Privacy Policy

Version 1.0 – Effective Date: October 15, 2025

Purpose

This Privacy Policy explains how Seacrets collects, uses, stores, and protects personal data in connection with the operation of its digital platform, products, and services.

Our objective is to provide transparency regarding data processing, ensure confidentiality through appropriate technical and organizational safeguards, and enable users to exercise control over their personal data rights.

Seacrets complies with applicable data protection regulations, including:

• General Data Protection Regulation (GDPR – European Union)
• Lei Geral de Proteção de Dados (LGPD – Brazil)
• California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA – USA)
• Biometric Information Privacy Act (BIPA – Illinois)
• Contractual privacy and security obligations imposed by payment networks and technology partners

Scope

This policy applies to all individuals and entities interacting with the Seacrets digital ecosystem, including:

• Visitors accessing public areas of the website
• Registered creators who upload or monetize content
• Fans and consumer users, with or without active subscriptions
• Employees, contractors, and moderators
• Third-party service providers supporting technology, payments, verification, analytics, marketing, or infrastructure

Covered environments include websites, mobile applications, APIs, integrations, and third-party hosting and cloud infrastructure.

Legal Bases for Processing

Seacrets processes personal data only when a valid legal basis exists, including:

• Performance of a contract, such as account creation, service delivery, subscriptions, and payments
• Legitimate interests, including fraud prevention, platform security, and legal defense
• User consent, for marketing communications, non-essential cookies, and biometric verification where applicable
• Compliance with legal obligations, including KYC/AML, tax, and regulatory reporting requirements

Users may withdraw consent at any time without affecting the lawfulness of processing performed before withdrawal.

Data We Collect

Depending on the nature of the interaction, Seacrets may collect the following categories of personal data:

• Identification data such as name, date of birth, government-issued ID, and biometric verification data
• Financial data including payment tokens, billing records, and chargeback history
• Content data such as uploaded images, videos, streams, metadata, and associated technical information
• Device and technical data including IP address, browser type, operating system, and device identifiers
• Location data derived from IP-based geolocation or device settings where authorized
• Usage data such as pages viewed, interaction patterns, and session activity

Seacrets does not knowingly collect or process personal data from minors. The platform is strictly limited to individuals aged eighteen (18) or older, or the legal age in their jurisdiction.

Additional Data Sources

For verification, compliance, and risk prevention purposes, Seacrets may obtain data from trusted external sources, including:

• Identity verification and KYC providers
• Sanctions, PEP, and watch lists maintained by governmental or international authorities
• Anti-fraud databases and financial crime prevention services
• Public or official records where legally permitted

Purposes of Processing

Personal data is processed for legitimate and proportionate purposes, including:

• Providing and maintaining platform services and user accounts
• Processing payments, subscriptions, and payouts
• Complying with KYC, AML, and payment network requirements
• Detecting abuse, fraud, non-consensual content, and prohibited activities
• Improving platform performance, user experience, and security
• Sending promotional communications, subject to user preferences
• Complying with legal obligations and defending legal claims

Data Sharing

Seacrets shares personal data only with authorized recipients and only when necessary, including:

• Payment processors, banks, and card networks for transaction processing
• KYC and AML providers for identity and risk verification
• Analytics and infrastructure providers operating under strict safeguards
• Judicial, regulatory, or law enforcement authorities where legally required
• Corporate transaction partners in the event of mergers or acquisitions, subject to safeguards

Seacrets does not sell or rent personal data and does not share data with brokers or advertising networks without explicit consent.

International Data Transfers

Personal data may be transferred and processed outside the user’s country of residence. Such transfers are protected through contractual, technical, and organizational safeguards, including encryption, standard contractual clauses, and access controls.

Data Retention

Personal data is retained only for as long as necessary to fulfill legal, contractual, and operational purposes.

• KYC and identity records are retained for a minimum of seven (7) years
• Access and activity logs are retained for up to eighteen (18) months
• Deleted content and closed accounts are erased or anonymized within 180 days unless legally required

Information Security

Seacrets applies robust security measures, including encryption, access controls, network segmentation, incident response procedures, and continuous monitoring to protect personal data.

Cookies and Similar Technologies

The platform uses essential, authentication, and analytics cookies. Users may manage cookie preferences through browser settings. Disabling essential cookies may affect platform functionality.

Minors and Age Restrictions

Seacrets is strictly intended for adults. Measures such as age confirmation, date-of-birth validation, and identity verification are enforced. There is zero tolerance for minor access.

Data Subject Rights

Users may exercise their rights under applicable data protection laws, including the right to access, rectify, erase, object to processing, restrict processing, and request data portability.

Requests may be submitted through the user account interface or by contacting [email protected].

Automated Decisions and Profiling

Automated systems may be used for fraud detection, content moderation, and identity verification. All significant decisions are subject to human review.

Appeals may be submitted to [email protected].

Governance and Policy Review

Seacrets conducts Data Protection Impact Assessments (DPIAs) where required and reviews this policy at least annually or upon regulatory or operational changes.

Contact Us

Data Protection Officer (DPO):[email protected]

Policy Changes

Material changes to this Privacy Policy will be communicated at least fifteen (15) days in advance. Continued use of the platform constitutes acceptance of the updated policy.

Version History

Version 0.9: Internal draft – January 1, 2025

Version 1.0: Initial publication – October 15, 2025