How We Use Your Data

5. Purposes of Data Processing

We use your personal data for the following purposes:

5.1 Provide and Improve the Service

• Account Management: Create, maintain, and manage your account
• Matching & Discovery: Show your profile to potential matches based on preferences, location, and compatibility
• Communication: Enable you to send and receive messages, photos, and other content
• Personalization: Customize your experience based on your preferences and behavior
• Recommendations: Suggest potential matches and content you might be interested in
• Service Improvement: Analyze usage patterns to improve features and develop new ones

5.2 Safety, Security & Verification

• Identity Verification: Verify your identity to reduce fake profiles and increase trust (see Section 5.2.1 below for details)
• Fraud Prevention: Detect and prevent fraudulent activity, scams, and abuse
• Content Moderation: Review user-generated content for violations of our Terms, Community Guidelines, and Content & Public Moderation Policy (see Section 9.5 of our Terms of Use). This includes monitoring for explicit nudity, adult sexual content, escort services, adult webcam services, and sale of personal services to maintain compliance with payment processor requirements.
• Security: Protect against unauthorized access, cyberattacks, and security threats
• Age Verification: Ensure all users are 18 years or older (minimum age requirement - see Section 5.2.1 below for details)
• Geographic Compliance: Enforce geographic restrictions in countries where access is blocked due to payment processor compliance requirements (India, UAE, Thailand)
• Spam Prevention: Identify and block spam, bots, and automated accounts

5.2.1 Age Verification & Identity Verification Policy

Mandatory 18+ Age Requirement: Pigkiss is strictly for adults aged 18 years and older. By creating an account, you represent and warrant that you are at least 18 years of age. We take age verification seriously and employ multiple verification methods to ensure compliance.

Verification Methods:

• Email Verification: All users must verify their email address during registration. A verification link is sent to your provided email address, and you must click it to activate your account.
• Phone Verification: All users must verify their phone number during registration. We send a one-time verification code (OTP) via SMS to your provided phone number, which you must enter to complete registration.
• Date of Birth Verification: You must provide your date of birth during registration. Accounts with birthdates indicating users under 18 years of age are automatically rejected.
• Stripe Identity Verification: For enhanced security and trust, we use Stripe Identity (a third-party identity verification service) in the following circumstances:
  • Flagged Profiles: If your profile is flagged by our automated systems or reported by other users for suspicious activity, age concerns, or policy violations, you may be required to complete Stripe Identity verification to continue using the platform.
  • Feature Access: Certain premium features, payment-related features, or high-value transactions may require Stripe Identity verification to prevent fraud and ensure user safety.
  • Voluntary Verification: You may choose to voluntarily verify your identity through Stripe Identity to receive a "Verified" badge on your profile, which increases trust and visibility.

Stripe Identity Verification Process:

When required to complete Stripe Identity verification, you will be asked to:

1. Provide a government-issued photo ID (passport, driver's license, or national ID card)
2. Take a live selfie photo for facial recognition comparison
3. Confirm your personal information (name, date of birth, address)

Data Processing for Verification:

• Stripe Identity processes your ID document and selfie photo to verify your identity and age
• Biometric data (facial recognition) is used solely for verification purposes and is deleted after verification is complete
• We receive only the verification result (verified/not verified) and basic information (name, date of birth) from Stripe
• Your ID document images are stored securely by Stripe in compliance with GDPR and are not shared with Pigkiss
• You can request deletion of your verification data by contacting Stripe directly or through our support team

Consequences of Failed Verification:

• If you fail to complete required verification within the specified timeframe, your account may be suspended or terminated
• If verification reveals you are under 18 years of age, your account will be immediately and permanently terminated
• Providing false information or fraudulent documents will result in immediate account termination and may be reported to authorities

Legal Basis for Verification:

• Age verification is required to comply with legal obligations (GDPR Article 6(1)(c)) and to protect minors
• Identity verification is based on our legitimate interests (GDPR Article 6(1)(f)) in preventing fraud, ensuring user safety, and complying with payment processor requirements
• Biometric data processing for verification is based on your explicit consent (GDPR Article 9(2)(a))

Third-Party Verification Provider:

We use Stripe Identity as our identity verification service provider. Stripe Identity is a trusted, GDPR-compliant verification service operated by Stripe, Inc. For more information about how Stripe processes your data, please review Stripe's Privacy Policy.

5.3 Customer Support

• Respond to your inquiries and support requests
• Investigate and resolve complaints
• Process reports of inappropriate content or behavior
• Provide technical assistance

5.4 Analytics & Research

• Understand how users interact with the Service
• Analyze trends and usage patterns
• Conduct research to improve matching algorithms
• Generate aggregated, anonymized statistics
• Measure the effectiveness of features and campaigns

5.5 Marketing & Communications

• Send you service-related notifications (account updates, security alerts)
• Send marketing communications (with your consent) about new features, promotions, and events
• Personalize advertising on and off the Service
• Measure the effectiveness of marketing campaigns

5.6 Legal & Compliance

• Comply with legal obligations and regulatory requirements
• Respond to lawful requests from law enforcement and government authorities
• Enforce our Terms of Use and other policies
• Protect our rights, property, and safety, and that of our users
• Resolve disputes and investigate violations

6. Data Sharing & Disclosure

We do not sell your personal data to third parties. However, we may share your data in the following circumstances:

6.1 With Other Users

Your profile information (photos, bio, preferences, location) is visible to other users of the Service as part of the core functionality. You control what information you include in your profile.

When you match with another user or send a message, they can see:

• Your profile information
• Your messages and shared content
• Your online status (if enabled)
• Your approximate location (city/region)

6.2 With Service Providers

We share data with third-party service providers who perform services on our behalf, including:

• Cloud Hosting: Amazon Web Services (AWS), Google Cloud Platform
• Payment Processing: Stripe, PayPal
• Analytics: Google Analytics, Mixpanel
• Customer Support: Zendesk, Intercom
• Email Services: SendGrid, Mailchimp
• SMS Services: Twilio
• Identity Verification: Stripe Identity (for age and identity verification)
• Content Delivery: Cloudflare, Fastly

These service providers are contractually obligated to:

• Process data only for the purposes we specify
• Implement appropriate security measures
• Comply with GDPR and other applicable data protection laws
• Not use your data for their own purposes

6.3 With Advertising Partners (With Your Consent)

If you consent to advertising cookies, we may share limited data with advertising partners to deliver personalized ads:

• Google Ads: Advertising and remarketing
• Facebook/Meta: Advertising and analytics
• TikTok: Advertising

You can manage your advertising preferences through our Cookie Settings.

6.4 For Legal Reasons

We may disclose your data if required by law or if we believe in good faith that such disclosure is necessary to:

• Comply with legal obligations, court orders, or lawful requests from authorities
• Enforce our Terms of Use and other agreements
• Protect the rights, property, or safety of Pigkiss, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues
• Respond to claims of illegal content or violations of third-party rights

6.5 Business Transfers

If Pigkiss is involved in a merger, acquisition, bankruptcy, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service of any change in ownership or use of your personal data.

6.6 With Your Consent

We may share your data with third parties when you explicitly consent to such sharing.

7. International Data Transfers

Pigkiss operates globally, and your personal data may be transferred to, stored, and processed in countries outside the European Economic Area (EEA), including the United States.

When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses with our service providers
• Adequacy Decisions: We transfer data to countries recognized by the European Commission as providing adequate data protection
• Additional Safeguards: We implement supplementary measures such as encryption and access controls

You have the right to obtain information about the safeguards we use for international transfers. Contact our Data Protection Officer at dpo@pigkiss.com for more information.

8. Automated Decision-Making & Profiling

We use automated systems and algorithms to provide and improve the Service, including:

8.1 Matching Algorithm

Our matching algorithm uses your profile information, preferences, and behavior to suggest potential matches. This involves automated decision-making and profiling.

How it works:

• Analyzes your preferences (age range, location, gender, interests)
• Considers your activity (profiles you like, messages you send)
• Uses machine learning to predict compatibility
• Ranks and displays potential matches

Your rights: Under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. Our matching algorithm does not produce such effects, as it only suggests potential matches - you always have full control over who you interact with.

8.2 Content Moderation

We use automated systems to detect and remove content that violates our Terms and Community Guidelines (e.g., spam, inappropriate images, hate speech).

If your content is removed by an automated system, you can:

• Request human review of the decision
• Appeal the decision through our support system
• Contact us at support@pigkiss.com

8.3 Fraud & Spam Detection

We use automated systems to detect and prevent fraudulent activity, fake accounts, and spam. This may result in account suspension or termination.

If your account is suspended due to automated fraud detection, you can contact us at support@pigkiss.com to request a review.

Contact us at dpo@pigkiss.com to exercise these rights.

Your Privacy Rights

9. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights regarding your personal data:

9.1 Right of Access (Article 15)

You have the right to obtain confirmation as to whether we are processing your personal data and, if so, to access that data along with information about:

• The purposes of processing
• The categories of personal data
• The recipients or categories of recipients
• The retention period
• Your other GDPR rights
• The source of the data (if not collected from you)
• The existence of automated decision-making

How to exercise: Go to Settings → Privacy → Download My Data, or email dpo@pigkiss.com

9.2 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

How to exercise: Update your information in Settings → Edit Profile, or contact us at support@pigkiss.com

9.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data in the following circumstances:

• The data is no longer necessary for the purposes for which it was collected
• You withdraw consent (where processing is based on consent)
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• The data must be erased to comply with a legal obligation

Limitations: We may retain certain data if necessary for:

• Compliance with legal obligations
• Establishment, exercise, or defense of legal claims
• Freedom of expression and information
• Public interest, scientific, historical research, or statistical purposes

How to exercise: Go to Settings → Account → Delete Account, or email dpo@pigkiss.com

9.4 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., JSON, CSV) and to transmit that data to another controller.

This right applies to data:

• You provided to us
• Processed based on consent or contract
• Processed by automated means

How to exercise: Go to Settings → Privacy → Download My Data, or email dpo@pigkiss.com

9.5 Right to Restriction of Processing (Article 18)

You have the right to request that we restrict processing of your personal data in the following cases:

• You contest the accuracy of the data (for a period enabling us to verify accuracy)
• Processing is unlawful and you oppose erasure and request restriction instead
• We no longer need the data, but you need it for legal claims
• You have objected to processing (pending verification of whether our legitimate grounds override yours)

How to exercise: Email dpo@pigkiss.com with your request

9.6 Right to Object (Article 21)

You have the right to object to processing of your personal data based on:

• Legitimate interests: You can object at any time. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for legal claims.
• Direct marketing: You can object at any time, and we will stop processing for marketing purposes.
• Scientific/historical research or statistics: You can object unless processing is necessary for a public interest task.

How to exercise: For marketing: Click "Unsubscribe" in emails or go to Settings → Notifications. For other objections: Email dpo@pigkiss.com

9.7 Right to Withdraw Consent (Article 7(3))

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

How to exercise:

• Location data: Settings → Privacy → Location Services
• Marketing emails: Click "Unsubscribe" or Settings → Notifications
• Cookies: Cookie Settings (banner) or Settings → Privacy → Cookies
• Other consents: Email dpo@pigkiss.com

9.8 Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

French Supervisory Authority (CNIL):

Commission Nationale de l'Informatique et des Libertés (CNIL)
3 Place de Fontenoy
TSA 80715
75334 Paris Cedex 07
France
Website: www.cnil.fr
Phone: +33 1 53 73 22 22

You can also file a complaint online at: https://www.cnil.fr/fr/plaintes

9.9 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you.

You can request:

• Human intervention in the decision
• An explanation of the decision
• The ability to contest the decision

How to exercise: Email dpo@pigkiss.com

10. How to Exercise Your Rights

10.1 In-App Settings

Many rights can be exercised directly through your account settings:

• Settings → Edit Profile: Update your information (Right to Rectification)
• Settings → Privacy → Download My Data: Access and export your data (Right of Access, Data Portability)
• Settings → Account → Delete Account: Delete your account and data (Right to Erasure)
• Settings → Notifications: Manage marketing preferences (Right to Object)
• Settings → Privacy: Manage location, cookies, and other privacy settings (Withdraw Consent)

10.2 Contact Our Data Protection Officer

For rights that cannot be exercised through settings, or if you need assistance, contact our Data Protection Officer:

Data Protection Officer
Email: dpo@pigkiss.com
Subject Line: "GDPR Rights Request - [Your Right]"

Please include:

• Your full name and email address associated with your account
• The specific right you wish to exercise
• Any relevant details or context
• Proof of identity (if required for security purposes)

10.3 Response Time

We will respond to your request:

• Within 1 month of receiving your request (GDPR Article 12(3))
• Extended to 2 months if the request is complex or we receive multiple requests (we will inform you of the extension and reasons)

10.4 Verification

To protect your privacy and security, we may need to verify your identity before processing your request. We may ask for:

• Confirmation of your email address or phone number
• Answers to security questions
• Government-issued ID (in exceptional cases)

10.5 No Fee

Exercising your GDPR rights is free of charge. However, if your requests are manifestly unfounded or excessive (e.g., repetitive), we may charge a reasonable fee or refuse to act on the request.

11. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law.

11.1 Retention Periods

• Active Account Data: Retained while your account is active
• Deleted Account Data: Most data deleted within 30 days of account deletion; some data retained for legal/safety reasons (see below)
• Messages: Retained while your account is active; deleted when you delete your account (except messages sent to others, which remain in their accounts)
• Payment Data: Retained for 7 years (French tax law requirement)
• Support Tickets: Retained for 3 years
• Verification Data: Retained for 1 year after verification
• Cookies: Varies by type (see Section 12)
• Logs & Analytics: Retained for 13 months (CNIL recommendation)

11.2 Legal Retention Requirements

We may retain certain data longer if required by law, including:

• Accounting and tax records (7 years - French Commercial Code)
• Data related to legal claims or disputes (until resolution + statute of limitations)
• Data required for regulatory compliance

11.3 Safety & Security Retention

We may retain certain data for safety and security purposes, including:

• Information about banned users (to prevent re-registration)
• Reports of violations (to investigate and prevent abuse)
• Fraud and security incident data (to protect users and the Service)

11.4 Anonymized Data

We may retain anonymized or aggregated data indefinitely for analytics, research, and service improvement. This data cannot be used to identify you and is not subject to GDPR.

12. Cookies & Similar Technologies

12.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and improve your experience.

12.2 Types of Cookies We Use

Strictly Necessary Cookies (No Consent Required):

• Purpose: Essential for the Service to function (authentication, security, load balancing)
• Examples: Session cookies, security tokens, load balancer cookies
• Retention: Session (deleted when you close your browser) or up to 1 year
• Legal Basis: Legitimate interest (GDPR Article 6(1)(f))

Functional/Preference Cookies (No Consent Required):

• Purpose: Remember your preferences and settings (language, theme, location)
• Examples: Language preference, dark mode setting
• Retention: Up to 1 year
• Legal Basis: Legitimate interest (GDPR Article 6(1)(f))

Analytics Cookies (Consent Required):

• Purpose: Understand how you use the Service, measure performance, identify issues
• Examples: Google Analytics, Mixpanel
• Retention: Up to 13 months
• Legal Basis: Consent (GDPR Article 6(1)(a))

Advertising/Marketing Cookies (Consent Required):

• Purpose: Deliver personalized ads, measure ad effectiveness, retargeting
• Examples: Facebook Pixel, Google Ads, TikTok Pixel
• Retention: Up to 13 months
• Legal Basis: Consent (GDPR Article 6(1)(a))

12.3 Managing Cookies

You can manage your cookie preferences:

• Cookie Banner: When you first visit, you can accept or reject non-essential cookies
• Cookie Settings: Click "Cookie Settings" in the footer or go to Settings → Privacy → Cookies
• Browser Settings: Most browsers allow you to block or delete cookies. See your browser's help section for instructions.

Note: Blocking strictly necessary cookies may prevent the Service from functioning properly.

12.4 Third-Party Cookies

Some cookies are set by third-party services we use (e.g., Google Analytics, Facebook). These third parties have their own privacy policies:

• Google: https://policies.google.com/privacy
• Facebook: https://www.facebook.com/privacy/explanation

12.5 Do Not Track

Some browsers have a "Do Not Track" (DNT) feature. We do not currently respond to DNT signals, but you can manage cookies through our Cookie Settings.

Contact & Policy Updates

13. Contact Information

13.1 Data Controller

Pigkiss
[Company Legal Name]
[Registered Address]
[City, Postal Code]
France
Email: legal@pigkiss.com

13.2 Data Protection Officer (DPO)

Data Protection Officer
Email: dpo@pigkiss.com
Subject Line: "Data Protection Inquiry"

Our DPO is responsible for:

• Overseeing data protection strategy and GDPR compliance
• Handling data subject rights requests
• Serving as point of contact for supervisory authorities
• Conducting data protection impact assessments
• Providing guidance on data protection matters

13.3 Customer Support

For general questions or support:
Email: support@pigkiss.com
In-App: Settings → Help & Support

13.4 Safety & Trust

To report safety concerns or inappropriate content:
Email: safety@pigkiss.com
In-App: Report button on profiles and messages

14. Changes to This Privacy Policy

14.1 Notification of Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email (to the address associated with your account)
• Display a prominent notice in the Service
• For material changes, provide at least 30 days' notice before the changes take effect

14.2 Material Changes

For material changes that significantly affect your rights or how we process your data, we will:

• Provide clear notice of the changes
• Explain the impact on your data
• Give you the opportunity to review the changes before they take effect
• Where required by law, obtain your consent to the changes

14.3 Your Acceptance

Your continued use of the Service after the effective date of changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you may delete your account.

14.4 Previous Versions

We maintain an archive of previous versions of this Privacy Policy. To request a previous version, contact dpo@pigkiss.com.

15. Children's Privacy

Pigkiss is not intended for individuals under the age of 18. We do not knowingly collect personal data from children under 18.

If we become aware that we have collected personal data from a child under 18, we will:

• Delete the data as soon as possible
• Terminate the account
• Take steps to prevent future access

If you believe we have collected data from a child under 18, please contact us immediately at safety@pigkiss.com.

16. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

16.1 Technical Measures

• Encryption: Data in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Role-based access, multi-factor authentication for staff
• Firewalls: Network security and intrusion detection systems
• Secure Servers: Industry-standard cloud infrastructure (AWS, GCP)
• Regular Backups: Encrypted backups with secure storage
• Vulnerability Scanning: Regular security audits and penetration testing

16.2 Organizational Measures

• Staff Training: Regular data protection and security training
• Confidentiality Agreements: All staff sign confidentiality agreements
• Data Minimization: Collect only necessary data
• Access Limitation: Data access limited to authorized personnel
• Incident Response: Procedures for detecting and responding to breaches
• Vendor Management: Due diligence on third-party processors

16.3 Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority (CNIL) within 72 hours (GDPR Article 33)
• Notify affected users without undue delay (GDPR Article 34)
• Provide information about the breach, its likely consequences, and measures taken
• Take steps to mitigate the breach and prevent future incidents

16.4 Your Responsibility

You are responsible for:

• Keeping your password secure and confidential
• Logging out of shared devices
• Notifying us of any unauthorized access to your account
• Using strong, unique passwords
• Enabling two-factor authentication (if available)

17. Additional Information for Specific Regions

17.1 France

If you are a resident of France, you have additional rights under the French Data Protection Act (Loi Informatique et Libertés), including:

• The right to define directives regarding the fate of your data after your death (Article 85)
• The right to object to processing for commercial prospecting purposes
• The right to lodge a complaint with CNIL (see Section 9.8)

To exercise your post-mortem rights, contact dpo@pigkiss.com.

17.2 European Union

If you are a resident of the EU, you benefit from all GDPR rights described in this policy. You can also use the European Commission's Online Dispute Resolution platform: https://ec.europa.eu/consumers/odr

17.3 California (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA). For more information, see our CCPA Privacy Notice.

18. Third-Party Links

The Service may contain links to third-party websites, services, or content. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal data.

19. Language

This Privacy Policy is provided in English and French. In case of any discrepancy between versions, the French version shall prevail as required by French law.

---

Effective Date: January 2025

Last Updated: January 2025

By using Pigkiss, you acknowledge that you have read, understood, and agree to this Privacy Policy.

If you have any questions or concerns about this Privacy Policy or our data practices, please contact our Data Protection Officer at dpo@pigkiss.com.