Μετάβαση στο κύριο περιεχόμενο
elGoonyelGoony
Terms of ServicePrivacy PolicyCookie PolicyAcceptable UseCopyright / DMCA

Privacy Policy

Version 2.1
Last updated 2026-06-07
Privacy Policy

1. Scope

This Privacy Policy explains how we collect, use, share and protect your personal data when you visit elgoony.com, use the elGoony service (the “Service”), or otherwise interact with us. It is designed to comply with Regulation (EU) 2016/679 (the “GDPR”), the EU ePrivacy framework, and applicable national laws.

2. The data we collect

  • Identity & account data: email, display name, chosen language, hashed password / authentication tokens, age confirmation, optional avatar.
  • Profile & preferences: creators you follow, collections, notification settings, locale.
  • Transaction data: wallet balance, subscription status, plan, top-up history, pay-to-unlock history. Card numbers are never seen or stored by us; they are handled directly by our payment processors. For crypto top-ups we additionally process the blockchain wallet address, transaction hash, and any identity information required by Regulation (EU) 2023/1113 (the Transfer of Funds Regulation) and the EU Markets in Crypto-Assets framework (MiCA, Regulation (EU) 2023/1114).
  • Creator KYC & payout data: for creators only, government-issued identification documents, age-verification records, tax identifiers, payout-account details, and supporting records required by EU anti-money-laundering law (Directive (EU) 2015/849 as implemented in the applicable EU Member State).
  • Content & community data (creators only):uploaded media, captions, channel configuration, payout details, tax/KYC records.
  • Communications: support tickets, reports, emails you send us.
  • Device & technical data: IP address, browser and device identifiers, approximate location derived from IP, referring URL, timestamps, logs needed for security and abuse prevention.
  • Optional analytics: aggregated usage events, collected only if you have opted in via the cookie banner.

We do not knowingly collect data from anyone under 18. We are aware that data about which creator profiles or content categories you interact with could, in some circumstances, reveal or allow inference of sexual preferences and so qualify as special-category data under Article 9 GDPR. We treat such data with equivalent technical and organisational safeguards and process it only to operate the Service, on the basis of Article 9(2)(a) GDPR (explicit consent) where recommendation or personalisation features rely on it; we do not currently operate a recommendation engine based on inferred sexual preferences.

3. Why we use your data and our lawful basis

PurposeLawful basis (Art. 6 / Art. 9 GDPR)
Create and operate your account, deliver subscriptions and unlocks, run the walletContract (Art. 6(1)(b))
Age and identity verification, fraud and abuse prevention, security logging, rate limitingLegitimate interests (Art. 6(1)(f)) and legal obligation (Art. 6(1)(c))
Creator KYC & AML/CTF compliance, crypto-transfer originator/beneficiary informationLegal obligation (Art. 6(1)(c)) incl. Directive (EU) 2015/849 (AML), Regulation (EU) 2023/1113 (TFR), Regulation (EU) 2023/1114 (MiCA), as applicable in the relevant EU Member State; plus contract performance (Art. 6(1)(b)) for payouts
Send transactional emails (receipts, security alerts, policy updates)Contract / legal obligation
Send marketing or product emailsConsent (Art. 6(1)(a)); you can withdraw at any time
Optional analytics cookiesConsent (Art. 6(1)(a) + ePrivacy)
Tax, accounting, anti-money-laundering, responding to lawful requests from authoritiesLegal obligation (Art. 6(1)(c))
Defend or pursue legal claims, corporate transactionsLegitimate interests (Art. 6(1)(f))

4. Who we share data with

We share personal data only with categories of recipients that need it to operate the Service, and always under a written processing agreement. We do not sell personal data.

  • Regulated EU/EEA payment service providers, voucher-based prepaid payment providers and crypto-asset service providers (for checkout, refunds, anti-fraud, TFR/MiCA compliance).
  • Cloud hosting and object-storage providers (preferably in the EU/EEA).
  • Transactional email provider (for receipts, security alerts, password resets).
  • Customer-support and ticketing tooling.
  • Optional analytics provider (only if you have opted in).
  • Identity / age-verification providers, where required.
  • Auditors, lawyers, accountants, tax authorities and regulators, where required by law.
  • An acquirer or successor entity in connection with a merger, acquisition or corporate reorganisation, subject to confidentiality safeguards.

Some communities are hosted on third-party messaging platforms. When you choose to join such a community, the third-party platform becomes an independent controller of the data you submit there under its own privacy notice.

5. International transfers

We aim to keep personal data inside the EU/EEA. Where a processor operates outside the EU/EEA, we rely on the European Commission’s Standard Contractual Clauses, an adequacy decision (including, where applicable, the EU–US Data Privacy Framework), or another transfer mechanism recognised under Chapter V GDPR, and we apply supplementary measures where appropriate. A current list of the categories of recipients, third countries and transfer mechanisms is available on request from legal@elgoony.com.

6. How long we keep your data

  • Account data: while your account is active and up to 24 months after closure for fraud-prevention and dispute purposes.
  • Transaction and accounting records: at least the period required by applicable tax law (typically 7–10 years in EU member states).
  • Creator identity / KYC / AML records: minimum 5 years after the business relationship ends, as required by Directive (EU) 2015/849 and applicable national AML law (extendable to 10 years where national law so provides).
  • Support tickets: up to 36 months after closure.
  • Security and abuse-prevention logs: up to 12 months.
  • Marketing consent records: until consent is withdrawn plus a short reconciliation period.
  • Creator content: while the content is published, plus a short backup-retention window after removal.

7. Your rights under GDPR

You have the right to:

  • access the personal data we hold about you (Art. 15);
  • have inaccurate data corrected (Art. 16);
  • request deletion where the conditions of Art. 17 are met;
  • restrict processing (Art. 18);
  • object to processing based on our legitimate interests, on grounds relating to your particular situation (Art. 21). If you object, we will stop the processing unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims;
  • receive a portable copy of data you provided to us (Art. 20);
  • withdraw any consent at any time, without affecting the lawfulness of past processing;
  • lodge a complaint with your national supervisory authority. A list is available at edpb.europa.eu/about-edpb/about-edpb/members_en.

To exercise any of these rights, contact legal@elgoony.com. We will respond within one month and may need to verify your identity before acting.

8. Data Protection Officer

We have not yet designated a formal Data Protection Officer given our current scale and processing posture. Our data-protection contact is legal@elgoony.com. We will appoint a DPO if and when required by Article 37 GDPR or by the competent EU supervisory authority.

9. Automated decision-making

We use automated systems for fraud detection, abuse detection and rate limiting. Where an automated decision results in account restriction, suspension, or refusal of a transaction, you have the right under Article 22(3) GDPR to obtain human review, to express your point of view, and to contest the decision. Contact support@elgoony.com and we will route the request to a human reviewer.

10. Security

We apply organisational and technical measures appropriate to the risk, including encryption in transit, encryption of secrets at rest, least-privilege access, audit logging, segregation of production and non-production environments, regular dependency review, and incident response procedures. No system is perfectly secure; please use a strong unique password and enable any available second factor.

11. Data breaches

Where a personal-data breach is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours, and we will inform affected users without undue delay where required.

12. Cookies and similar technologies

See our Cookie Policy for the full list and for how to change your choices.

13. Children

The Service is strictly for adults aged 18 or over. We do not knowingly process personal data of minors. If you believe a minor has provided data to us, contact legal@elgoony.com and we will delete it without undue delay.

14. Changes to this Policy

We may update this Policy from time to time. The “Last updated” date above always shows the current version. Material changes will be announced in-app or by email.

15. Contact

Data protection / privacy: legal@elgoony.com
General support: support@elgoony.com