Privacy Policy

Last updated: 2024-07-09

This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from https://xxxfolio.com (the “Site”). Continuing to use this site means you agree to all of the mentions below.

When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.”

We collect Device Information using the following technologies:

  • “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit cookiesandyou.com.
  • “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.

The payments on our marketplace are made via Paypal, so we do not store any transactions related information, like credit card number, billing information etc. We do however store the Paypal transaction ID for easier reference in case of any disputes. We refer to this information as “Order Information.”

When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information and Order Information.

 

Who We Are

 

XXXfolio, along with its subsidiaries ("XXXfolio", "we", "us", "our"), values your privacy and is dedicated to safeguarding the personal information we handle in connection with your use of our services. XXXfolio is a premium content platform that empowers "Creators" to publish and monetize their content, while also allowing them to enjoy content from their peers. Simultaneously, we enable "Users" to subscribe to and engage with the material provided by our diverse community of Creators.

 

About This Policy

This privacy policy ("Policy") outlines our protocols regarding the personal data we handle for our Creators, Users, and individuals featured within the content shared by a Creator ("Content Collaborators"). It also encompasses our data processing practices in the context of business interactions.

We handle your personal data when you navigate our website located at [insert your website URL] ("Website") and while providing the various services offered through our Website. This also extends to your interactions with us via our social media pages on platforms like Twitter, Instagram, and beyond. These collective interactions are referred to as the "Services" in this Policy.

As a "data controller," we determine the purposes and methods for processing your personal data in connection with the Services.

Please take the time to review this Policy to understand our practices concerning your personal data as part of the Services. By engaging with our Services, you are acknowledging that you have read and comprehended the details of this Policy.

Should you have any inquiries about this Policy or our treatment of your personal data, please reach out to us.

 

What is Personal Data?

"Personal data" refers to any information that can identify, is associated with, describes, or can reasonably be connected to a specific individual or household, either directly or indirectly.

We might also gather data that cannot identify you or isn't connected to you in any way, such as deidentified, aggregated, or anonymized information. Since this kind of data doesn't qualify as personal data, it's not governed by this Policy, and our usage of it remains unrestricted by the terms herein.

 

Keeping Your Information Current

Ensuring the accuracy and currency of the personal data we maintain about you is crucial. If at any time during your engagement with XXXfolio there are changes to your personal data, we ask that you promptly update your information. You can make necessary modifications directly through your account settings on our Website. This helps us offer you the best possible service and experience.

 

Eligibility and Applicability of This Policy

This Privacy Policy supplements but is distinct from our Terms of Service (which encompasses our Acceptable Use Policy) that presides over the use of our Website and Services.

XXXfolio's Services are exclusively designed for individuals who are 18 years of age or older. The use of our Services by anyone under 18 is strictly prohibited. When you engage with our Services, you affirm that you are at least 18 years old. Any access or use of the Services by individuals under the prescribed age limit is unauthorized, unlicensed, and in violation of these terms.

 

Third-Party Links

Our Website may feature links to external third-party websites, plug-ins, and applications. Interacting with these links or enabling those connections could permit third parties to gather or distribute personal data about you.

Please be aware that we do not control these third-party websites and are not liable for their content, security, or privacy practices, which are not covered by this Policy. We advise you to review the privacy policies and cookie notices of these external sites to understand how they might process your personal data. Your engagement with these third-party entities falls outside the purview of XXXfolio's responsibility.

 

Necessity of Providing Personal Data

To grant you access to our Services and their various features and functionalities, we are required to collect specific personal data from you, as stipulated in our contract with you (i.e., our Terms of Service). Additionally, there are instances where we must process certain personal data to comply with legal obligations.

It is important to note that withholding personal data upon request may limit our ability to provide you with full access to the Services or certain aspects of their functionality. Your personal data is essential for us to deliver the complete array of features offered by XXXfolio.

 

Policy Updates

We reserve the right to amend this Policy periodically. Such updates will take effect immediately upon posting the revised Policy on our Website. We are committed to making reasonable efforts to inform you of any significant changes to this Policy, which may include notifications through your account, such as feed updates or chat messages. We encourage you to review our Policy regularly to stay informed of how we are protecting your personal data.

 

Categories of Personal Data

At XXXfolio, we handle various types of personal data pertaining to Creators, Fans, and Content Collaborators. This data is processed either by us or through our authorized third-party service providers. Below is a categorization of the personal data we process, along with descriptions for clarity:

 

User Data

Creators and Content Collaborators:

  • Full name* (Mandatory for Content Collaborators via release form if not already a Creator)
  • Alias (if applicable)
  • Residential address
  • Country of residence*
  • Email address
  • Telephone number
  • A copy of the government-issued identity document you provided*
  • A "selfie" photo with your government-issued identity document* (to confirm your identity and age)
  • Social media handles/personal website addresses (for additional verification and to understand projected content on our Website)
  • Signature on release forms* (required if you appear in another Creator's content)

Fans:

  • Email address
  • Telephone number

(Note: Items marked with an asterisk (*) are required for Content Collaborators not already registered as Creators on the Website and will be collected through a release form.)

The personal information we collect is essential for providing a secure and efficient service, ensuring that all users engage with our platform in compliance with legal age requirements and content regulations. Your privacy is of utmost importance, and we strive to protect it through our robust data handling practices.

Third-Party Onboarding Data

During the onboarding process, our third-party providers are responsible for collecting specific types of personal data:

Creators:

  • A copy of the government identity document you present
  • A short .gif created from a “selfie” photo you provide
  • The results of the third-party age and identity verification (indicating pass/fail and the reason if failed)
  • Metadata associated with the verification process, such as timestamps marking the start and end

Fans:

  • For locations where we implement third-party age and identity verification for Fans, a copy of the government identity document you present
  • For locations where we conduct third-party age estimation or third-party age and identity verification for Fans, a short .gif created from a "selfie" photo you provide
  • The results of the third-party age estimation or third-party age and identity verification (indicating pass/fail and the reason if failed)
  • Metadata associated with the verification process, such as timestamps marking the user's start and finish times

Please refer to (Our Onboarding Processes) for more detailed information. It's important to note that the Third-Party Onboarding Data and Technical Data do not encompass Face Recognition Data, as outlined below.

Account Data

Within the XXXfolio platform, we maintain specific account-related personal data for both Creators and Fans to ensure seamless interaction and service delivery:

Creators:

  • Profile name
  • Password (encrypted and securely stored)
  • Avatars and headers associated with your Creator account
  • Information on your subscriptions, subscribers, and referrals
  • Posts made via your Creator account
  • Comments on posts from your Creator account
  • Chat messages exchanged with other users
  • Customer support inquiries submitted by you

Fans:

  • Profile name
  • Password (handled with strict security measures)
  • Avatars and headers associated with your Fan account
  • Details about your active subscriptions
  • Comments on posts from your Fan account
  • Chat messages with other users or Creators
  • Customer support inquiries submitted by you

This Account Data is integral to delivering a personalized user experience, facilitating communication, and providing robust customer support. It enables us to manage accounts effectively and offer a platform that caters to the needs and preferences of our community.

Financial Data

To facilitate transactions and comply with legal requirements, XXXfolio collects financial information from Creators and Fans as follows:

Creators:

  • Payment card details* (processed securely by third-party payment providers)
  • Billing address
  • Transactions and funds added to your wallet
  • Bank account details for payouts
  • Payout country
  • Details of corporate or business entities for tax purposes
  • Social Security number (only for US Creators) or other tax identification information
  • Tax forms such as W-9, 1099-MISC, and 1099-NEC (specifically for US Creators)

Fans:

  • Payment card details* (handled by third-party payment providers)
  • Billing address
  • Transactions and funds added to your wallet

*Important Note: When processing payments, XXXfolio does not collect your full payment card number, expiration date, or security code. Our third-party payment providers only share a token that represents your account, the type of card, expiration date, and the first six and last four digits of your payment card number with us.

This Financial Data is essential for executing transactions, managing wallets, fulfilling payouts, and ensuring that all financial dealings on the XXXfolio platform are conducted smoothly and securely, maintaining compliance with financial regulations.

Transaction Data

XXXfolio carefully tracks and manages transaction-related information for both Creators and Fans to maintain accurate financial records and to ensure transparency in all monetary interactions on the platform:

Creators:

  • Earnings accrued from content, subscriptions, and tips
  • Requests for payouts and details of completed payouts
  • Payments received by your Creator account from Fans
  • Payments initiated from your Creator account to other Creators (if applicable)
  • Records of any failed or declined payments

Fans:

  • Payments made to subscribe to and support Creators
  • Records of any failed or declined payments

This Transaction Data is vital for providing Creators with timely payouts, offering Fans seamless payment experiences, and maintaining a trustworthy financial environment within XXXfolio's community. It helps both Creators and Fans to keep track of their financial activities and manage their accounts effectively.

Technical Data

At XXXfolio, we collect and manage technical information from both Creators and Fans to enhance user experience, troubleshoot issues, and ensure the smooth functioning of our services:

Creators and Fans:

  • Internet and electronic network activity data, such as:
    • Internet Protocol (IP) address, along with related geographic location data
    • Your Internet Service Provider (ISP)
    • The type and specifics of the device you use to access our services
    • The name and version of your web browser

This Technical Data helps us to understand how our platform is being used, to optimize our services for different devices and browsers, and to safeguard our platform by detecting and preventing fraudulent activities. It also assists in improving our website's functionality and overall performance, ensuring a better and more secure experience for all our users.

Usage Data

To ensure seamless navigation and functionality, XXXfolio employs cookies for both Creators and Fans.

Creators and Fans:

  • Necessary cookies are utilized to allow you to browse our Services and access critical Website pages.
  • With your consent, we use cookies for the following purposes:
    • Performance: These cookies help us analyze user interaction with the Website, leading to improvements in our Services. For Creators, they enable us to recognize referrals made via your unique referral code.
    • Functionality: These cookies remember your preferences, such as staying logged in for a smoother user experience.

For more detailed information about our usage of cookies, including guidance on managing, deleting, or blocking cookies, please review our Cookie Notice. It is important to note that some of the data we collect from cookies may be deidentified, aggregated, or anonymized.

XXXfolio currently abstains from employing any cross-site tracking technologies. Moreover, we do not engage in the sale of personal data or share personal data collected from you for the purpose of cross-context behavioral advertising. Our commitment to your privacy extends to how we handle the data derived from cookies, ensuring it is managed with care and transparency.

Face Recognition Data

Creators (and Fans in select locations):

During the onboarding process, our trusted third-party providers may employ face recognition technology as a means to digitally verify your identity.

It is important to clarify that Face Recognition Data is managed exclusively by our third-party providers. XXXfolio does not collect, receive, possess, or access Face Recognition Data at any point. The data is handled in compliance with stringent privacy standards and is solely under the custody of the third-party providers to ensure your privacy and data security are upheld.

 

Our Onboarding Processes

CREATORS

To ensure compliance with legal age requirements and to establish the identity of Creators on XXXfolio, we have instituted the following onboarding procedures:

  1. Collection of Creator User Data which includes necessary personal information for account creation and verification purposes.

  2. Verification of your country of residence to confirm lawful access to the Website and Services.

  3. Request for Financial Data, which is crucial for processing payments to Creators for their content and enabling Creators to access their earnings via the Website. This data also serves as a layer of verification and fraud prevention.

  4. Age and Identity Verification through a third-party process:

    • You will be asked to submit a "selfie" and a photo of your government-issued identity document to our third-party provider, who will then create a short .gif.
    • The third-party provider employs Face Recognition Data to match the images, facilitating digital verification of your age and identity.
    • We do not handle any Face Recognition Data. All such data is managed by our third-party providers.
    • We receive Third-Party Onboarding Data and certain Technical Data from our providers, where lawfully permitted, to document the verification process.
  5. Confirmation that you have not been previously barred from using the Website and Services, for instance, due to breaches of our Terms of Service.

Through these comprehensive steps, XXXfolio ensures that all Creators meet the necessary criteria to maintain the platform's integrity and abide by legal standards.

 

FANS

We have established procedures to ensure that all Fans on XXXfolio: (i) are at least 18 years of age, and (ii) in specific locations, have their identities verified. To create a Fan account, we will:

  1. Request Fan User Data, capturing essential information needed for account setup and verification.

  2. Verify your country of residence to ensure legitimate access to the Website and Services.

  3. Collect Financial Data, necessary for Fans to make payments to Creators and to serve as a verification and anti-fraud safeguard.

  4. Implement a third-party process to verify age, which varies by location and provider:

    • Third-party age and identity verification: In certain locations, we must take additional measures to verify the age and identity of our Fans. This involves you providing a "selfie" and a government-issued ID photo to our third-party provider, which then uses Face Recognition Data to confirm your age and identity through image matching, we do not collect or access this Face Recognition Data directly. When legally allowed, we may be provided with Third-Party Onboarding Data and some Technical Data by our providers to document the age and identity verification process.

 

Periodic Authentication of Your Identity

As long as you hold an account with us, we might require you to periodically verify your identity. If you have already undergone our third-party age and identity verification process, our third-party providers may, where permitted by law, retain your Face Recognition Data. This retention enables easier authentication of your identity in the future, eliminating the need for you to provide your government identity document again during authentication.

Withdrawing Consent

You have the option to withdraw your consent for the retention of your Face Recognition Data used for subsequent authentication. To do this, simply contact us at privacy@XXXfolio.com and request to delete your Face Recognition Data.

Please note that while withdrawing your consent does not affect your ability to undergo subsequent authentication processes, it might require you to present your government identity document again to our third-party provider during future authentications.

 

Usage and Lawful Basis for Processing Personal Data

We process personal data based on one or more of the following legal bases:

  1. Consent: We only ask for your consent in specific situations. For instance, when our third-party providers process your Face Recognition Data as part of the identity and age verification process for all Creators and certain Fans. Additionally, we ask for consent to take age estimation captures, which may involve the use of Face Recognition Data, for Fans in specific locations.

  2. Performance of a contract: When you use our Services, you enter into a contract with us via our Terms of Service. We process your personal data to fulfill this contract (for example, enabling transactions between Fans and Creators, processing Creator earnings) and to enforce the terms of our contract.

  3. Legitimate interests: We may process personal data if it aligns with our legitimate interests or those of a third party. This includes scenarios like investigating and responding to a report submitted through our DMCA takedown procedure to protect a Creator's intellectual property rights.

  4. Compliance with legal obligations: As we operate globally, we may need to process personal data to comply with the applicable laws, rules, and regulations in the areas we operate.

  5. Tasks carried out in the public interest: At times, we may process personal data in the interest of public safety. For example, we may report illegal activities to the relevant law enforcement authorities, other governmental agencies, and non-governmental organizations.

We will only utilize your personal data for the reasons we initially collected it, unless we reasonably believe that we need to use it for another purpose that aligns with the original purpose.

  • Account creation (both Creators and Fans): Performance of a contract.
  • Creator age and identity verification and, where applicable, subsequent authentication (specifically in relation to the processing of Face Recognition Data): Consent.
  • Fan age and identity verification and, where applicable, subsequent authentication, in certain locations (specifically in relation to the processing of Face Recognition Data): Consent.
  • Fan age estimation, in certain locations (specifically in relation to the processing of the age estimation capture, which may involve the use of Face Recognition Data): Consent.
  • Fan age verification (to the extent we are able to do so without third-party age and identity verification or third-party age estimation): Performance of a contract.
  • Government identity document validity check, and maintaining a record of the age and identity verification process (for Creators, and Fans in certain locations): Performance of a contract.
  • Maintaining a record of the age estimation process (for Fans in certain locations): Performance of a contract.
  • Providing the Services, including the hosting of Creator content, the fulfillment of transactions between Fans and Creators, and processing Creator earnings: Performance of a contract.
  • Providing technical support to Fans and Creators: Performance of a contract.
  • Communicating with you about the Services, responding to support requests or, sharing information about the Services (e.g., providing updates to our Terms of Service or this Policy): Performance of a contract.
  • Ensuring compliance with, and enforcing, our Terms of Service and other usage policies (e.g., our Acceptable Use Policy): Performance of a contract.
  • Moderation and filtration of text and content uploaded to the Website, livestreaming on the Website, content sent in chat messages on the Website, and to monitor and investigate violations of our Terms of Service: Performance of a contract.
  • Filtration of text sent in direct messages on the Website to investigate violations of our Terms of Service: Performance of a contract.
  • Removal from the Services of text and content uploaded by users that is identified as illegal, and suspending or deactivating those user accounts: Compliance with legal obligations and Performance of a contract.
  • Removal from the Services of text and content uploaded by users that is identified as violating our Terms of Service and where appropriate, suspending or deactivating user accounts: Performance of a contract.
  • Maintaining a record of banned users, to prevent further access to the Website: Legitimate interests.
  • Reporting illegal activity to relevant law enforcement authorities, other governmental agencies and non-governmental organizations: Legitimate interests and Task carried out in the public interest.
  • Preservation and sharing of personal data in the context of legal proceedings (e.g., litigation): Legitimate interests.
  • Complying with applicable laws, rules, and regulations: Compliance with legal obligations and Legitimate interests.
  • Monitoring transactions and company network, systems, applications, and data, to: (i) detect malicious, deceptive, fraudulent, or illegal activity in order to protect information security and integrity, user safety; and (ii) respond to / investigate incidents where appropriate: Legitimate interests and Task carried out in the public interest.

    As necessary or appropriate to protect the rights and property of our users, us, and other third parties: Legitimate interests.
  • Data analysis and testing, system maintenance, reporting, and hosting of data, to maintain, develop, and improve the provision of the Services (e.g., safety, performance, and functionality): Consent (involving Usage Data, where this is personal data, collected via cookies), and Legitimate interests.
  • As necessary in the context of a possible sale, merger, acquisition, business reorganization, or group restructuring exercise: Legitimate Interests.
  • Processing of personal data in connection with sponsorships, and our relationship with service providers, professional advisers, and other third parties for business purposes (e.g., business contact information and correspondence): Performance of a contract and Legitimate Interests.

 

Obtaining Your Personal Data

  • Personal data is collected directly from you. This happens when you provide it to us for opening an account, updating personal data in your account, or when corresponding with us. The types of data collected in this way include User Data and Account Data.

  • Personal data is collected automatically or indirectly from you. This happens through and as a result of your use of the Services. The types of data collected in this way include Transaction Data, Technical Data, and Usage Data.

  • Personal data is received from our service providers. For example, where permitted by applicable law, we receive Third-Party Onboarding Data and certain Technical Data from our third-party age and identity verification providers.

Your personal data may be shared with various entities:

  1. Third-party service providers: These are entities that provide services such as IT, payment processing, customer support, content and text moderation, and age and identity verification. The data sharing is based on our legitimate interests to support our business functions.

  2. Professional advisors: These include legal advisors, bankers, auditors, accountants, consultants, and insurers. They handle personal data as required to offer their services to us. This sharing is grounded in our legitimate interest in receiving professional services.

  3. Corporate entities: In cases of potential sales, mergers, acquisitions, business reorganizations, or group restructuring exercises, relevant third parties may have access to your personal data. This is based on our legitimate interests and those of the relevant third parties involved in such transactions.

  4. Group companies: For centralised coordination and management of our business, your data might be shared with our group companies. The sharing of your personal data with these recipients is grounded in our legitimate interests in coordinating our global business operations.

  5. Authorities, regulators, and organisations: In response to requests from governmental authorities (including law enforcement and tax authorities), regulators, and non-governmental organisations (like the National Center for Missing & Exploited Children (NCMEC)), your personal data may be shared. These recipients will process your personal data in the performance of their regulatory, law enforcement, or charitable roles. The basis for sharing your personal data with these recipients is either compliance with a legal obligation, our legitimate interests or those of a third party, or in the wider public interest to report illegal content and protect the safety of our users and third parties.

 

International data transfers

International data transfers are a part of our operations due to our global presence and the nature of our services. We share your personal data within our group companies and third parties which may sometimes involve transferring your data outside the UK, the EEA, and Switzerland.

We ensure that such transfers are carried out: (i) to countries that have been officially recognized as providing an adequate level of protection for personal data, (ii) using suitable safeguards to protect your personal data, or (iii) as otherwise permitted by applicable law.

We are committed to ensuring the security of your data during these transfers. If you want more information about the specific mechanisms we use when transferring your personal data outside the UK, the EEA, and Switzerland, please get in touch with us at support@xxxfolio.com

Rights regarding your personal data

You have certain rights regarding your personal data that we respect and uphold. These rights can be exercised by contacting us. However, please note that these rights are subject to certain conditions and exceptions:

  1. Withdraw your consent: You have the right to withdraw your consent for us to process your personal data at any time. However, this will not impact any processing that occurred prior to your withdrawal.

  2. Access your personal data: You can request to access the personal data we hold about you to verify the legality of our processing.

  3. Correct your personal data: If you identify that the personal data we hold about you is incomplete or inaccurate, you have the right to ask us to correct it.

  4. Delete your personal data: If you feel there is no valid reason for us to continue processing your data, you can request us to delete or remove it. However, we may not always be able to comply with your request due to specific legal reasons.

  5. Restrict the processing of your personal data: You have the right to request us to suspend the processing of your personal data under certain conditions, such as when you want us to verify its accuracy or the justification for processing it.

  6. Request data portability: You can ask us to transfer your personal data to another party in certain cases. This right applies only to information you have provided to us that we process with your consent or to perform a contract, and when processing is automated.

Please don't hesitate to contact us if you have any questions or concerns about these rights or if you would like to exercise any of them. Our commitment is to ensure the privacy and protection of your personal data.

 

You have the right to object to the processing of your personal data when we are relying on a legitimate interest and there is something about your specific situation that makes you want to object to processing on this ground. If you object, we will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

We don't engage in processing personal data that is subject to solely automated decision-making, where that decision-making could have a legal or similarly significant effect on you.

Furthermore, you have the right to lodge a complaint with a data protection regulator. For example, in the UK, this is the Information Commissioner's Office (ICO), and in Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC). If you are a resident in the EEA, you may want to contact your local country or state-specific data protection regulator.

Depending on your location, you also have the right not to receive retaliatory or discriminatory treatment in connection with a request to exercise the above rights or appeal a decision we have made concerning your privacy rights request. To appeal a decision, you should submit your request by contacting us.

Our aim is to respect your privacy rights and handle any concern with the utmost diligence and transparency. If you have any questions or need further clarification, please do not hesitate to reach out to us.

Exercising your rights

If you wish to exercise your rights, then do so by reaching out to us support@xxxfolio.com

When you submit the request yourself, please ensure that it includes sufficient details that enable us to confirm your identity, understand your request appropriately, evaluate it accurately, and respond to it effectively.

To verify your identity, we may occasionally need to request additional personal data from you. This depends on our relationship with you and the sensitivity of your request. In some situations, we may decline a privacy rights request, especially when we are unable to verify your identity.

If your request is made by a third party authorized by you, we will also require proof that the third party is permitted to submit the request on your behalf. This proof could be a signed document that shows the third party has the authority to make the request.

We are committed to protecting your privacy and ensuring you have control over your personal data. Please feel free to reach out if you have questions or need more information.

 

 Control of your personal data

You have several options to manage and control your personal data:

Modifying and Deleting Your Personal Data: If you have an account with us, you can modify your account settings on our website. Please note that any changes to your settings may take a while to take effect.

Access to Device Information: You have control over the Services' access to your Technical Data through the "Settings" app on your device. For example, you can revoke permission for the Services to access your network devices and geolocation.

Email Notification Opt-Out: We currently do not send emails for direct marketing purposes. However, we do send email notifications related to your account (for example, notifications about new subscribers, received tips, or subscription renewals if you're a Creator). You can opt out of receiving certain types of email communications from us by changing your notification preferences on our website. Alternatively, you can email us support@xxxfolio.com. Please title your email "Email Notification Opt-Out," and make sure to include your name and account email address in the body of the email.

Please be aware that you cannot opt out of certain automated email notifications that are necessary for us to provide the Services or are required by law (for instance, account verification, transactional communications, or notifications about changes or updates to service features, technical issues, or security issues).

 

How we handle the retention of your personal data:

We retain your personal data as long as it is reasonably necessary for the purposes for which it was collected, as detailed in this Policy. Generally, we keep personal data for a period of 6 months after your account on the website is deleted or deactivated.

However, please note the following points:

  • If a shorter retention period is mandated by applicable law, we will delete your personal data earlier.

  • In certain situations, we may retain your personal data for a longer period if we believe it is necessary for the processing activities described in this Policy. Examples include:

    • Compliance with laws and regulatory obligations applicable to us (for instance, record-keeping or maintenance requirements in certain locations, financial or tax reporting requirements, which in some cases can be up to 7 years, or if we receive a valid legal request, like a preservation order or search warrant, related to your account).
    • Identifying and reporting illegal activity, ensuring the safety of our users and third parties, or protecting the rights and property of our users, our company, and other third parties (for instance, if you have violated, or we have reason to believe that you have violated, our Terms of Service, or in situations where users are banned from further access to the Website).
    • Legal proceedings (for example, to defend ourselves in litigation related to a claim about you).
    • Responding to requests from third parties related to your account, such as inquiries or investigations by law enforcement authorities, relevant governmental authorities (e.g., tax authorities and regulatory authorities) and non-governmental organizations (e.g., NCMEC).

The specific personal data that we retain and the duration for which it is retained will be determined on a case-by-case basis, depending on the particular circumstances.

 

We have a designated Data Protection Officer (DPO) who, along with our team of privacy specialists, is responsible for addressing any queries, requests, or concerns related to this Policy and our handling of personal data.

If you have any questions about this Policy or our data processing practices, you can contact us by either submitting a ticket through your account or emailing us at support@xxxfolio.com.

 

Additional privacy disclosures

For the residents of certain U.S. states, including California, Colorado, Connecticut, Nevada, Utah, and Virginia, we provide additional privacy disclosures. These U.S. State Privacy Disclosures supplement the information in our main Policy and provide additional details about our personal data processing practices for residents of these states. All terms defined in the Policy maintain the same meanings in these U.S. Disclosures, unless stated otherwise.

For the purpose of these U.S. Disclosures, personal data does not include publicly available information or deidentified, aggregated, or anonymized data that cannot be associated with or linked to an individual.

We do not sell or share personal data for targeted advertising. This means we will not use your personal data gathered over time from your activities across various services or businesses to display personalized ads to you.

In terms of sensitive information, although it may be disclosed for a business purpose as outlined in our Policy, we do not sell or share such information for targeted advertising. This commitment ensures another layer of protection for your sensitive personal data.

Under certain privacy laws, the personal data elements that we, or our service providers, collect may be classified as "sensitive information". These elements can include:

  • Username and password
  • Social security number, driver's license number, and passport number
  • Government identifiers (such as driver's license numbers)
  • Partial payment card number and the name registered with your payment card
  • Face Recognition Data (biometric information which is collected and processed by our third-party providers)

We use this sensitive information for the purposes set out in this document, (how/why we use your personal data and lawful bases for processing). This may include operational requirements, contract performance, legal and regulatory compliance, user safety, and other internal purposes permissible under applicable laws.

Regarding anonymized or de-identified information, we may process personal data to create anonymized data that can no longer be used to infer information about, or be linked to, a particular individual or household. When we maintain de-identified information, we will keep it in deidentified form and will not attempt to reidentify it, except as required or permitted by law.

Our Services are strictly intended for individuals who are 18 years of age or older. Anybody under the age of 18 is not permitted to use the Services. By using the Services, you represent that you are 18 years of age or older.

For residents of the State of California, there are specific disclosures:

We gather personal data as per the categories of personal data set forth within Californian law. This has been addressed further in our policy (categories of personal data).

Here are the categories for personal data we collect:

  1. Identifiers: This includes your name, address, phone number, email address, passport or other government identity information including driver's license information, account information, or other similar identifiers.

  2. Customer Records: This includes your driver's license number, passport number, partial debit card information, partial credit card information, bank account information or other payment or financial information.

  3. Protected Classification Characteristics: This includes details such as age, date of birth, and gender.

  4. Commercial Information: This includes information about products or services purchased and your use of our Services.

  5. Biometric Information: This is limited to Face Recognition Data, used by our third-party providers for age and identity verification purposes. Face Recognition Data remains with our third-party providers and we do not ourselves collect, receive, possess or have access to this data.

  6. Internet / Network Information: This includes device information, log, and analytics data.

  7. Sensory Information: This includes pictures and videos (content) you upload to the Website.

  8. Professional / Employment Information: This includes the business or organization you are associated with and, where applicable, your title with that business or organization and information relating to your role with the business or organization.

We may share the categories of personal data outlined above for business purposes with service providers or other third parties, as outlined in this Policy.

Disclosure of Personal Data: We may share the categories of personal data mentioned above with the following categories of third parties for a range of business purposes: our group and affiliated companies, service providers, our professional advisors, business partners, other businesses as needed to provide our Services, and certain third parties where you have provided consent, in connection with a corporate transaction, or where we are required by law or in connection with other legal processes.

Sources of Personal Data: We collect personal data directly from you, your browser or device when you interact with our Services, from our business partners and affiliates, third parties you direct to share information with us, and from other third-party providers. 

Purpose for Collection: We collect personal data about you for the purposes set out in this policy (how/why we use your personal data and the lawful bases for processing).

 

Notice of Financial Incentives:

As stated earlier, we currently do not use any cross-site tracking technologies and we do not sell or share personal data collected about you for cross-context behavioural advertising. We also do not send emails for direct marketing purposes currently.

We offer a referral program at present, wherein existing Creators on our Website can use their unique referral code to introduce people interested in becoming Creators on the Website. The referring Creator will receive referral payments based on the referred Creator's earnings. This referral program is subject to our Terms of Service and any referral payments are calculated and limited as described in the Referral Program Terms in our Terms of Service.

Any personal data associated with the referring Creator or the referred Creator is processed in accordance with this Policy.

We have determined that the value of the referral program is reasonably related to the value of the personal data we process in connection with the referral program (based on our reasonable but sole determination). We estimate the value of the personal data we receive and process in connection with the referral program by considering the expense we incur in collecting and processing the personal data, as well as the expenses related to facilitating the referral program.

You can exercise your rights in relation to your personal data as outlined in this Policy, and as applicable, by submitting a ticket through your account or by emailing support@xxxfolio.com.