Privacy Policy

# Privacy Policy

## Identity of the Data Controller  
Tingls Ltd (an Irish private limited company) is the data controller for the personal data collected on the Tingls platform.  Our registered office is at [Registered Address], Dublin, Ireland.  Tingls Ltd determines the purposes and means of processing your personal data.  You may contact us with privacy inquiries at **privacy@tingls.com** or by mail to our registered office.  (As required by GDPR, we provide our name and contact details as the data controller【45†L494-L502】.)

## Categories of Personal Data Collected  
We collect different personal data for Fans and for Creators on the platform:

- **Fans:** We process identity and account data (name or username, email address), payment information (card or payment details submitted via a third-party processor), technical and usage data (IP address, device/browser information, platform usage history), and any messages you send to creators through our platform.  
- **Creators:** We collect all of the above, plus additional data needed to run creator accounts.  This includes identity verification data (e.g. government ID or proof of address for KYC), payout details (bank account or payment account information for transfers), tax-related data (such as VAT numbers or tax IDs if required), and metadata about uploaded content (titles, descriptions, tags, etc.).  

## Legal Bases for Processing (GDPR Article 6)  
We only process personal data where we have a lawful basis under Article 6 GDPR【45†L494-L502】.  In particular:  
- **Contract:** Processing necessary to perform our contract with you (e.g. creating and managing your account, providing subscription or paid-content services, processing your payments and payouts).  
- **Legal Obligations:** Processing necessary to comply with laws (e.g. tax, accounting, anti-fraud and anti-money-laundering obligations for financial records and identity verification).  
- **Legitimate Interests:** Processing necessary for our legitimate interests (so long as these are not overridden by your rights).  For example, we use data for platform security, fraud prevention, service improvements, technical support, and analytics to optimize the platform.  These activities are carried out in our legitimate interest of providing a secure and effective service.  
- **Consent:** Where required (such as for optional marketing communications or cookies beyond those strictly necessary), we rely on your consent.  You can withdraw consent at any time (see “Your Rights” below).  

(These bases are those expressly recognized by Article 6 GDPR【45†L494-L502】.)

## How Personal Data Is Used  
We use personal data only for the following purposes:  

- **Account Management:** To set up, administer, and secure user accounts (verify your identity, logins, password resets, and account notifications).  
- **Payment Processing:** To process subscription payments, tips, and content purchases via our payment processors (e.g. Stripe, PayPal).  We pass your payment details to the processor to complete transactions (see below) and record transaction status.  
- **Creator Payouts:** To pay creators for subscription revenue and tips.  We use payout account details to transfer funds and to comply with any legal obligations on payouts.  
- **Platform Security and Fraud Prevention:** To protect the security of our platform and users.  We monitor for suspicious activity, investigate fraud, and implement security measures (such as login risk detection, account verification) to prevent unauthorized access and abuse.  
- **Customer Support:** To respond to user inquiries, handle support requests, and communicate with you about your account or payments.  
- **Analytics and Improvement:** To analyze platform usage and performance so we can improve our services.  We may collect aggregate or pseudonymized usage statistics and performance data to understand how users interact with the site and to enhance functionality.  
- **Legal Compliance:** To fulfill legal and regulatory obligations (for example, retaining financial transaction records for tax/audit purposes, responding to lawful requests by authorities, and performing identity checks required by law).  

No personal data is used for purposes other than those listed above without further notice or consent.  

## Payment Processing  
Tingls uses third-party payment processors (such as Stripe and PayPal) to handle all payments.  **Tingls does not store your full card details on our servers.**  When you make a payment, your card/payment information is collected by the payment processor under strong encryption and compliance with PCI-DSS standards.  We only receive limited transaction information (e.g. payment confirmation and last four digits of the card) from the processor.  For more details, you should review the privacy policies of our payment providers (e.g. Stripe’s privacy policy).  All payment processing is done via secure channels, and Tingls never has access to full payment card numbers.  

## Data Sharing & Third Parties  
We share personal data with trusted third parties only as needed to provide the platform services, and under appropriate legal safeguards:  

- **Payment Processors:** We share payment-related data (amount, currency, payer’s and payee’s identifiers) with Stripe, PayPal or other payment processors to authorize payments and disburse payouts.  These providers process payment data under contract and are obligated to keep it secure.  
- **Hosting and Infrastructure Providers:** We host Tingls’s platform and databases on cloud servers (e.g. AWS, Google Cloud, or equivalent) which may involve data storage or processing outside Ireland.  We have contracts in place to ensure those providers protect your data.  
- **Analytics and Marketing Providers:** We may share limited data (such as anonymized usage statistics or hashed identifiers) with analytics services (e.g. Google Analytics) or marketing tools.  Such services help us understand platform performance and user behavior.  Any analytics data shared is typically pseudonymized or aggregated.  
- **Professional Advisors:** We may disclose data to our auditors, accountants, lawyers, or other professional advisors, strictly to the extent needed (e.g. for audits, legal advice, compliance).  These parties are under professional secrecy obligations and contractual data protection terms.  
- **Legal and Regulatory Authorities:** We may disclose personal data to legal authorities if required by law (e.g. in response to a court order, subpoena, or law enforcement investigation).  We will do so only when legally compelled, and will notify you of such disclosures when permitted by law.  

Whenever personal data is transferred to a third party, we ensure a written Data Processing Agreement (or similar contractual safeguards) is in place, requiring the third party to protect the data in accordance with GDPR.  We do not sell or rent personal data to any third party.  

## International Data Transfers  
Tingls serves users worldwide, so personal data may be transferred across borders.  When we transfer data outside the European Economic Area (EEA), we do so only under approved safeguards.  In particular:  

- **Adequacy Decisions:** We rely on European Commission adequacy decisions for certain countries.  For example, transfers to the UK (which has an EU adequacy decision) and transfers to US companies participating in the EU–US Data Privacy Framework are treated as intra-EEA transfers【27†L343-L352】【27†L362-L370】.  Other countries with adequacy include Japan, Switzerland, Canada (commercial), South Korea, etc.  In such cases, no additional data transfer safeguards are needed beyond GDPR compliance.  
- **Standard Contractual Clauses (SCCs):** For transfers to service providers in countries without an adequacy decision, we use the EU’s Standard Contractual Clauses to ensure adequate protection【25†L330-L339】.  These are model contracts “pre-approved” by the EU Commission that legally bind the importer of data to EU data protection standards.  
- **Other Safeguards:** In some cases, we rely on specific data transfer agreements (e.g. binding corporate rules or the EU–UK adequacy decision) or obtain your explicit consent to the transfer, when necessary.  

We review any third-country transfer mechanisms regularly to ensure ongoing compliance with GDPR requirements.  

## Data Retention  
We retain personal data only as long as necessary for the purposes described above or to comply with legal obligations.  In general:  

- **Active Accounts:** While your Tingls account is active, we keep your personal data to provide the service and manage your account.  
- **Transactional Records:** We keep payment and financial records (e.g. invoices, payment confirmations, account statements) for at least the minimum period required by law.  Under Irish law, business and accounting records must generally be kept for at least six years【29†L99-L107】.  Accordingly, financial and tax-related data (transaction logs, payout records, tax IDs) will be retained for this statutory period.  
- **Legal Obligations:** We may retain some data longer if required by law or regulation (for example, to respond to legal claims or investigations).  
- **After Account Closure:** When an account is closed or inactive, we will delete or anonymize personal data that is no longer needed.  However, we may keep certain information (such as de-identified analytics, or backup data) as permitted by law.  

Once personal data is no longer needed, we securely delete or irreversibly anonymize it from our systems.  

## Your Rights Under the GDPR  
Under the GDPR and Irish law, you have the following rights regarding your personal data:  

- **Right of Access:** You can request a copy of the personal data we hold about you.  
- **Right of Rectification:** You can ask us to correct or update inaccurate or incomplete data.  
- **Right to Erasure (“Right to be Forgotten”):** You can request deletion of your personal data, subject to legal limitations (e.g. data we must retain for legal compliance).  
- **Right to Restrict Processing:** In some cases, you can ask us to suspend processing of your data (e.g. while a dispute is resolved).  
- **Right to Object:** You can object to processing based on our legitimate interests or for direct marketing.  We will stop the processing unless we have overriding legitimate grounds.  
- **Right to Data Portability:** You can request a machine-readable copy of personal data you have provided, to transfer to another service.  
- **Right to Withdraw Consent:** Where we rely on your consent (e.g. for marketing emails), you may withdraw it at any time (withdrawal does not affect prior processing).  
- **Right to Lodge a Complaint:** You have the right to lodge a complaint with the Irish Data Protection Commission if you believe your data protection rights have been violated.  

To exercise any of these rights, please contact us at privacy@tingls.com or via postal mail at our registered office.  We will respond to verified requests without undue delay and in accordance with GDPR timeframes.  If you need assistance or are unsatisfied with our response, you may contact the Irish Data Protection Commission (DPC) by mail at **6 Pembroke Row, Dublin 2, D02 X963, Ireland** or by email at **info@dataprotection.ie**【21†L54-L62】.  

## Data Security  
We implement appropriate technical and organizational measures to protect personal data from unauthorized access, alteration, disclosure or destruction.  These measures include, for example: encryption of data in transit (HTTPS/SSL/TLS) and encryption of sensitive data at rest; access controls and authentication (e.g. strong password policies, limited access rights); regular security assessments and penetration testing; and secure configuration of our servers and software.  We also maintain regular backups to ensure system resilience and data recovery.  In particular, GDPR Article 32 expressly recommends measures such as encryption of personal data and the ability to restore data availability in case of incident【35†L169-L177】.  

Our employees and contractors are trained on data protection and must follow strict security policies.  All third-party vendors we use must also maintain security standards.  Although we strive to use industry-standard security practices, no system can be guaranteed totally secure; we cannot promise absolute security of your data.  

## Cookies & Tracking  
Our website uses cookies and similar tracking technologies.  We distinguish between:  
- **Strictly Necessary Cookies:** These cookies are essential for the operation of the platform (for example, to maintain your login session or store your cookie-consent preferences).  Strictly necessary cookies do not require your consent under the ePrivacy regulations【22†L43-L52】.  
- **Performance/Analytics Cookies:** We use cookies (or similar technologies) to collect data on how users interact with the site (page visits, user flow, etc.) and to analyze platform performance.  These cookies help us improve the user experience.  We only place these cookies with your prior consent.  

When you first visit our site, we display a cookie notice allowing you to accept or reject non-essential cookies.  You can change your cookie preferences at any time.  For detailed information about the cookies we use, their purposes, and how to manage them, please see our Cookie Policy (linked on our website).  

## Children’s Data  
Tingls is strictly for users aged 18 and over.  We do not knowingly collect or solicit personal data from anyone under 18 years of age.  (Under Irish law, a “child” is defined as someone under 18【39†L335-L343】 and the age of digital consent is 16.)  If we learn that we have inadvertently obtained data from a person under 18, we will delete that data immediately and terminate that account.  Parents or guardians should contact us if they believe their child has provided personal data without consent.  

## Changes to the Privacy Policy  
We may update this Privacy Policy from time to time as our platform evolves or as laws change.  When we do, we will revise the “Last Updated” date at the bottom of this page and, if the changes are significant, we will provide notice on our website or by email.  We encourage you to review this policy periodically.  Your continued use of Tingls after such changes will constitute your acceptance of the updated Privacy Policy.

## Contact Details  
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:  
- **Email:** privacy@tingls.com  
- **Address:** [Registered Office Address], Dublin, Ireland  
- **Data Protection Commission:** You may also contact the Irish Data Protection Commission (DPC) at 6 Pembroke Row, Dublin 2, D02 X963, Ireland or via email at info@dataprotection.ie【21†L54-L62】 for independent advice or to lodge a complaint.  

**Last Updated:** 15 February 2026.