Data Controller Information
AdultWorld ("we", "us", or "our") operates the platform at adultworld.ai and is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, you may contact our Data Protection Officer at [email protected].
What Data We Collect
We collect the following categories of personal data:
- Account informationβ Email address, username, and password hash. This data is required to create and secure your account.
- Profile dataβ Photos, biography, services offered, rates, and location information that you voluntarily provide to build your public profile.
- Usage dataβ IP address, device type, browser type and version, pages visited, and interaction patterns. This data is collected automatically when you use our platform.
- Communication dataβ Messages sent and received through our platform messaging system.
- Payment dataβ Transaction records processed via Stripe. We do not store your credit card numbers, CVV, or full payment card details on our servers. All payment information is handled directly by Stripe in accordance with PCI DSS standards.
- Verification dataβ Age verification logs and results, including records of completed verification checks for regulatory compliance.
Why We Collect Your Data
We process your personal data for the following purposes:
- Providing servicesβ To operate the platform, manage your account, facilitate connections, and process payments.
- Age verificationβ To comply with legal requirements, particularly under UK law, ensuring all users are at least 18 years of age.
- Safety and securityβ To protect our users, detect fraud, prevent abuse, and maintain the integrity of the platform.
- Analyticsβ To understand how users interact with our platform and to improve the user experience.
- Communicationβ To send you service-related notifications, respond to your enquiries, and provide customer support.
Legal Basis for Processing (GDPR)
Under the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018, we rely on the following legal bases for processing your personal data:
- Consentβ Where you have given clear consent for us to process your personal data for a specific purpose, such as marketing communications or optional cookies.
- Contractβ Processing is necessary for the performance of a contract with you, including providing platform services, managing your account, and processing payments.
- Legitimate interestβ Processing is necessary for our legitimate interests (or those of a third party), such as fraud prevention, platform security, and service improvement, provided these interests are not overridden by your rights.
- Legal obligationβ Processing is necessary to comply with a legal obligation, such as age verification requirements and law enforcement requests.
Data Sharing
We do not sell your personal data. We share data only with the following trusted third-party service providers, each of which is bound by data processing agreements:
- Supabaseβ Database hosting and backend infrastructure. Data is stored in secure, managed cloud environments.
- Stripeβ Payment processing. Stripe handles all payment card information directly and is PCI DSS Level 1 certified.
- Email providerβ Transactional email delivery for account notifications, password resets, and service communications.
- Cloudflareβ Content delivery, DDoS protection, and bot mitigation through Cloudflare Turnstile.
- Yotiβ Age verification provider for UK users, ensuring compliance with the UK Online Safety Act 2023.
We may also disclose your data where required to do so by law, in response to valid legal process, or to protect the rights, property, or safety of AdultWorld, our users, or the public.
Data Retention
- Account data is retained for as long as your account remains active.
- Deleted accountsβ When you delete your account, your personal data is permanently removed within 30 days. Certain anonymised records may be retained for legal compliance.
- Verification documents are deleted within 30 days of successful verification. Only the verification result (pass/fail) is retained.
- Transaction records may be retained for up to 7 years as required by financial regulations.
Your Rights (GDPR Articles 13β22)
Under the GDPR and UK data protection law, you have the following rights regarding your personal data:
- Right of accessβ You can request a copy of all personal data we hold about you.
- Right to rectification β You can request correction of inaccurate or incomplete data.
- Right to erasureβ You can request deletion of your personal data ("right to be forgotten").
- Right to restrictionβ You can request that we limit the processing of your data in certain circumstances.
- Right to data portability β You can request your data in a structured, commonly used, machine-readable format.
- Right to objectβ You can object to processing based on legitimate interests or direct marketing.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection authority (in the UK, the Information Commissioner's Office).
Children's Privacy
AdultWorld is strictly for adults aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have inadvertently collected data from a minor, we will take immediate steps to delete that data and terminate the associated account.
International Data Transfers
Your data may be transferred to and processed in countries outside the UK and European Economic Area (EEA). Where such transfers occur, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner's Office, to protect your data in accordance with GDPR requirements.
Security Measures
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, secure authentication mechanisms, regular security audits, and access controls limiting data access to authorised personnel only. No system is completely secure, however, and we cannot guarantee absolute security.
Updates to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via a notice on our platform or by email. We encourage you to review this policy periodically. The "Last updated" date at the top indicates when this policy was most recently revised.
Contact Us
For any questions or concerns about this Privacy Policy or our data practices, please contact our Data Protection Officer at [email protected].