Our Privacy Commitment
We will never sell your personal data. We will never share your identity with advertisers. We will never use your data in ways you haven't consented to. This is non-negotiable —now and always.
1 Who We Are
Findom UK Ltd ("we", "us", "our") is the data controller responsible for your personal data. We are registered in England and Wales and are registered with the Information Commissioner's Office (ICO).
Our Data Protection Officer can be contacted at privacy@findomuk.co.uk.
This Privacy Policy applies to all personal data we collect through the Findom UK website, mobile applications, and related services (collectively, the "Platform").
2 Data We Collect
Data You Provide Directly
- Account data: Email address, username, password (stored as a secure hash), date of birth (for age verification).
- Profile data: Display name, profile description, preferences, and any photos or content you choose to share.
- Communications: Messages you send to other members via our platform messaging system.
- Payment data: Billing information processed securely via our PCI-DSS compliant payment provider. We do not store full card numbers.
- Support data: Information you provide when contacting our support team.
- Verification data: Identity verification documents processed during our age verification process.
Data Collected Automatically
- Usage data: Pages visited, features used, time spent, and interactions within the Platform.
- Device data: Device type, operating system, browser type, and screen resolution.
- Log data: IP address, timestamps, and access logs (retained for security and fraud prevention).
- Cookie data: See our Cookies section below.
Special Category Data
Because our Platform relates to sexual orientation and practices, some data you share may constitute "special category" data under UK GDPR. We process this data only with your explicit consent and apply the highest level of protection to it.
3 How We Use Your Data
We use your personal data to:
- Create and manage your account and provide you with access to the Platform.
- Verify your age and identity as required by law and our policies.
- Facilitate connections and communications between members.
- Process payments and manage your subscription.
- Provide customer support and respond to your enquiries.
- Detect, investigate, and prevent fraud, abuse, and safety violations.
- Improve the Platform through analysis of aggregated, anonymised usage data.
- Send you service notifications (e.g. account security alerts, billing confirmations).
- Send you marketing communications —only with your explicit opt-in consent, and you may withdraw at any time.
- Comply with our legal obligations.
We will never use your data to deliver third-party advertising.
4 Legal Basis for Processing
We process your personal data on the following legal bases under UK GDPR:
- Contract: Processing necessary to provide our services to you (e.g. account management, messaging, payments).
- Legitimate interests: Fraud prevention, platform security, and service improvement —where these interests are not overridden by your rights.
- Legal obligation: Age verification and other processing required by law.
- Explicit consent: Processing of special category data; marketing communications; optional analytics cookies.
5 Sharing Your Data
We do not sell your personal data. We share it only in the following limited circumstances:
- Service providers: Carefully vetted third parties who help us operate the Platform (e.g. payment processors, cloud hosting, email delivery). All are bound by strict data processing agreements.
- Age verification providers: Third-party verification services, used solely for the purpose of confirming your eligibility to use the Platform.
- Legal requirements: Where we are required to disclose data by law, court order, or regulatory authority.
- Business transfers: In the event of a merger or acquisition, your data may be transferred to a successor entity, subject to equivalent privacy protections.
Other members can see only the information you choose to display publicly on your profile. Your email address, real name, payment details, and verification documents are never visible to other members.
6 Data Retention
We retain your personal data for as long as your account is active and for a reasonable period thereafter to allow you to reactivate your account if you choose.
Specifically:
- Account data: Retained for the life of your account plus 12 months.
- Messages: Retained for 24 months from the date of the message, then permanently deleted.
- Payment records: Retained for 7 years as required by UK tax law.
- Age verification records: Retained for the minimum period required by law, then permanently deleted.
- Security logs: Retained for 12 months for fraud prevention purposes.
You may request permanent deletion of your account and personal data at any time (see Your Rights below).
7 Security
We implement robust technical and organisational security measures to protect your data, including:
- End-to-end encryption for all private messages.
- TLS/SSL encryption for all data transmitted between your device and our servers.
- AES-256 encryption for data at rest.
- Bcrypt hashing for all passwords.
- Regular penetration testing and security audits by independent third parties.
- Strict access controls —only authorised personnel can access personal data, on a need-to-know basis.
- Two-factor authentication available and encouraged for all accounts.
In the unlikely event of a personal data breach, we will notify the ICO within 72 hours and affected individuals without undue delay, as required by UK GDPR.
8 Cookies & Tracking
We use cookies and similar technologies to operate the Platform and understand how it is used. Our cookies fall into three categories:
- Essential cookies: Required for the Platform to function (e.g. session management, security tokens). These cannot be disabled.
- Functional cookies: Remember your preferences (e.g. theme, language). You may disable these without affecting core functionality.
- Analytics cookies: Used to understand how members use the Platform, so we can improve it. These are only placed with your explicit consent. We use privacy-first analytics that do not share your data with third parties.
We do not use advertising or tracking cookies. We do not share cookie data with any advertising networks.
You can manage your cookie preferences at any time via the cookie settings panel in your account, or by adjusting your browser settings.
9 Your Rights Under UK GDPR
As a UK resident, you have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure: Request permanent deletion of your personal data ("right to be forgotten").
- Right to restrict processing: Request that we limit how we use your data in certain circumstances.
- Right to data portability: Receive your personal data in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interests or for marketing purposes.
- Right to withdraw consent: Withdraw consent at any time for processing based on consent, without affecting prior lawful processing.
- Rights related to automated decision-making: Not to be subject to solely automated decisions that significantly affect you.
To exercise any of these rights, email privacy@findomuk.co.uk with "Data Rights Request" in the subject line. We will respond within 30 days.
There is no charge for exercising your rights. We may ask you to verify your identity before processing your request.
10 International Transfers
We store and process data primarily within the UK and European Economic Area (EEA). Where we transfer data outside the UK/EEA (for example, to certain cloud service providers), we ensure appropriate safeguards are in place, including:
- UK adequacy decisions or Standard Contractual Clauses (SCCs).
- Binding Corporate Rules where applicable.
- Contractual data processing agreements with all sub-processors.
11 Children's Privacy
Findom UK is strictly an adults-only platform. We do not knowingly collect personal data from anyone under the age of 20. If we discover that a minor has created an account, we will immediately and permanently delete all associated data and terminate the account.
If you believe a minor has registered on our Platform, please contact us immediately at safety@findomuk.co.uk. We take this extremely seriously.
12 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email and/or by posting a clear notice on the Platform at least 14 days before the changes take effect.
The date at the top of this page indicates when it was last updated. We encourage you to review this policy periodically.