Privacy Policy

How we collect, use, and protect your personal information.

Last updated: January 2025

1. Introduction & Data Controller

SparkChambers takes your privacy seriously. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our platform. We are committed to being transparent about our data practices and ensuring you understand your rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller

Name: Daniel Samer

Address: Am Alefskamp 50, 47198 Duisburg, Germany

Email: daniel@samer.email

This policy applies to all users of the SparkChambers platform, including our website and any related services. By using SparkChambers, you acknowledge that you have read and understood this Privacy Policy.

2. Data We Collect

We collect various types of personal data to provide and improve our services. Below is a comprehensive overview of the data we collect:

Account Registration Data

  • Email address
  • Username
  • Password (stored as a secure hash, never in plain text)
  • Date of birth (to verify you are 18+)

Profile Information

  • Display name
  • Profile photos and avatar
  • Bio and profile descriptions
  • Physical attributes (height, weight, body type, etc.)
  • Location (city, country)
  • Relationship status

Special Category Data

  • Sexual orientation
  • Relationship preferences
  • Kinks and interests
  • Seeking preferences

Media & Content

  • Profile pictures and photos
  • Album content (including NSFW content with appropriate ratings)
  • Verification video/photo selfies

Communications Data

  • Private messages between users
  • Support tickets and communications with our team

Technical & Device Data

  • IP address
  • Browser type and version
  • Device information
  • Session cookies (essential for login functionality)
  • Timestamps and activity logs

3. How We Use Your Data

We process your personal data for specific purposes, each with a valid legal basis under GDPR:

Purpose Legal Basis
Account creation and management Contract performance (Art. 6(1)(b) GDPR)
Profile display and matching with other users Contract performance / Consent
Processing payments via Stripe Contract performance (Art. 6(1)(b) GDPR)
Platform safety and content moderation Legitimate interest (Art. 6(1)(f) GDPR)
Age verification (18+) Legal obligation (Art. 6(1)(c) GDPR)
Responding to legal requests Legal obligation (Art. 6(1)(c) GDPR)
AI-powered content moderation Legitimate interest / Consent
Profile matching and recommendations Contract performance / Consent
Sending transactional emails Contract performance (Art. 6(1)(b) GDPR)

4. Special Category Data

GDPR Article 9

As an adult dating platform, we process special category data under GDPR Article 9. This includes data concerning your sexual orientation and preferences. Processing of this data is only lawful because you have given explicit consent for it to be used for the specific purpose of finding compatible matches.

This includes:

  • Your stated sexual orientation
  • Relationship preferences and what you're looking for
  • Kinks, fetishes, and intimate preferences
  • Information about relationship dynamics you're interested in

You provide this information voluntarily when creating and updating your profile. By entering this data, you explicitly consent to its processing for the purpose of matching you with compatible users and displaying your preferences to other members.

You can withdraw consent at any time by removing this information from your profile or deleting your account. However, please note that withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

5. Location Data

We collect and process location data to provide location-based features such as finding nearby users and events:

  • GPS coordinates (when you grant browser permission)
  • City and country (from your profile settings)
  • Approximate location for distance calculations

You can disable GPS location sharing at any time through your browser settings or by using our manual location entry. Location data is used solely for providing distance-based features and is never sold or shared with third parties.

6. AI & Automated Decision Making

We use artificial intelligence and automated processing in the following ways:

Content Moderation

Our AI systems automatically scan uploaded photos for policy violations, illegal content, and content that may harm our community. This helps us maintain a safe environment. Human moderators review flagged content before any account actions are taken.

Profile Matching

Our matching algorithm suggests compatible profiles based on your preferences, location, and activity. This is a recommendation system to enhance your experience - you are always free to interact with any user you choose.

Under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing that significantly affect you. Our AI systems assist human moderators rather than making final decisions autonomously. If you believe an automated decision has been made incorrectly, you can contact us to request human review.

7. Data Sharing

We share your data only when necessary and with appropriate safeguards:

  • Stripe (Payment Processing): Payment information is processed by Stripe. We never store your full credit card details. Stripe's privacy policy applies to payment data.
  • Other Users: Your profile information is visible to other authenticated members based on your privacy settings.
  • Legal Requirements: We may disclose data when required by law, court order, or to protect safety.
  • Service Providers: We use self-hosted infrastructure. Emails are sent from our own servers.

We NEVER sell your personal data to third parties for advertising or any other purpose.

8. ID & Age Verification

As an 18+ platform, we verify user ages and identities to maintain community safety:

  • We require video verification to confirm you are a real person
  • Verification media is stored securely with restricted access
  • ID documents, when required for dispute resolution, are handled with strict confidentiality
  • Verification data is retained for fraud prevention and legal compliance

Verification documents are stored with encryption and access is limited to authorized personnel only. This data is retained for the minimum period necessary for fraud prevention and legal compliance purposes.

9. Data Retention

We retain your data only as long as necessary for the purposes described:

Data Type Retention Period
Active account data Duration of account + 30 days
Deleted account data 30 days (soft delete grace period)
Messages Deleted with account
Verification documents Duration of account + legal retention
Payment records 10 years (German tax law)
Server logs 90 days

10. Your Rights Under GDPR

As a data subject, you have the following rights under GDPR. You can exercise these rights by contacting us at the email address provided:

Right of Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can request correction of inaccurate personal data.

Right to Erasure

You can request deletion of your data ("right to be forgotten").

Right to Restrict Processing

You can request limitation of data processing in certain circumstances.

Right to Data Portability

You can request your data in a machine-readable format.

Right to Object

You can object to processing based on legitimate interests.

Right to Withdraw Consent

You can withdraw any consent given at any time.

Right to Lodge Complaint

You can file a complaint with a supervisory authority.

Supervisory Authority

If you believe we have not handled your data appropriately, you have the right to lodge a complaint with a data protection supervisory authority.

Competent Authority (Germany):
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
https://www.ldi.nrw.de

11. Cookies

We use essential cookies for platform functionality and, with your consent, analytics cookies to improve our service.

Essential Cookies (always active):

  • Session Cookie: Maintains your login session
  • CSRF Token: Security protection against cross-site request forgery
  • Locale Preference: Remembers your language preference
  • Consent Cookie: Remembers your cookie preferences

Analytics Cookies (with your consent):

  • _ga, _ga_*: Google Analytics - helps us understand site usage

You can manage your cookie preferences at any time through the cookie settings link in the footer.

12. Google Analytics

We use Google Analytics 4 (GA4) to understand how visitors use our website. This helps us improve the user experience and identify technical issues. GA4 is only activated when you give consent through our cookie banner.

What GA4 collects:

  • Pages you visit and how long you stay
  • Your approximate location (country/city level)
  • Device type, browser, and operating system
  • How you found our website (referral source)

GA4 Cookies:

  • _ga: Distinguishes unique users (expires after 2 years)
  • _ga_*: Maintains session state (expires after 2 years)

Legal basis: Consent (Art. 6(1)(a) GDPR). You can withdraw consent at any time by clicking the cookie settings link in the footer or clearing your browser cookies.

Data Transfer:

Google Analytics data may be transferred to Google servers in the United States. Google participates in the EU-US Data Privacy Framework, which provides adequate safeguards for data transfers.

You can opt out of Google Analytics tracking at any time through our cookie banner settings, or by using browser extensions like Google Analytics Opt-out.

13. Security Measures

We implement comprehensive security measures to protect your data:

  • TLS/SSL encryption for all data in transit
  • Encryption at rest for sensitive data including messages
  • Secure password hashing using industry-standard algorithms
  • Regular security audits and vulnerability assessments
  • Access controls and authentication for administrative functions
  • Server infrastructure located in Germany/EU
  • Regular backups with encrypted storage

14. Children's Privacy

SparkChambers is strictly for adults aged 18 and over. We do not knowingly collect data from anyone under 18. We verify age during registration and through our verification process. If we discover that we have inadvertently collected data from a minor, we will delete it immediately and terminate the associated account.

15. International Data Transfers

Your data is stored and processed entirely within the European Union. Our servers are located in Germany, and we do not transfer your personal data outside the EU/EEA. All data processing occurs within the GDPR jurisdiction, ensuring the highest level of data protection.

All data storage and processing occurs within the European Union. No data is transferred outside the EU/EEA.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will notify you by email and/or through a prominent notice on our platform. We encourage you to review this policy periodically. Continued use of SparkChambers after changes constitutes acceptance of the updated policy.

17. Contact Us

If you have questions about this Privacy Policy, want to exercise your rights, or have concerns about how we handle your data, please contact us:

Address
Am Alefskamp 50, 47198 Duisburg, Germany

We aim to respond to all privacy-related inquiries within 30 days, as required by GDPR. For urgent matters, please indicate this in your subject line.

Last updated: January 2025