Privacy Policy (GDPR Compliance Statement)

Effective Date: October 3, 2025

This policy outlines how the website owner (the "Data Controller") collects, processes, and protects your personal data when you visit this website, in compliance with the General Data Protection Regulation (GDPR).

1. Data Controller Contact Details

For all privacy-related inquiries, please contact:

PGP
Queendomia.com

2. Data Collected and Processed

We collect and process certain technical data automatically whenever you access our website. Users may also voluntarily provide optional profile information. All stored data is cryptographically secured immediately upon collection.

Data Type	Status	Purpose of Collection
IP Address / Email	Encrypted (Deterministic + HMAC)	Security, Ban Enforcement, Access Control
Hostname / Port / Country	Encrypted (High-Entropy Undeterministic + HMAC)	Security, Network Analysis
User Agent (Browser/OS details)	Encrypted (High-Entropy Undeterministic + HMAC)	Statistical Analysis, Troubleshooting
HTTP Referer (Previous Website)	Encrypted (High-Entropy Undeterministic + HMAC)	Marketing and Statistical Analysis
Request URI (Page Accessed)	Encrypted (High-Entropy Undeterministic + HMAC)	Functionality and Page Hit Statistics
Messages / Profiles	Encrypted (High-Entropy Undeterministic + HMAC)	Audit Trails and Chronology

Technical Security & Encryption: All collected data points are encrypted or hashed immediately using advanced cryptographic functions. This ensures that the data is pseudonymous and cannot be read in plain text by unauthorized parties.

3. Community Verification and Privacy

To help maintain an adult-only community and reduce spam, bots, and abusive access, some areas of the site may require manual community verification. We follow the principle of data minimization and collect only the information necessary for this process.

Verification Selfie: Users may be asked to submit a selfie holding a handwritten note with their username, a custom phrase, and the current date for manual review.
Birth Year Verification: During registration, users may be asked to provide their birth year for temporary adult community verification purposes. This temporary verification data is deleted after review.
No Official ID Required: We do not require passports, identity cards, driving licenses, or other official identification documents.
Secure Processing: Submitted images and temporary verification data are stored in encrypted form only for the duration of the manual review process.
Data Handling: After review, verification selfies and temporary birth year verification data are permanently deleted. Only the verification result (approved or rejected) is stored in the system.

Verification selfies are used solely for manual age estimation and adult community verification purposes. We do not use facial recognition technology, do not create biometric templates or identifiers, and do not use submitted images for AI training, machine learning, profiling, or automated decision-making.

We apply data minimization and privacy-focused review practices when handling verification images. Verification is performed manually by the Data Controller only when necessary for community safety and abuse prevention.

4. Purpose and Legal Basis for Processing

We process the personal data listed above for the following purposes:

Purpose of Processing	Legal Basis (GDPR Art. 6)
Website Security & Ban Enforcement	Legitimate Interests (Article 6(1)(f)). Necessary for preventing abuse, mitigating attacks, and enforcing bans.
Functionality and Page Hit Statistics	Legitimate Interests (Article 6(1)(f)). Necessary for monitoring traffic and technical stability.

5. Data Retention

All stored connection and profile data is encrypted. We retain your personal information only as long as you remain a registered member of our community.

Verification Selfies: Verification selfies submitted for manual community approval are stored only temporarily during the review process and are permanently deleted after approval or rejection.
Optional Profile Information: Users may voluntarily add optional profile details such as pet name, birth year, horoscope, location, personal preferences, or skills. This information is encrypted and stored only if the user chooses to provide it.
Account Data: Your profile, task history, and credits are stored until you request account deletion. You may request the permanent removal of your data at any time by contacting support.
Statistical Data: General page hit counts are retained indefinitely.
Archived Connection Logs: Retained for 1 year for security analysis.
Ban List Data: Retained indefinitely to ensure security bans remain effective.

6. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right of Access (Art. 15): You may request a copy of your data.
Right to Rectification (Art. 16): Right to correct inaccurate data.
Right to Data Portability (Art. 20): You may request your personal data in a structured, commonly used, and machine-readable format.
Right to Restriction of Processing (Art. 18): You may request that we temporarily limit the processing of your personal data under certain circumstances.
Right to Object (Art. 21): You may object to processing based on legitimate interests where applicable.
Right to Erasure (Art. 17): Right to request the deletion of your data.

7. Security Measures

We employ a "Security by Design" approach. All sensitive fields are hashed or encrypted before database entry.

8. Image Security and Private Interaction

All sensitive identification media is stored in an encrypted format within our secure database, rather than as standard files. Profile pictures and task proofs are kept in non-public directories. Access to all media is strictly limited to the Data Controller ("The Goddess") and is protected by strong encryption.

To ensure maximum privacy, there is no user-to-user interaction on this website. Users cannot see each other, search for other profiles, or access any media uploaded by others.

Our system automatically strips all EXIF metadata (GPS, camera IDs) and renames files to random strings.

9. Changes to this Policy

We reserve the right to modify or update this Privacy Policy at any time to reflect changes in our practices or legal obligations. The "Effective Date" at the top will indicate when the latest revisions were made. We encourage you to review this page periodically.

10. Cookies and Tracking

We use only essential cookies to ensure the website functions correctly:

Session Cookies: Used for managing your login and shopping cart.
Language Cookie: A persistent cookie used solely to remember your preferred language setting for future visits.
No Tracking: We do not use any third-party tracking or marketing cookies.

11. Data Processors and Hosting

Our servers are located in Amsterdam, Netherlands (EU). Your data remains within the EEA and is protected by EU data protection laws.

Payments are processed via NowPayments. We prioritize anonymity: we do not require, ask for, or store any credit card information, as all transactions occur securely between you and the payment provider. We do not see your personal wallet addresses, and your purchase history is kept strictly confidential.

12. Marketing and Communications

We do not engage in automated direct marketing. Newsletter subscription is a separate, manual double-opt-in process (will found at here). We never sell your data to third parties.

Strict Policy: We DO NOT sell, trade, or rent your personal information to others.

13. Right to Complain

If you believe your data is being processed in violation of the GDPR, you have the right to lodge a complaint with a supervisory authority, such as the Office of the Data Protection Ombudsman in Finland.

14. Data Subject Request Workflow

We handle GDPR-related requests manually through our support email system to ensure privacy, security, and proper identity verification.

Access Requests: Users may request a copy of their stored personal data.
Deletion Requests: Users may request permanent account deletion and removal of eligible personal data.
Identity Verification: To prevent unauthorized access, we may request verification that the requester controls the associated account or email address before processing sensitive requests.
Response Time: We aim to respond to GDPR-related requests within 30 days as required under GDPR.
Manual Processing: All requests are reviewed manually by the Data Controller.

15. International Data Transfers

We primarily store and process data within the European Economic Area (EEA). If a third-party provider processes limited technical data outside the EEA, we ensure appropriate safeguards such as GDPR-compliant contractual protections or adequacy decisions are applied.

16. Automated Decision-Making

We do not use fully automated decision-making or profiling that produces legal or similarly significant effects on users under GDPR Article 22. Important moderation and verification decisions are reviewed manually.

17. Adult Community and Age Restrictions

This website is intended exclusively for adults. We do not knowingly collect personal data from minors. If we become aware that underage data has been submitted, the information will be removed as quickly as reasonably possible.

18. Data Breach Procedures

If a personal data breach is detected that may pose a risk to user rights or freedoms, we will investigate the incident promptly and take appropriate mitigation measures. Where legally required, affected users and supervisory authorities will be notified in accordance with GDPR Articles 33 and 34.

19. Account Security Responsibilities

Users are responsible for maintaining the confidentiality of their login credentials and for securing access to their own devices and email accounts. We recommend using strong unique passwords and two-factor authentication whenever available.

20. Transparency Commitment

We aim to explain our privacy and security practices in clear language rather than relying solely on legal terminology. If any section of this policy is unclear, users may contact us for clarification.