Privacy Policy

1. Data Controller

The data controller responsible for processing your personal data is dirty. UG (haftungsbeschränkt), Berlin, Germany. For privacy inquiries, contact: hello@dirty.com.

2. Data We Collect

We collect the following categories of personal data:

3. Payment Data

Payment processing is handled exclusively by third-party payment processors. dirty. does not store full credit card numbers, CVV codes, or bank account details. We may receive limited transaction identifiers from payment processors for billing reconciliation. Payment processors operate under their own privacy policies and PCI DSS compliance obligations.

4. How We Use Your Data

We process your personal data for the following purposes:

• To provide, operate, and maintain the Service.
• To verify your identity and age.
• To process membership billing and manage subscriptions.
• To enable communication between members.
• To enforce platform policies and Terms of Service.
• To detect and prevent fraud, abuse, and security incidents.
• To comply with legal obligations.
• To improve the Service based on aggregated usage analytics.

We do not sell your personal data to third parties. We do not use your data for third-party advertising purposes.

5. Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

• Contract performance: Processing necessary to provide the Service you subscribed to.
• Legitimate interests: Platform security, fraud prevention, and service improvement.
• Legal obligation: Compliance with applicable laws, including age verification requirements.
• Consent: Where explicitly provided, such as for optional marketing communications.

6. Data Sharing

We may share your data with the following categories of recipients:

• Payment processors: For subscription billing (limited transaction data only).
• Infrastructure providers: Hosting, storage, and CDN services required to operate the platform.
• Moderation services: For content review and policy enforcement.
• Law enforcement: When required by law, court order, or valid legal process.

We do not share your private messages, media, or profile data with advertisers or data brokers.

7. Cookies & Analytics

dirty. uses essential cookies required for the Service to function, including session management and authentication. We use analytics tools to collect aggregated, non-personally-identifiable usage data for service improvement. We do not use third-party tracking cookies for advertising. You may manage cookie preferences through your browser settings.

8. Data Retention

We retain your personal data for as long as your account is active and as necessary to provide the Service. Upon account deletion, personal data is removed within 30 days, except where retention is required by law (e.g., billing records, legal hold requirements). Aggregated, anonymized data may be retained indefinitely for analytical purposes.

9. Data Security

We implement technical and organizational measures to protect your data, including:

• Encryption of data in transit (TLS) and at rest.
• Access controls and authentication for internal systems.
• Regular security reviews and vulnerability assessments.
• Incident response procedures for data breaches.

No method of electronic storage or transmission is 100% secure. While we strive to protect your data, absolute security cannot be guaranteed.

10. Your Rights

Under the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Restrict Processing: Request limitation of processing under certain conditions.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent at any time where processing is consent-based.
• Right to Non-Discrimination (CCPA): We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, contact us at hello@dirty.com. We will respond within 30 days. Identity verification may be required before processing requests.

11. International Data Transfers

Your data may be processed in countries outside the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or adequacy decisions recognized by the European Commission.

12. Children

dirty. is strictly for adults aged 18 and older. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that data has been collected from a minor, we will delete it promptly and terminate the associated account.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or via email. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact

For privacy inquiries or to exercise your data rights: dirty. UG (haftungsbeschränkt), Berlin, Germany. Email: hello@dirty.com.