does not constitute a technically robust age verification method equivalent to identity document verification.

We are monitoring the development of OFCOM's guidance on age assurance under the OSA and will update our measures as the regulatory framework is clarified to ensure ongoing compliance. We commit to implementing technically robust age verification in line with any applicable OFCOM codes of practice.

5. Reporting CSAM

FanLuma has a zero-tolerance policy on child sexual abuse material (CSAM). We operate the following channels for reporting:

Email: compliance@fanluma.com

NCMEC CyberTipline: cybertipline.org

Internet Watch Foundation: iwf.org.uk/report

Upon receiving a credible CSAM report, we will immediately remove the content, terminate the associated account, preserve evidence, and report to NCMEC and, where required, to the National Crime Agency (NCA) and/or local law enforcement.

6. Review schedule

This assessment will be reviewed annually and updated whenever we make material changes to our age assurance measures or when new regulatory guidance is issued by OFCOM.

7. Contact

Enquiries regarding this assessment should be directed to compliance@fanluma.com.