Privacy policy

This Privacy policy describes how UrLittleSecret ("we," "us," or "the Site") collects, uses, and discloses your personal data when you use our services. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

We collect information that falls into the following categories:

Data Provided by Users (Advertisers)

Identity and Contact Data: Name, email address, telephone number,
Verification Data: Documents or information required for age and identity verification (e.g., photo ID, utility bills). This data is handled with extreme sensitivity and deleted after verification where possible.
Payment Data: Billing details and transaction history. We do not store full payment card details.

Data Collected Automatically (All Users)

Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, operating system, and platform.
Usage Data: Information about how you use our website, including pages viewed, time spent on pages, and referring sites. This is primarily collected via Google Analytics (see our Cookie Policy for details).
Location Data: Approximate geographical location derived from your IP address.

3. How We Use Your Personal Data (Legal Basis)

We process your data for the following purposes and rely on the corresponding legal bases:

Purpose of Processing	Legal Basis under UK GDPR
To manage your account and provide advertising services.	Performance of a Contract.
To verify your age and identity as required by UK law.	Legal Obligation and Public Interest (for protecting children and complying with Digital Economy Act 2017).
To analyse site usage via Google Analytics and improve service functionality.	Legitimate Interests (improving our business and website).
To send service-related emails and updates.	Legitimate Interests / Performance of a Contract.
To detect and prevent fraudulent, criminal, or illegal activity (e.g., prostitution, trafficking).	Legal Obligation / Public Interest.

4. Disclosure of Your Personal Data

We may share your data with the following third parties:

Service Providers: IT and system administration services, payment processors, and hosting providers.
Legal Authorities: We will disclose personal data when legally required to do so, for example, in response to a court order, police investigation, or to comply with the Sexual Offences Act 2003 or related legislation.
Age/Identity Verification Partners: Dedicated third-party services that process your verification data securely.

We require all third parties to respect the security of your personal data and treat it in accordance with UK law.

5. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. This includes encryption, pseudonymisation, and restricted access controls. Only authorised employees and third parties who need the data to perform their job are granted access, and they are subject to a duty of confidentiality.

6. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Account Data: Retained for the duration of your active account plus a reasonable period thereafter to meet legal and audit obligations.
Verification Data: Identity documents are typically deleted immediately after successful verification, with only a hashed proof of verification retained.

7. Your Legal Rights (UK GDPR)

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include:

The right to Access your personal data (Subject Access Request).
The right to Rectification if your data is inaccurate or incomplete.
The right to Erasure (the right to be forgotten).
The right to Restrict processing.
The right to Object to processing (e.g., for direct marketing).
The right to Data Portability.
The right to Withdraw Consent (where consent is the legal basis for processing).

You can exercise any of these rights by contacting us using the details provided in Section 1. You also have the right to make a complaint at any time to the UK supervisory authority for data protection issues, the Information Commissioner’s Office (ICO).