Log inGDPR Policies
General Statements
This page provides a summary of all rules, regulations, and policies related to the GDPR (General Data Protection Regulation) within SubscribeStar.adult. It will be updated frequently, so it is your responsibility as a user to monitor and comply with everything related to your status and activities on the Platform.
This page may not provide explicit coverage of all GDPR rules and principles due to the subject's complexity. However, this policy should give you, as a user (i.e., content creator or subscriber), a solid understanding of the legal frameworks enforced throughout this Platform.
It is your responsibility to stay informed about any changes published on this page or elsewhere in the Platform’s policies. As a business, we disclaim any responsibility for events resulting from a user’s lack of awareness of policies related to their activities.
Some policies may be part of various sections of the Terms of Service and/or Privacy Policy, or other policies and rules of this Platform. We consider the responsibility of gathering and understanding all policies and related procedures an essential part of the user experience that every user or visitor should undertake.
Profile Data Deletion and Content Removal
1. Profile / Account Deletion
- Users can request their own profile deletion by contacting support at [email protected].
- All requests must be initiated from the email address directly associated with the profile in question.
- Users requesting profile deletion may need to verify their identity or provide additional supporting documentation to proceed.
- Account deletion requests will be processed within the following timeframes:
- California Users: 45 days, extendable to 90 days under CCPA Section 1798.105(c).
- Non-California US Users: Within a reasonable timeframe (typically 30–60 days) in compliance with FTC fairness guidelines.
- EU Users: 30 days, in accordance with GDPR Article 17, extendable up to 60 days for complex requests, per GDPR Article 12(3).
- If a request is denied due to legal or operational requirements, users may or may not be provided with an explanation and appeal options.
- If a deletion request is submitted fraudulently or as part of an unauthorized account takeover, a review process will determine whether the data should be restored for security reasons.
Profile / account deletion results in:
- Loss of access to the account / profile.
- Loss of access to any active subscriptions or purchases e.g. Paid Collections.
- Removal of personal data, except where legally required for compliance or outlined in the current Policy.
- Retention of transactional records where necessary for tax and anti-fraud obligations.
- Content published under the removed profile will be handled in accordance with the laws and regulations specific to the user's jurisdiction and the policies outlined below.
Exceptions & Limitations
- Content creators with active subscribers cannot delete their profiles until all active subscriptions have ended. This ensures that paid content remains accessible for the duration of the subscription period.
- Data may be retained where necessary to comply with legal, tax, and Anti-Money Laundering regulations (see Data Retention Periods Summary).
- If a user has ongoing disputes, chargebacks, financial or other claims, their data may be retained until resolution.
2. Content Removal
A content removal request refers to a formal request submitted by a user, third party, or authority to remove, delete, or restrict access to specific content on a platform. These requests can be categorized based on who submits them and the legal or policy basis for the removal.
User-Initiated Removal
- Users (i.e., content owner, content creator, Star) can delete or modify their own content (posts, comments, uploaded files) through appropriate tools at any time.
- As an option, User can request content removal by contacting support at [email protected].
- User-initiated content deletion is executed immediately, removing the content from public view upon request from the content owner. However, copies may be retained in secure backups for up to 60 days before permanent erasure, as required for operational integrity, security, or legal compliance.
IMPORTANT
Content related to ongoing transactions, investigations, disputes, or similar matters may be restricted from deletion at the creator’s discretion.
Third-Party Content Removal Requests
- Individuals or organizations who are not the owners of the content in question (i.e., a third-party) may submit content removal requests if the content contains defamatory statements or violates privacy rights through false information or doxxing (unauthorized disclosure of personal information). Such requests will be reviewed in accordance with applicable laws, including:
- Defamation Laws: Communications Decency Act (47 U.S.C. § 230) (US), EU E-Commerce Directive 2000/31/EC, UK Defamation Act 2013.
- Privacy & Data Protection Laws: GDPR (EU) Article 17 (Right to Erasure), CCPA (California Consumer Privacy Act), US State Privacy Laws (e.g., Virginia CDPA, Colorado CPA).
- Doxxing & Harassment Protections: EU Digital Services Act (DSA), US anti-doxxing laws (varies by state, e.g., California Penal Code § 653.2 on cyber harassment).
- Regarding the above, if a third-party service (e.g., User Data Erasure Service, Consent Revocation Agency, Privacy Rights Enforcement Service, Digital Footprint Cleanup Service, Consumer Data Protection Service, etc.) claims to act as an authorized representative of an individual—whether a Platform user or otherwise—it must provide clear proof of the requester’s consent or authorization to act on their behalf. In cases of reasonable doubt, we reserve the right to request direct confirmation from the user/requester for identity verification (Article 12(6) GDPR). If the third-party service fails to provide evidence that the user/requester has authorized the deletion request, we will deny the request until direct confirmation is received. This decision may or may not be communicated to the requesting party.
- If content involves third-party rights (e.g., collaborations, shared projects), removal requests will be reviewed on a case-by-case basis to balance rights under GDPR Article 17(3).
- If a government agency or law enforcement authority formally requests content removal under applicable laws, the request will be reviewed and processed in compliance with legal obligations. Users will be notified unless prohibited by law.
- Child Exploitation & Abuse Prevention: Requests under U.S. federal law (18 U.S.C. § 2258A - NCMEC reporting requirements) or EU CSAM regulations.
- Counter-Terrorism Measures: Compliance with the USA PATRIOT Act, EU Digital Services Act, or other anti-terrorism laws.
- Court Orders & Subpoenas: Removal based on U.S. federal or state court rulings, GDPR data protection authorities’ rulings, or law enforcement orders.
- Illegal Activities & Fraud Prevention: Content removal may be required under financial crime regulations (e.g., FinCEN AML Rules, EU 6AMLD) or laws prohibiting fraud, harassment, and hate speech.
- A removal request concerning DMCA & Copyright violations can be submitted under DMCA takedown policies for unauthorized content use.
Content removal may be required under the following legal grounds:
IMPORTANT
Only fully completed and formally submitted DMCA claim forms will be accepted for review. Incomplete or improperly submitted claims may be rejected. Requests must include all legally required information as specified under 17 U.S.C. § 512(c)(3) to be considered valid. Users can submit a DMCA takedown request via the DMCA Claim Form.
Platform-Initiated Removal
- Content that violates the platform’s Terms of Service or Prohibited Content guidelines may be removed without notice.
- Where feasible, users will be notified of content removal and may appeal within 14 days.
Exceptions Under GDPR (EU Users)
Under GDPR Article 17(3), a platform may reject a content removal request if any of the following exceptions apply:
| Exception | Description | Legal Basis |
|---|---|---|
| Freedom of Expression & Information | Content cannot be removed if it is necessary to protect journalistic, academic, artistic, or literary expression. | GDPR Article 17(3)(a) |
| Legal Compliance | Content must be retained if required by EU or national laws, including financial, AML, and fraud prevention regulations. | GDPR Article 17(3)(b) |
| Public Interest & Research | Content may be kept for scientific, historical, or statistical research if deletion would impair the research purpose. | GDPR Article 17(3)(d) |
| Legal Claims & Disputes | If content is needed to establish, exercise, or defend legal claims, deletion may be denied. | GDPR Article 17(3)(e) |
| Contractual Obligations | Users who have agreed to specific terms with the Platform or its users (e.g., commissioned artwork) may not be able to remove content that has already been sold, shared, or distributed, as their contractual obligations or the platform's policies may restrict such actions. | GDPR Article 6(1)(b) |
Example:
- A content creator in the EU cannot demand removal of digital goods they have sold (e.g., exclusive paid content), as it is part of a contractual agreement. Therefore, this paid content will remain available to the Users who paid for it for the period of 90 days counting from the removal request.
- If a user sells a commissioned artwork through the platform, the buyer may have acquired usage rights that prevent the original creator from retracting or deleting the content.
Exceptions for Non-EU Users (US & Other Countries)
For non-EU users, content removal may be denied or delayed under the following legal frameworks:
| Exception | Description | Applicable Laws |
|---|---|---|
| CCPA Exemptions (California Users) | For requests from California-based users, we are not required to remove published content upon request unless it contains personally identifiable information (PII) or that is necessary for legal compliance, security, fraud prevention, or contract enforcement, as defined under California Consumer Privacy Act (CCPA). | CCPA Section 1798.105(d) |
| DMCA & Copyright Exceptions (US) | If content is subject to fair use or part of an ongoing copyright dispute, removal may not be automatic. | 17 U.S.C. § 512 (DMCA Safe Harbor) |
| Financial Records & AML Compliance (US, UK, EU) | Transaction-related content (e.g., payment receipts, purchase records) must be retained for 5–7 years for legal compliance. | Bank Secrecy Act (US), FinCEN, 6AMLD (EU) |
| FTC Fair Business Practices (US) | Platforms are not required to remove reviews, comments, or factual information if doing so would be misleading or anti-competitive. | FTC Fair Business Guidelines |
| Defamation & Harassment Laws (Global) | Content removal may be required (not optional) if found to violate defamation, harassment, or hate speech laws in certain jurisdictions. | Communications Decency Act (US), EU Digital Services Act |
Example:
- A California user cannot demand the deletion of transactional data or fraud-related records under CCPA.
- A US-based creator cannot demand removal of a review or commentary about their content unless it violates defamation laws.
3. Deleted Data Restoration Requests
This section outlines the procedures for handling requests to restore deleted accounts, profiles, and content, ensuring compliance with GDPR (EU), CCPA (California), and US federal regulations.
Permanent & Irreversible Deletion
- Any user-initiated account or profile deletion, as well as content removal, is permanent and irreversible once the data has been deleted from active systems and backup storage. Restoration will be technically and legally impossible after this point.
- Users will be explicitly informed before deletion that their data cannot be restored once the request has been processed.
- We may require verifiable proof that the restoration request is being submitted by the individual or organization with legal authority over the deleted data.
GDPR Compliance – No Restoration of Erased Data
- Under GDPR Article 17 (Right to Erasure), once data has been fully erased per a user’s request, it cannot be restored under any circumstances.
- If a deletion request is still within the processing grace period (up to 30 days for GDPR users), the request may be withdrawn before final deletion is executed.
- After full deletion, the data is permanently erased from all systems, including backups, making restoration impossible.
CCPA & US Compliance – User Rights & Restrictions
- CCPA (California Users, Section 1798.105) grants users the right to request deletion but does not guarantee restoration once the request has been processed.
- For non-GDPR US users, restoration may be possible only if the request is received before final deletion is executed (e.g., if backups still exist within the retention period).
- Once data has been permanently removed from all systems, it cannot be recovered unless legally mandated.
Backup Storage Retention & Technical Limitations
- Deleted accounts, profiles, or content may remain in secure backup storage for up to 60 days for operational security, fraud prevention, and legal compliance.
- If a restoration request is submitted before the backup retention period expires, the request may be reviewed on a case-by-case basis, provided restoration is legally permitted.
- Data from deleted accounts will not be restored unless required by legal obligations (e.g., court orders, law enforcement investigations).
4. Data Retention Periods Summary
| Data Type | Retention Period | Reason |
|---|---|---|
| Financial Information (i.e., credit card details) | Credit card details are not stored by the Platform but are processed by PCI-compliant third-party payment providers. Our platforms operate exclusively with tokenized information, which remains anonymized and cannot be linked back to the user. | Payment security compliance |
| Secure Backup Storage of Deleted Data, Content (Posts, Comments, Files) | Immediate removal, up to 60 days in backups | Data recovery, operational backup & user request processing |
| Legal & Security Logs, Transaction & Payout Records, Chargeback & Refund Dispute Records | Retained until resolution, for up to 5 years | Fraud prevention, financial security, and compliance with legal and tax regulations, including IRS, GDPR, and AML requirements. |
