Last updated: March 2026

Privacy Policy

This Privacy Policy explains how RedLightAD collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable privacy laws.

1Data Controller

The data controller responsible for your personal data is:

RedLightAD

Denmark

Email: contact@redlightad.com

2What Data We Collect

We collect the following categories of personal data:

Account data

Email address, password (hashed), account type (Provider/Customer), registration date

Profile data

Name, age, gender, location, photos, videos, description — provided voluntarily by Providers

Transaction data

RedCoin purchases, payout requests, purchase history — linked to your account

Usage data

Pages visited, features used, IP address, device type, browser — for analytics and security

Communication data

Messages sent through the Platform (stored encrypted)

Technical data

Log files, error reports, session tokens — for security and performance

3How We Use Your Data

We use your personal data to:

  • Provide and operate the RedLightAD Platform
  • Process payments and manage RedCoin transactions
  • Verify user age and identity where required
  • Send account-related emails (confirmations, password resets)
  • Prevent fraud, abuse, and illegal activity
  • Improve our services through analytics
  • Comply with legal obligations

4Legal Basis (GDPR)

We process your personal data based on the following legal grounds under GDPR Article 6:

Contract performance (Art. 6(1)(b))

Processing necessary to provide the service you signed up for

Legitimate interests (Art. 6(1)(f))

Fraud prevention, security, analytics, and Platform improvement

Legal obligation (Art. 6(1)(c))

Compliance with applicable laws, including anti-trafficking and age verification requirements

Consent (Art. 6(1)(a))

Marketing cookies and non-essential analytics (withdrawn at any time)

5Data Retention

We retain your personal data for as long as necessary:

  • Active accounts: for the duration of your account
  • Closed accounts: 30 days after deletion, then permanently erased
  • Transaction records: 5 years (legal/tax obligation)
  • Log files: 90 days for security purposes
  • Content: deleted within 30 days of account closure

6Your Rights

Under GDPR, you have the following rights regarding your personal data:

Right of access

Request a copy of all personal data we hold about you

Right to rectification

Request correction of inaccurate or incomplete data

Right to erasure

Request deletion of your data ('right to be forgotten'), subject to legal exceptions

Right to restriction

Request that we limit processing of your data in certain circumstances

Right to portability

Receive your data in a structured, machine-readable format

Right to object

Object to processing based on legitimate interests

Right to withdraw consent

Withdraw consent at any time for consent-based processing (e.g. marketing cookies)

To exercise any of these rights, contact us at contact@redlightad.com. We will respond within 30 days. You also have the right to lodge a complaint with your national supervisory authority (in Denmark: Datatilsynet — dt.dk).

7Cookies

We use the following categories of cookies:

Necessary cookies

Required for authentication, security, and core functionality. Cannot be disabled.

Analytics cookies

Help us understand how users interact with the Platform (e.g. page views, session duration). Require consent.

Marketing cookies

Used to display relevant content. Require consent.

You can manage your cookie preferences at any time via the cookie banner or by contacting us. See our full Cookie Policy.

8Third Party Services

We use trusted third-party services to operate the Platform:

Supabase

Authentication, database, and real-time services

Privacy

Cloudinary

Media storage and delivery (images, videos)

Privacy

Stripe

Payment processing for RedCoin purchases

Privacy

Resend

Transactional email delivery

Privacy

Vercel

Hosting and content delivery

Privacy

Each provider acts as a data processor under our instructions and is bound by appropriate data processing agreements.

9International Transfers

Some of our service providers may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Certification under recognized frameworks (e.g. EU-US Data Privacy Framework)

10Contact & DPO

For any privacy-related questions, requests, or complaints, contact us:

Email: contact@redlightad.com

Response time: Within 30 days

Supervisory authority: Datatilsynet (Denmark) — datatilsynet.dk

Terms of ServiceCookie PolicyContact Support