Privacy Policy

Article 1: Introduction and Definitions

1.1 Our Commitment: Adult Model Protection ("AMP," "we," "us," or "our") is dedicated to protecting both your digital content and your personal privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our content protection platform and services.

1.2 Scope: This policy applies to all interactions with our platform at www.adultmodelprotection.com, including our website, web application, dashboards, mobile interfaces, and all related services. By accessing or using our services, you acknowledge that you have read, understood, and consent to the practices described herein.

1.3 Data Controller: For the purposes of GDPR and applicable data protection laws, Adult Model Protection acts as the data controller for personal information collected through our platform.

1.4 Key Definitions:

"Personal Data" — Any information relating to an identified or identifiable natural person, including name, email address, billing information, account credentials, IP address, and online identifiers.

"Sensitive Personal Data" — Special categories of data requiring enhanced protection, including data revealing racial or ethnic origin, health information, biometric data, or sexual orientation.

"User," "You," or "Client" — The content creator, individual, or business entity that subscribes to or uses our protection services.

"Services" — All content monitoring, detection, takedown assistance, evidence collection, and related protection services we provide.

"Platform" — Our website, web application, dashboards, APIs, and all associated digital tools accessible through www.adultmodelprotection.com.

"Processing" — Any operation performed on personal data, whether automated or manual, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, alignment, combination, restriction, erasure, or destruction.

"Automated Processing" — Processing of personal data by automated means, including our content scanning and monitoring systems, without human intervention in the decision-making process.

"Data Subject" — The individual to whom personal data relates (i.e., you, the user of our services).

1.5 Legal Framework: We process your data in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable privacy laws. Where local laws provide greater protection, those standards apply.

Article 2: Information We Collect

2.1 Data Minimization Principle: We collect and process personal information only when necessary to provide our services, fulfill legal obligations, or with your explicit consent. We are committed to collecting the minimum data required to deliver effective content protection.

2.2 Information You Provide Directly: When you create an account, subscribe to services, or contact us, you may provide:

• Identity Information: Full name, stage name(s), and professional aliases

• Contact Information: Email address, phone number, and physical address

• Billing Information: Payment card details (processed securely by our payment provider), billing address, VAT number, and company name if applicable

• Account Credentials: Username and password (stored in encrypted form)

• Content Identifiers: Model names, platform usernames, social media handles, and website URLs you authorize us to monitor

• Reference Content: Images or content samples you provide for identification purposes (see Article 3 for handling details)

• Communications: Messages, support tickets, and correspondence with our team

2.3 Information Collected Automatically: When you use our platform, we automatically collect:

• Device Information: Browser type, operating system, device identifiers, and screen resolution

• Network Information: IP address, approximate geographic location (country/region level), and internet service provider

• Usage Data: Pages visited, features used, click patterns, session duration, and interaction timestamps

• Technical Logs: Error reports, performance metrics, and diagnostic information

2.4 Information from Third Parties: We may receive information from:

• Payment Processors: Transaction confirmations and billing status (we do not receive full card numbers)

• Identity Verification Services: Verification results when you complete KYC (Know Your Customer) processes

• Platform APIs: Public profile information from platforms you authorize us to monitor

2.5 What We Do NOT Collect: We do not collect:

• Passwords in plain text (all passwords are cryptographically hashed)

• Biometric data without explicit consent and legal basis

• Information about your racial or ethnic origin, political opinions, religious beliefs, or health status

• Data from children under 18 years of age

Article 3: Content Monitoring and Scanning Practices

3.1 Nature of Our Service: AMP provides automated content monitoring services that scan publicly accessible websites, search engines, and platforms to detect unauthorized distribution of your protected content. Understanding how this process works is essential to your privacy.

3.2 What Our Scanning Systems Collect: During monitoring operations, our systems may collect:

• URLs: Web addresses where potential matches are detected

• Screenshots: Visual captures of pages containing suspected infringing content

• Metadata: Page titles, timestamps, platform identifiers, and technical information about detected content

• Search Results: Aggregated search engine results related to your monitored identifiers

3.3 Important Clarification — We Do NOT Store Your Explicit Content: AMP does not download, store, or retain copies of your actual explicit content. Our systems:

• Capture only screenshots of web pages (not the underlying media files)

• Store URLs and metadata as evidence for takedown requests

• Do not create or maintain a library of your protected content

• Process reference images you provide solely for matching purposes, with appropriate security measures

3.4 Retention of Monitoring Data: Evidence collected during monitoring is retained:

• For the duration of your active subscription

• Plus 90 days after subscription termination for service continuity

• Longer if required for pending legal matters or regulatory compliance

3.5 Sensitive Content Handling: We recognize that content we help protect may be sensitive in nature. We implement enhanced safeguards including:

• Restricted access to monitoring data (authorized personnel only)

• Encryption of all stored evidence

• Secure deletion protocols when data is no longer needed

• Staff training on handling sensitive materials professionally and respectfully

3.6 Limitations of Monitoring: Our monitoring covers publicly accessible content only. We cannot scan private groups, encrypted messaging platforms, dark web sites, or password-protected areas. See our Terms of Service for complete monitoring limitations.

Article 4: How We Use Your Information

4.1 Purpose Limitation: We use your personal data only for the specific purposes disclosed in this policy. We will not use your data for incompatible purposes without obtaining your consent.

4.2 Primary Service Purposes:

• Content Protection: To monitor for unauthorized distribution, detect potential infringements, and facilitate takedown requests

• Account Management: To create, maintain, secure, and authenticate your account

• Service Delivery: To provide dashboards, reports, alerts, and protection features

• Customer Support: To respond to inquiries, resolve issues, and provide assistance

• Billing and Payments: To process subscriptions, generate invoices, and manage transactions

4.3 Secondary Purposes:

• Service Improvement: To analyze usage patterns, identify issues, and enhance our platform

• Security: To detect fraud, prevent abuse, and protect our systems and users

• Communications: To send service updates, security alerts, and important notifications

• Marketing: To send newsletters and promotional content (only with your explicit consent)

4.4 Legal Basis for Processing (GDPR Article 6):

• Contractual Necessity (Art. 6(1)(b)): Processing necessary to perform our service agreement with you

• Consent (Art. 6(1)(a)): Where you have given clear consent for specific processing activities

• Legitimate Interests (Art. 6(1)(f)): Processing necessary for our legitimate business interests, balanced against your rights

• Legal Obligation (Art. 6(1)(c)): Processing required to comply with applicable laws

4.5 Legitimate Interests Assessment: Where we rely on legitimate interests, we have conducted balancing tests to ensure our interests do not override your fundamental rights. Our legitimate interests include: preventing fraud, ensuring network security, improving services, and direct marketing to existing customers.

Article 5: AI and Automated Processing Transparency

5.1 Use of Automated Systems: AMP employs automated systems, including artificial intelligence and machine learning technologies, to deliver our content protection services. This section explains how these systems work and your rights regarding automated processing.

5.2 Automated Processing Activities:

• Content Scanning: Automated crawlers search publicly accessible websites and search engines for content matching your protected identifiers

• Pattern Matching: Algorithms compare detected content against your registered model names, usernames, and reference materials

• Risk Assessment: Automated scoring systems evaluate the likelihood that detected content represents unauthorized distribution

• Alert Generation: Systems automatically generate notifications when potential matches are detected

5.3 Human Oversight: While our systems are automated, human oversight is maintained:

• Takedown requests are reviewed before submission to ensure accuracy

• You can review and approve or reject detected matches in your dashboard

• Our support team is available to address questions about automated decisions

5.4 GDPR Article 22 Compliance: Our automated processing does not produce legal effects or similarly significantly affect you without human involvement. Specifically:

• Automated detection results are presented as recommendations, not final decisions

• You retain control over which detected content to pursue for takedown

• Account status decisions (suspension, termination) involve human review

• You may request human review of any automated assessment

5.5 Right to Explanation: You have the right to request meaningful information about the logic involved in our automated processing, including how our matching algorithms work and what factors influence risk scores.

5.6 Opting Out: While automated scanning is core to our service, you may request manual review of specific results or express concerns about automated processing by contacting our support team.

Article 6: Your Privacy Rights (GDPR)

6.1 Your Fundamental Rights: Under the General Data Protection Regulation and applicable data protection laws, you have comprehensive rights regarding your personal information. We are committed to honoring these rights promptly and transparently.

6.2 Right of Access (Art. 15): You may request confirmation of whether we process your personal data and, if so, access to:

• The categories of data we hold about you

• The purposes of processing

• Recipients or categories of recipients

• Retention periods

• Information about your rights

• The source of data (if not collected directly from you)

• Information about automated decision-making, including profiling

6.3 Right to Rectification (Art. 16): You have the right to obtain correction of inaccurate personal data and completion of incomplete data without undue delay.

6.4 Right to Erasure (Art. 17): You may request deletion of your personal data when:

• The data is no longer necessary for its original purpose

• You withdraw consent (where consent was the legal basis)

• You object to processing and no overriding legitimate grounds exist

• The data was unlawfully processed

• Erasure is required by legal obligation

6.5 Right to Restriction (Art. 18): You may request restriction of processing while we verify data accuracy, assess objections, or determine whether to erase unlawfully processed data.

6.6 Right to Data Portability (Art. 20): You may receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV) and transmit it to another controller.

6.7 Right to Object (Art. 21): You may object to processing based on legitimate interests or for direct marketing. For direct marketing objections, we will cease processing immediately.

6.8 Rights Related to Automated Processing (Art. 22): You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you, with exceptions for contractual necessity or explicit consent.

6.9 Right to Withdraw Consent (Art. 7): Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Article 7: California Privacy Rights (CCPA/CPRA)

7.1 Applicability: If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with specific rights regarding your personal information.

7.2 Your California Rights:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you

• Right to Delete: Request deletion of personal information we have collected (subject to certain exceptions)

• Right to Correct: Request correction of inaccurate personal information

• Right to Opt-Out: Opt out of the sale or sharing of personal information (Note: We do not sell personal information)

• Right to Limit: Limit the use and disclosure of sensitive personal information

• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights

7.3 Categories of Information Collected: In the preceding 12 months, we have collected: identifiers, commercial information, internet activity, geolocation data, and professional information.

7.4 No Sale of Personal Information: We do not sell your personal information to third parties. We do not share personal information for cross-context behavioral advertising.

7.5 Exercising California Rights: To exercise your rights, contact us at support@adultmodelprotection.com or use the methods described in Article 15. We will verify your identity before processing requests.

7.6 Authorized Agents: You may designate an authorized agent to submit requests on your behalf. We may require verification of the agent's authority and your identity.

7.7 Response Timing: We will respond to verifiable requests within 45 days, with a possible 45-day extension for complex requests (with notice).

Article 8: Exercising Your Rights and Verification

8.1 How to Submit Requests: You may exercise your privacy rights by:

• Email: support@adultmodelprotection.com (subject line: "Privacy Rights Request")

• Dashboard: Using the privacy controls in your account settings

• Written Request: Sending a letter to our contact address

8.2 Information Required: Please include:

• Your full name and email address associated with your account

• The specific right(s) you wish to exercise

• Any relevant details to help us locate your data

• Preferred format for data portability requests (JSON or CSV)

8.3 Identity Verification Process: To protect your privacy, we must verify your identity before processing requests:

• Standard Verification: Confirmation via the email address associated with your account

• Enhanced Verification: For sensitive requests (deletion, data export), we may require additional verification such as answering security questions or providing government-issued ID

• Authorized Agents: If submitting on behalf of another person, we require written authorization and identity verification of both parties

8.4 Response Timeline:

• Acknowledgment: Within 3 business days of receiving your request

• Substantive Response: Within 30 days (GDPR) or 45 days (CCPA)

• Extension: Up to 60 additional days for complex requests (with notification)

8.5 Fees: We do not charge fees for exercising your rights unless requests are manifestly unfounded, excessive, or repetitive. In such cases, we may charge a reasonable administrative fee or refuse the request with explanation.

8.6 Appeals: If you are dissatisfied with our response to your request, you may appeal by contacting us with details of your concern. We will review and respond within 30 days.

Article 9: Data Security and Protection

9.1 Security Commitment: We implement comprehensive technical and organizational security measures to protect your personal information from unauthorized access, loss, destruction, alteration, or disclosure. Security is fundamental to our mission of protecting content creators.

9.2 Technical Safeguards:

• Encryption in Transit: All data transmitted to and from our platform uses TLS 1.3 encryption (HTTPS)

• Encryption at Rest: Personal data is encrypted using AES-256 encryption in our databases

• Secure Authentication: Passwords are hashed using bcrypt with appropriate cost factors; multi-factor authentication is available

• Access Controls: Role-based access controls limit data access to authorized personnel

• Security Monitoring: Continuous monitoring, intrusion detection, and automated threat response

• Regular Updates: Timely security patches and vulnerability remediation

9.3 Organizational Safeguards:

• Access to personal data is limited on a need-to-know basis

• All employees sign confidentiality agreements

• Regular security awareness training for all staff

• Documented security policies and incident response procedures

• Regular security audits and penetration testing

9.4 Infrastructure Security: Our platform is hosted on enterprise-grade cloud infrastructure with SOC 2 Type II certification, providing physical security, redundancy, and disaster recovery capabilities.

9.5 Security Limitations: While we employ industry-leading security measures, no system is 100% secure. We cannot guarantee absolute security but commit to promptly addressing any identified vulnerabilities and notifying affected users as required by law.

9.6 Your Security Responsibilities: You are responsible for maintaining the confidentiality of your account credentials. Never share your password, use unique passwords, enable multi-factor authentication, and notify us immediately if you suspect unauthorized account access.

Article 10: Cookies and Tracking Technologies

10.1 Cookie Usage: Our platform uses cookies and similar tracking technologies to enhance functionality, analyze usage, and improve your experience.

10.2 What Are Cookies: Cookies are small text files stored on your device when you visit our website. They help us recognize your browser, remember preferences, and provide personalized experiences.

10.3 Categories of Cookies:

Essential Cookies (Always Active):

• Required for platform functionality and security

• Enable account login and session management

• Remember your preferences and settings

• Cannot be disabled as they are necessary for service delivery

Analytics Cookies (With Your Consent):

• Help us understand how users interact with our platform

• Provide insights for service improvements

• Track aggregate usage statistics (anonymized)

Marketing Cookies (With Your Consent):

• Enable personalized content and communications

• Track campaign effectiveness

• Deliver relevant advertisements

10.4 Managing Cookies: You can control cookie preferences through:

• Our cookie consent banner displayed on your first visit

• Your browser settings to block or delete cookies

• Your account privacy settings

• The "Cookie Settings" link in our website footer

10.5 Impact of Disabling Cookies: Disabling essential cookies may impair platform functionality. Analytics and marketing cookies can be disabled without affecting core services.

Article 11: Third-Party Services and Data Sharing

11.1 When We Share Your Information: We may share your personal data with third parties only in the following circumstances:

Service Providers (Data Processors):

• Payment Processing: Stripe for secure payment handling (we do not store full card numbers)

• Cloud Infrastructure: Enterprise-grade hosting providers for data storage

• Email Services: Transactional and marketing email delivery

• Analytics: Usage insights and performance monitoring

• Identity Verification: KYC services for account verification

11.2 Data Processing Agreements: All third-party processors are contractually bound to:

• Process data only according to our instructions

• Implement appropriate security measures

• Maintain strict confidentiality

• Comply with GDPR and applicable data protection laws

• Delete or return data upon termination of services

11.3 Legal Disclosures: We may disclose your information when required by law, including:

• Valid subpoenas, court orders, or legal process

• Government or regulatory requests

• To protect our legal rights, property, or safety

• To prevent fraud or security threats

• To protect user safety or public safety

11.4 Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

11.5 No Sale of Personal Information: We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We do not share personal information for cross-context behavioral advertising.

11.6 Third-Party Websites: Our platform may contain links to external websites. We are not responsible for the privacy practices of these third-party sites. Review their privacy policies before providing personal information.

Article 12: International Data Transfers

12.1 Global Operations: Our services are provided globally, and your personal data may be transferred to, stored, or processed in countries outside your country of residence, including countries that may not provide the same level of data protection.

12.2 Transfer Safeguards: When we transfer personal data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): EU-approved data transfer agreements with all third-party processors outside the EEA

• Adequacy Decisions: Transfers to countries recognized by the EU Commission as providing adequate protection

• Supplementary Measures: Additional technical and organizational measures where required by Schrems II ruling

• Encryption: Data encrypted in transit and at rest for all international transfers

12.3 Transfer Impact Assessments: We conduct transfer impact assessments to evaluate the legal framework of destination countries and implement additional safeguards where necessary.

12.4 Primary Data Locations: Your data is primarily stored in secure data centers within the European Union. Some processing may occur in other jurisdictions with appropriate safeguards.

12.5 Your Rights: You may request information about the specific safeguards we use for international transfers, including copies of Standard Contractual Clauses, by contacting us.

Article 13: Data Retention

13.1 Retention Principle: We retain your personal information only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

13.2 Retention Periods:

• Account Data: Retained while your account is active and for 90 days afterward to facilitate reactivation

• Billing Records: Retained for 7 years to comply with tax and accounting regulations

• Monitoring Evidence: Retained for the duration of your subscription plus 90 days, or longer if required for pending legal matters

• Communication Records: Retained for 3 years for customer service quality and dispute resolution

• Marketing Data: Retained until you withdraw consent or for 2 years of inactivity

• Security Logs: Retained for 1 year for security monitoring and incident investigation

13.3 Deletion Process: When retention periods expire or you request deletion, we will:

• Permanently delete or anonymize your personal data

• Remove data from active systems within 30 days

• Remove data from backups within 90 days

• Instruct third-party processors to delete your data

13.4 Exceptions: We may retain certain information when required by law, to prevent fraud, resolve disputes, enforce our terms, or for legitimate business purposes.

13.5 Anonymized Data: Anonymized or aggregated data that cannot identify you may be retained indefinitely for analytics and service improvement.

Article 14: Children's Privacy

14.1 Age Restriction: Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children or minors.

14.2 Prohibition: If you are under 18, do not use our services or provide any personal information to us. Our services are designed exclusively for adult content creators.

14.3 Parental Notice: If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@adultmodelprotection.com.

14.4 Immediate Action: Upon learning that we have collected personal information from a person under 18, we will take immediate steps to delete that information from our systems and terminate any associated account.

14.5 Verification: We may implement age verification measures to help ensure compliance with this policy.

Article 15: Data Breach Notification

15.1 Incident Response: In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will take immediate action to contain, assess, and remediate the breach.

15.2 Our Response Process:

• Detection: Immediate investigation to determine scope and impact

• Containment: Swift action to prevent further unauthorized access

• Assessment: Evaluation of risk to affected individuals

• Notification: Timely communication to affected individuals and authorities

• Remediation: Implementation of measures to prevent recurrence

15.3 Regulatory Notification: We will notify the relevant data protection authority within 72 hours of becoming aware of a breach that meets reporting thresholds, as required by GDPR Article 33.

15.4 User Notification: If a breach is likely to result in high risk to your rights and freedoms, we will notify you without undue delay, providing:

• Description of the nature of the breach

• Categories and approximate number of affected individuals

• Likely consequences of the breach

• Measures taken or proposed to address the breach

• Contact information for further inquiries

• Recommended actions you should take to protect yourself

15.5 Ongoing Security: We maintain detailed incident response procedures, conduct regular security audits, and perform penetration testing to minimize the risk of data breaches.

Article 16: Email Communications

16.1 Types of Communications:

Transactional Emails (No Consent Required):

• Account creation and verification

• Service notifications and alerts

• Billing and payment confirmations

• Security alerts and password resets

• Responses to your inquiries

• Important service announcements

Marketing Emails (Consent Required):

• Newsletters and product updates

• Promotional offers and special features

• Educational content and tips

• Surveys and feedback requests

16.2 Consent: We will only send marketing communications if you have explicitly opted in through account registration, newsletter signup, or account settings.

16.3 Unsubscribing: You may opt out at any time by:

• Clicking "unsubscribe" in any marketing email

• Updating preferences in your account settings

• Contacting us directly

16.4 Note: Unsubscribing from marketing emails will not affect transactional communications necessary for service delivery.

Article 17: Changes to This Privacy Policy

17.1 Policy Updates: We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

17.2 Notification of Changes: When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy

• Notify you via email to your registered address

• Display a prominent notice on our platform

• For significant changes, request your renewed consent where required

17.3 Your Continued Use: By continuing to use our services after changes take effect, you acknowledge and accept the updated Privacy Policy. If you disagree with changes, you may discontinue using our services and request account deletion.

17.4 Version History: The current version of this policy is always available on our website. Previous versions may be requested by contacting us.

Article 18: How to Contact Us

18.1 Contact Information: If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Adult Model Protection
Email: support@adultmodelprotection.com
Website: www.adultmodelprotection.com

18.2 What You Can Contact Us About:

• Questions about how we collect, use, or share your personal data

• Requests to exercise your privacy rights (access, correction, deletion, etc.)

• Withdrawing consent for data processing or marketing

• Concerns about data security or potential breaches

• Complaints about our data handling practices

• Questions about international data transfers

• Requests for information about third-party processors

• Questions about automated processing and AI systems

18.3 Response Commitment: We will acknowledge your inquiry within 3 business days and provide a substantive response within 30 days.

Article 19: Your Right to File a Complaint

19.1 Complaint Rights: If you believe we have not handled your personal data in accordance with this Privacy Policy or applicable data protection laws, you have the right to file a complaint.

19.2 Internal Resolution: We encourage you to contact us first so we can attempt to resolve your concerns directly. We take all complaints seriously and will investigate promptly.

19.3 Supervisory Authority: You have the right to lodge a complaint with your local data protection authority, particularly in the EU member state of:

• Your habitual residence

• Your place of work

• The place where the alleged infringement occurred

19.4 EU Data Protection Authorities: Find your local authority through the European Data Protection Board website (edpb.europa.eu).

19.5 Other Remedies: Filing a complaint with a supervisory authority does not affect any other legal remedies you may have.

19.6 Our Cooperation: We will cooperate with data protection authorities and comply with any guidance or orders issued regarding our data processing activities.