Global Privacy Policy

Last Updated: 2025-10-29 (Note: Content dynamically combines multiple policies.)

Global Privacy Policy\n\nSECTION 1. SCOPE AND GOVERNING REGULATORY FRAMEWORK\n\n1.1. Commitment to Privacy. DesirePlex is committed to the rigorous protection of User privacy and personal data. This Global Privacy Policy (the 'Policy') outlines the manner in which the Company collects, uses, processes, and protects the personal data of Users accessing the DesirePlex Platform.\n\n1.2. Global Compliance Framework. This Policy is designed to comply with or exceed the standards set forth by major international data protection statutes, including, but not limited to:\n\n(a) The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) for data subjects within the European Economic Area (EEA).\n(b) The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), for residents of the State of California.\n(c) Other relevant international and national data protection and electronic communications laws.\n\n1.3. Data Controller. The Company operating DesirePlex acts as the Data Controller with respect to the personal data processed under this Policy.\n\nSECTION 2. PERSONAL DATA COLLECTED\n\n2.1. Data Provided Directly by the User. The Company collects the following data when a User registers, subscribes, or interacts with the Platform:\n\n(a) Identity and Contact Data: Email address (mandatory for account creation), Telegram handle (optional), and any pseudonym or username chosen.\n(b) Transaction Data: Records of subscriptions purchased, renewal dates, amounts paid, and transaction IDs provided by Cryptomus, but explicitly excluding private wallet keys or cryptographic transaction signatures.\n(c) User-Generated Content (UGC) Data: Any personal data contained within stories, confessions, or comments submitted by the User.\n(d) Communication Data: Information provided when contacting support (support@desireplex.com) or providing feedback.\n\n2.2. Data Collected Automatically (Usage and Technical Data). The Company collects data automatically through cookies, log files, and analytics services:\n\n(a) Technical Identifiers: IP address, device type, browser type, operating system, and unique device identifiers.\n(b) Usage Data: Pages viewed, time spent on pages, Content consumed, referring/exit pages, and clickstream data.\n(c) Geolocation Data: General geographical location inferred from the IP address for the purpose of ensuring age and jurisdictional compliance.\n(d) Affiliate Tracking Data: Information related to the affiliate link used to reach the Platform, including the affiliate identifier and click timestamp.\n\n2.3. Special Category Data (Age Verification). In the course of complying with age restriction mandates, the Company may collect data related to a User's age. This is handled under the strict protocols of the Age Verification Policy and is considered highly sensitive. The Company employs minimization techniques, generally collecting only a verified confirmation of age 18+ rather than raw documentary proof.\n\nSECTION 3. LEGAL BASIS AND PURPOSES OF PROCESSING (GDPR Compliance)\n\n3.1. Performance of a Contract: The Company processes data necessary to provide the services requested, manage User accounts, process payments via Cryptomus, and fulfill subscription obligations (Art. 6(1)(b) GDPR).\n\n3.2. Legitimate Interests: The Company processes data for its legitimate interests, provided these are not overridden by the User's fundamental rights and freedoms. These interests include:\n\n(a) Security and Fraud Prevention: Protecting the Platform from unauthorized access, hacking, and detecting fraudulent payment attempts (Art. 6(1)(f) GDPR).\n(b) Content Moderation: Ensuring the strict non-pornography mandate and adherence to the Semi-Adult Content guidelines.\n(c) Platform Improvement: Analyzing usage data to diagnose technical issues and enhance the User experience.\n\n3.3. Legal Obligation: The Company processes data necessary to comply with legal obligations, such as maintaining business records and responding to lawful requests from public authorities (Art. 6(1)(c) GDPR).\n\n3.4. Consent: The Company obtains explicit consent for processing data where required by law, such as for the use of non-essential cookies and direct marketing communications (Art. 6(1)(a) GDPR).\n\nSECTION 4. DATA SHARING AND INTERNATIONAL TRANSFERS\n\n4.1. Third-Party Service Providers (Data Processors). The Company utilizes third-party providers to facilitate its services, including:\n\n(a) Cryptomus: Shares Transaction Data to facilitate crypto payments. Cryptomus acts as a separate data controller for their specific payment processing activities.\n(b) Cloud Hosting Providers: For data storage and infrastructure.\n(c) Analytics Providers: For tracking Platform performance and User behavior.\n(d) Affiliate Tracking Partners: To track referrals and calculate commissions.\n\n4.2. Legal and Regulatory Disclosure. The Company may disclose personal data if required to do so by law or in the good faith belief that such action is necessary to (a) comply with a legal obligation, (b) protect and defend the rights or property of the Company, (c) act in urgent circumstances to protect the personal safety of Users or the public, or (d) protect against legal liability.\n\n4.3. International Data Transfers. As a global platform, User data may be processed in, or accessed from, countries outside of the User's home jurisdiction, including the EEA. Where data is transferred internationally, the Company implements appropriate safeguards, such as:\n\n(a) Reliance on Adequacy Decisions recognized by the European Commission.\n(b) Implementation of Standard Contractual Clauses (SCCs) adopted by the European Commission.\n(c) Reliance on specific derogations allowed under Article 49 of the GDPR.\n\nSECTION 5. DATA SECURITY AND RETENTION\n\n5.1. Security Measures. The Company employs a combination of technical, organizational, and physical safeguards to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These include, where appropriate, encryption (in transit and at rest), pseudonymization, and access control mechanisms.\n\n5.2. No Guarantee. While the Company strives to protect User personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, the Company cannot guarantee the absolute security of any information submitted to the Platform.\n\n5.3. Data Retention. The Company retains personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purpose of satisfying any legal, accounting, or reporting requirements. Generally:\n\n(a) Account Data: Retained for the duration of the active User account plus a legally mandated period (typically 1 to 7 years) after closure.\n(b) Transaction Data: Retained for the statutory period required for financial record-keeping (typically 7 to 10 years).\n(c) Age Verification Metadata: Retained only long enough to confirm age compliance, after which it is promptly deleted or irreversibly pseudonymized, in accordance with the Age Verification Policy.\n\nSECTION 6. USER RIGHTS (GDPR AND CCPA/CPRA)\n\n6.1. General Data Subject Rights. Subject to specific legal limitations, Users may exercise the following rights:\n\n(a) Right to Access (GDPR/CCPA): The right to obtain confirmation as to whether personal data concerning them is being processed, and access to that data.\n(b) Right to Rectification: The right to have inaccurate or incomplete data corrected.\n(c) Right to Erasure ('Right to be Forgotten'): The right to request the deletion of personal data under certain conditions (e.g., if the data is no longer necessary for the original purpose).\n(d) Right to Restriction of Processing: The right to limit the way the Company uses personal data.\n(e) Right to Data Portability: The right to receive personal data in a structured, commonly used, and machine-readable format.\n(f) Right to Object: The right to object to the processing of personal data for direct marketing purposes or based on legitimate interests.\n\n6.2. California-Specific Rights (CCPA/CPRA). California residents have the following additional rights:\n\n(a) Right to Know: The right to request information about the specific pieces of personal information collected, the categories of sources, and the business purpose for collection.\n(b) Right to Opt-Out of Sale or Sharing: The Company does not ‘sell’ personal information in the traditional sense, but may ‘share’ data for cross-context behavioral advertising. Users have the right to opt-out of such sharing.\n(c) Right to Limit Use of Sensitive Personal Information: The Company processes Age Verification Data which may be considered Sensitive Personal Information (SPI). Users have the right to limit its use.\n\n6.3. Exercising Rights. Users may exercise their rights by submitting a formal request to support@desireplex.com. The Company will respond to all legitimate requests within the legally mandated timeframe (e.g., 30 days under GDPR, 45 days under CCPA).\n\nSECTION 7. CONTACT INFORMATION AND POLICY UPDATES\n\n7.1. Data Protection Contact. For any questions, concerns, or requests relating to this Policy, please contact the dedicated data protection team:\n\nEmail: support@desireplex.com\nTelegram: @desireplex\n\n7.2. Policy Amendments. The Company reserves the right to amend this Policy at any time. The 'lastUpdated' date at the top of the Policy indicates when revisions were last made. Substantial changes will be communicated to Users via email or through a prominent notice on the Platform.\n\nSECTION 8. CHILDREN'S PRIVACY (NO DATA COLLECTION FROM MINORS)\n\n8.1. No Processing of Minors' Data. The Platform is strictly restricted to individuals aged 18 and older. The Company does not knowingly collect, solicit, or maintain personal data from anyone under the age of 18. If the Company becomes aware that a person under 18 has provided personal data, all such data will be immediately and systematically deleted, and the associated account terminated.\n\n8.2. Parental/Guardian Responsibility. The Company urges parents and legal guardians to monitor their children's internet use and to help enforce this Policy by instructing their children never to provide personal data without their permission.

Last Updated: 2025-10-29 (Note: Content dynamically combines multiple policies.)

Global Privacy Policy\n\nSECTION 1. SCOPE AND GOVERNING REGULATORY FRAMEWORK\n\n1.1. Commitment to Privacy. DesirePlex is committed to the rigorous protection of User privacy and personal data. This Global Privacy Policy (the 'Policy') outlines the manner in which the Company collects, uses, processes, and protects the personal data of Users accessing the DesirePlex Platform.\n\n1.2. Global Compliance Framework. This Policy is designed to comply with or exceed the standards set forth by major international data protection statutes, including, but not limited to:\n\n(a) The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) for data subjects within the European Economic Area (EEA).\n(b) The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), for residents of the State of California.\n(c) Other relevant international and national data protection and electronic communications laws.\n\n1.3. Data Controller. The Company operating DesirePlex acts as the Data Controller with respect to the personal data processed under this Policy.\n\nSECTION 2. PERSONAL DATA COLLECTED\n\n2.1. Data Provided Directly by the User. The Company collects the following data when a User registers, subscribes, or interacts with the Platform:\n\n(a) Identity and Contact Data: Email address (mandatory for account creation), Telegram handle (optional), and any pseudonym or username chosen.\n(b) Transaction Data: Records of subscriptions purchased, renewal dates, amounts paid, and transaction IDs provided by Cryptomus, but explicitly excluding private wallet keys or cryptographic transaction signatures.\n(c) User-Generated Content (UGC) Data: Any personal data contained within stories, confessions, or comments submitted by the User.\n(d) Communication Data: Information provided when contacting support (support@desireplex.com) or providing feedback.\n\n2.2. Data Collected Automatically (Usage and Technical Data). The Company collects data automatically through cookies, log files, and analytics services:\n\n(a) Technical Identifiers: IP address, device type, browser type, operating system, and unique device identifiers.\n(b) Usage Data: Pages viewed, time spent on pages, Content consumed, referring/exit pages, and clickstream data.\n(c) Geolocation Data: General geographical location inferred from the IP address for the purpose of ensuring age and jurisdictional compliance.\n(d) Affiliate Tracking Data: Information related to the affiliate link used to reach the Platform, including the affiliate identifier and click timestamp.\n\n2.3. Special Category Data (Age Verification). In the course of complying with age restriction mandates, the Company may collect data related to a User's age. This is handled under the strict protocols of the Age Verification Policy and is considered highly sensitive. The Company employs minimization techniques, generally collecting only a verified confirmation of age 18+ rather than raw documentary proof.\n\nSECTION 3. LEGAL BASIS AND PURPOSES OF PROCESSING (GDPR Compliance)\n\n3.1. Performance of a Contract: The Company processes data necessary to provide the services requested, manage User accounts, process payments via Cryptomus, and fulfill subscription obligations (Art. 6(1)(b) GDPR).\n\n3.2. Legitimate Interests: The Company processes data for its legitimate interests, provided these are not overridden by the User's fundamental rights and freedoms. These interests include:\n\n(a) Security and Fraud Prevention: Protecting the Platform from unauthorized access, hacking, and detecting fraudulent payment attempts (Art. 6(1)(f) GDPR).\n(b) Content Moderation: Ensuring the strict non-pornography mandate and adherence to the Semi-Adult Content guidelines.\n(c) Platform Improvement: Analyzing usage data to diagnose technical issues and enhance the User experience.\n\n3.3. Legal Obligation: The Company processes data necessary to comply with legal obligations, such as maintaining business records and responding to lawful requests from public authorities (Art. 6(1)(c) GDPR).\n\n3.4. Consent: The Company obtains explicit consent for processing data where required by law, such as for the use of non-essential cookies and direct marketing communications (Art. 6(1)(a) GDPR).\n\nSECTION 4. DATA SHARING AND INTERNATIONAL TRANSFERS\n\n4.1. Third-Party Service Providers (Data Processors). The Company utilizes third-party providers to facilitate its services, including:\n\n(a) Cryptomus: Shares Transaction Data to facilitate crypto payments. Cryptomus acts as a separate data controller for their specific payment processing activities.\n(b) Cloud Hosting Providers: For data storage and infrastructure.\n(c) Analytics Providers: For tracking Platform performance and User behavior.\n(d) Affiliate Tracking Partners: To track referrals and calculate commissions.\n\n4.2. Legal and Regulatory Disclosure. The Company may disclose personal data if required to do so by law or in the good faith belief that such action is necessary to (a) comply with a legal obligation, (b) protect and defend the rights or property of the Company, (c) act in urgent circumstances to protect the personal safety of Users or the public, or (d) protect against legal liability.\n\n4.3. International Data Transfers. As a global platform, User data may be processed in, or accessed from, countries outside of the User's home jurisdiction, including the EEA. Where data is transferred internationally, the Company implements appropriate safeguards, such as:\n\n(a) Reliance on Adequacy Decisions recognized by the European Commission.\n(b) Implementation of Standard Contractual Clauses (SCCs) adopted by the European Commission.\n(c) Reliance on specific derogations allowed under Article 49 of the GDPR.\n\nSECTION 5. DATA SECURITY AND RETENTION\n\n5.1. Security Measures. The Company employs a combination of technical, organizational, and physical safeguards to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These include, where appropriate, encryption (in transit and at rest), pseudonymization, and access control mechanisms.\n\n5.2. No Guarantee. While the Company strives to protect User personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, the Company cannot guarantee the absolute security of any information submitted to the Platform.\n\n5.3. Data Retention. The Company retains personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purpose of satisfying any legal, accounting, or reporting requirements. Generally:\n\n(a) Account Data: Retained for the duration of the active User account plus a legally mandated period (typically 1 to 7 years) after closure.\n(b) Transaction Data: Retained for the statutory period required for financial record-keeping (typically 7 to 10 years).\n(c) Age Verification Metadata: Retained only long enough to confirm age compliance, after which it is promptly deleted or irreversibly pseudonymized, in accordance with the Age Verification Policy.\n\nSECTION 6. USER RIGHTS (GDPR AND CCPA/CPRA)\n\n6.1. General Data Subject Rights. Subject to specific legal limitations, Users may exercise the following rights:\n\n(a) Right to Access (GDPR/CCPA): The right to obtain confirmation as to whether personal data concerning them is being processed, and access to that data.\n(b) Right to Rectification: The right to have inaccurate or incomplete data corrected.\n(c) Right to Erasure ('Right to be Forgotten'): The right to request the deletion of personal data under certain conditions (e.g., if the data is no longer necessary for the original purpose).\n(d) Right to Restriction of Processing: The right to limit the way the Company uses personal data.\n(e) Right to Data Portability: The right to receive personal data in a structured, commonly used, and machine-readable format.\n(f) Right to Object: The right to object to the processing of personal data for direct marketing purposes or based on legitimate interests.\n\n6.2. California-Specific Rights (CCPA/CPRA). California residents have the following additional rights:\n\n(a) Right to Know: The right to request information about the specific pieces of personal information collected, the categories of sources, and the business purpose for collection.\n(b) Right to Opt-Out of Sale or Sharing: The Company does not ‘sell’ personal information in the traditional sense, but may ‘share’ data for cross-context behavioral advertising. Users have the right to opt-out of such sharing.\n(c) Right to Limit Use of Sensitive Personal Information: The Company processes Age Verification Data which may be considered Sensitive Personal Information (SPI). Users have the right to limit its use.\n\n6.3. Exercising Rights. Users may exercise their rights by submitting a formal request to support@desireplex.com. The Company will respond to all legitimate requests within the legally mandated timeframe (e.g., 30 days under GDPR, 45 days under CCPA).\n\nSECTION 7. CONTACT INFORMATION AND POLICY UPDATES\n\n7.1. Data Protection Contact. For any questions, concerns, or requests relating to this Policy, please contact the dedicated data protection team:\n\nEmail: support@desireplex.com\nTelegram: @desireplex\n\n7.2. Policy Amendments. The Company reserves the right to amend this Policy at any time. The 'lastUpdated' date at the top of the Policy indicates when revisions were last made. Substantial changes will be communicated to Users via email or through a prominent notice on the Platform.\n\nSECTION 8. CHILDREN'S PRIVACY (NO DATA COLLECTION FROM MINORS)\n\n8.1. No Processing of Minors' Data. The Platform is strictly restricted to individuals aged 18 and older. The Company does not knowingly collect, solicit, or maintain personal data from anyone under the age of 18. If the Company becomes aware that a person under 18 has provided personal data, all such data will be immediately and systematically deleted, and the associated account terminated.\n\n8.2. Parental/Guardian Responsibility. The Company urges parents and legal guardians to monitor their children's internet use and to help enforce this Policy by instructing their children never to provide personal data without their permission.