Privacy Policy
Privacy Policy

đź“ś Privacy Policy

Effective as of: [Insert Date]

This Privacy Policy describes how xPanda Web ("xPanda", "we", "us", "our") processes personal data, including the collection, use, disclosure, storage, and protection of personal information in connection with your use of our digital services, platforms, and applications.

1. Data Controller

The controller responsible for data processing under the General Data Protection Regulation (GDPR) is:

xPanda Web

Email: [privacy@xpanda.biz]

2. Definitions

This Privacy Policy uses terminology consistent with Article 4 of the GDPR, including:

  • “Personal data”: any information relating to an identified or identifiable natural person.
  • “Processing”: any operation performed on personal data, whether or not by automated means.
  • “Data subject”: any identified or identifiable natural person whose personal data is being processed.

3. Categories of Data We Process

We may process the following categories of personal data:

a) Identity Data:

  • First and last name
  • Date of birth
  • Email address
  • Phone number
  • Address (optional)

b) Verification Data:

  • Identity documents for age verification and KYC purposes
  • Selfie/video ID authentication

c) Payment and Billing Data:

  • Transaction details (date, amount, payment method)
  • Payment provider IDs (e.g., Stripe, PayPal)
  • Subscription records and creator payouts

d) Content Data:

  • User-generated content (e.g., images, videos, streams, captions)
  • Metadata such as timestamps, IP addresses, device information

e) Usage and Device Data:

  • IP address, browser type, device type, operating system
  • Log files, session durations, interaction patterns
  • Location data (if consented)

4. Purpose of Processing

We process personal data for the following purposes:

  • Operating and providing access to the xPanda Web platform
  • Identity verification and age validation
  • User account and creator profile management
  • Payment processing and creator payouts
  • Displaying, recommending, and monetizing content
  • Fraud prevention, platform integrity, and legal compliance
  • Analytics and platform improvement

5. Legal Bases for Processing

Processing of your personal data is based on the following legal grounds under Article 6(1) of the GDPR:

Purpose Legal Basis Contract performance and account creation Art. 6(1)(b) GDPR Legal obligations (e.g., age verification, tax compliance) Art. 6(1)(c) GDPR Legitimate interests (e.g., fraud prevention, optimization) Art. 6(1)(f) GDPR Consent (e.g., marketing, non-essential tracking) Art. 6(1)(a) GDPR 6. Data Recipients and Disclosures

Personal data may be disclosed to the following categories of recipients:

  • Payment providers (e.g., Stripe, PayPal)
  • Hosting and cloud infrastructure (e.g., Amazon Web Services, Cloudflare)
  • Identity and age verification services
  • Tax authorities and financial institutions
  • Law enforcement or legal authorities where required by law
  • Internal support and moderation teams
  • Other users (if you post content publicly)

Data transfers to third countries outside the EEA occur only with adequate safeguards in place, pursuant to Articles 44–49 GDPR (e.g., Standard Contractual Clauses).

7. Data Retention

We retain personal data:

  • for the duration of the contractual relationship
  • as long as required by statutory retention periods (e.g., up to 10 years under §147 of the German Fiscal Code)
  • until withdrawal of consent or request for erasure, unless legal obligations prevent deletion

8. Your Rights as a Data Subject

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (“right to be forgotten”) (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)
  • Right to lodge a complaint with a supervisory authority

To exercise these rights, please contact us at: privacy@xpanda.biz

9. Cookies, Trackers, and Analytics

We use cookies and similar technologies for:

  • Technical operation of the platform
  • Reach and usage analysis
  • Conversion tracking
  • User personalization

The use of non-essential cookies occurs only with your explicit consent in accordance with Art. 6(1)(a) GDPR and §25 TTDSG.

You can revoke or manage your cookie preferences at any time via our cookie settings.

10. Age Verification and Youth Protection

xPanda Web is strictly for adults aged 18 and over. We employ external providers to verify user age and identity (e.g., via document upload, selfie scans, biometric checks) in compliance with applicable youth protection laws (e.g., JMStV, NetzDG).

11. Automated Decisions / Profiling

We do not carry out fully automated individual decision-making within the meaning of Article 22 GDPR.

Profiling may be used for personalized recommendations and search results but is not based on sensitive data.

12. Security of Processing

We implement technical and organizational measures (TOMs) in accordance with Article 32 GDPR, including:

  • SSL/TLS encryption for all data transfers
  • Role-based access control and permissions
  • Two-factor authentication (2FA)
  • Security monitoring and DDoS protection
  • Regular staff training and privacy audits

13. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy, particularly in response to legal changes or modifications to our services. The current version is always available at: https://www.xpanda.biz/privacy?lang=en

Material changes will be communicated to users (e.g., via email or in-platform notifications).

14. Contact – Data Protection Officer

For data protection inquiries, you may contact our Data Protection Officer:

[Name or external DPO service, if applicable]

Email: privacy@xpandaweb.com