Privacy Policy

EroCams Privacy Policy

---

## 1. Introduction

Welcome to **EroCams** ("**EroCams**," "**we**," "**our**" or "**us**"). We are committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, disclose, store, and safeguard information when you visit *www.erocams.com* or use any related mobile applications, products, or services (collectively, the "**Service**").

*Key points:*

- The Service is intended **solely for adults aged 18 or over** (or the age of majority in your jurisdiction, whichever is higher).

- EroCams is **based in USA and Saint Vincent and the Grenadines** and operates globally.

- The only official contact email for privacy matters is **[email protected]**.

If you have questions or concerns, please contact us at **[email protected]**.

---

## 2. Data Controller & Contact Information

- **Data Controller:** EroCams, 

- **Email:** [email protected]  

- **Data Protection Officer (DPO):** We have appointed an internal DPO reachable via the above email; please include “Attn: DPO” in the subject line.

Where required under the EU GDPR or the UK GDPR, we have appointed an EU and UK representative; details are available upon request.

---

## 3. What Personal Data We Collect

| Category | Examples | Legal Basis* |

| --- | --- | --- |

| **Account Data** | Username, password, date of birth, email address | Contract (Art. 6 (1)(b) GDPR) |

| **Identity & KYC Data** | Government‑issued ID, selfies, facial‑recognition vectors, country of residence | Legal obligation (Art. 6 (1)(c)); Legitimate interests (Art. 6 (1)(f)) |

| **Payment Data** | Token purchase amounts, transaction IDs, partial card BIN, billing country (never full card number) | Contract; Legitimate interests |

| **Usage Data** | IP address, device type, operating system, browser, language, referring URLs, pages viewed, session timestamps | Legitimate interests |

| **Content Data** | Chat messages, uploaded photos & videos, livestream metadata | Contract; Legitimate interests |

| **Cookies & Similar Tech** | Session cookies, analytics cookies, advertising IDs, WebRTC metrics | Consent (where required); Legitimate interests |

| **Marketing Data** | Email preferences, opt‑in confirmations, promotional interaction history | Consent; Legitimate interests |

| **Support Data** | Help‑desk tickets, call recordings, complaint details | Legitimate interests; Legal obligation |

*See Section 5 for detailed explanations of each legal basis.

We do **not** knowingly collect data from minors. Accounts suspected of belonging to individuals under 18 are terminated and data erased.

---

## 4. How We Obtain Personal Data

- **Directly from you** during account registration, profile completion, KYC checks, content uploads, purchases, support requests, surveys, or marketing opt‑ins.

- **Automatically** through cookies, pixels, server logs, and similar technologies when you interact with the Service.

- **From third‑party partners** such as payment processors, fraud‑prevention vendors, or identity‑verification providers when they confirm your payment status or identity.

---

## 5. Purposes and Legal Bases for Processing

| Purpose | Legal Basis |

| --- | --- |

| To create and maintain your account, provide customer support, and deliver contracted services | **Contract** – necessary to perform our agreement with you |

| To verify age and identity, prevent illicit content, ensure 18 U.S.C. §2257 compliance | **Legal obligation**; **Legitimate interests** |

| To process payments, issue Token payouts, detect fraud and chargebacks | **Contract**; **Legitimate interests** |

| To customize and improve the Service, perform analytics, and develop new features | **Legitimate interests** |

| To send important transactional emails (e.g., password resets, policy updates) | **Contract**; **Legitimate interests** |

| To send marketing emails or push notifications | **Consent** (opt‑in; you may withdraw at any time) |

| To comply with law‑enforcement requests, court orders, or obligations under AML/KYC regulations | **Legal obligation** |

| To protect the safety and security of Users and Performers, enforce our Terms of Service | **Legitimate interests** |

Where we rely on **legitimate interests**, we have balanced our interests against your rights and freedoms and determined they do not override your interests. You may object to such processing as described in Section 11.

---

## 6. Cookies & Tracking Technologies

We use cookies and similar technologies (e.g., local storage, Web Beacons) to:

1. Authenticate Users and keep you signed in;

2. Remember preferences (e.g., language, video quality);

3. Measure audience size and performance (first‑ and third‑party analytics, including Google Analytics and Matomo);

4. Deliver personalized content and limited advertising;

5. Detect fraud, spam, and security incidents.

You can control cookies through your browser settings or our Cookie Banner. Where legally required, we request your consent before setting non‑essential cookies.

---

## 7. How We Share Personal Data

We disclose personal data **only when necessary** and in accordance with this Policy:

- **Service Providers & Processors** (e.g., hosting providers, CDN, payment processors, identity‑verification vendors, analytics platforms) under data‑processing agreements.

- **Other Users** (if you are a Performer, certain profile information, live video, and chat messages are public by design).

- **Legal Authorities** when required to comply with subpoenas, court orders, or lawful investigations.

- **Successors in Interest** during a merger, acquisition, or asset sale (you will be notified and may exercise any applicable rights).

We **never sell** your personal data to third parties.

---

## 8. International Transfers

Your data may be processed **outside your country**, including in jurisdictions that may have different data‑protection standards. Where required, we implement safeguards such as:

- Standard Contractual Clauses (SCCs) approved by the European Commission;

- UK International Data Transfer Addendum;

- Adequacy decisions; or

- Reliance on derogations for specific situations (e.g., contract performance).

---

## 9. Data Retention

We retain personal data **only as long as necessary** for the purposes described:

- **Account Data:** as long as your account is active plus six years (statutory limitation period).

- **KYC & AML Records:** minimum five years from last transaction (legal requirement).

- **Content & Chat Logs:** up to two years unless required longer for legal claims or moderation.

- **Cookies:** up to 13 months (analytics) or as limited by local law.

After expiry, data is securely deleted or anonymized.

---

## 10. Security Measures

We employ industry‑standard technical and organizational measures, including:

- Encryption in transit (TLS 1.3) and at rest (AES‑256);

- Tokenized payment processing (PCI DSS Level 1 partners);

- Multi‑factor authentication for staff and Performers;

- Role‑based access controls and least‑privilege principles;

- Regular vulnerability scans, penetration tests, and bug‑bounty programs;

- 24 × 7 security operations and incident‑response plan.

Despite our efforts, no system is 100 % secure. You are responsible for keeping your password confidential.

---

## 11. Your Privacy Rights

Depending on your location, you may have the following rights:

- **Access:** Receive a copy of personal data we hold about you.

- **Rectification:** Correct inaccurate or incomplete data.

- **Erasure (“Right to Be Forgotten”):** Delete certain data, subject to legal obligations.

- **Restriction:** Limit processing under specified circumstances.

- **Portability:** Receive data in a structured, machine‑readable format and transmit to another controller.

- **Objection:** Object to processing based on legitimate interests or direct marketing.

- **Withdraw Consent:** Where processing is based on consent, you may withdraw at any time.

To exercise any right, email **[email protected]** with "Privacy Request" in the subject line. We will respond within **30 days** (extendable by 60 days for complex requests, with notice).

If you are in the EEA, you also have the right to lodge a complaint with your local supervisory authority. Users in the UK may complain to the ICO. Residents of California have additional rights under the CCPA/CPRA (see Section 12).

---

## 12. California Privacy Notice (CCPA/CPRA)

If you are a California resident:

- We disclose categories of personal information listed in Section 3 for "business purposes" only.

- You may exercise the rights to **know**, **delete**, and **correct** personal information collected about you.

- We do **not** sell or share personal information as defined in the CCPA/CPRA.

- To submit a request, email **[email protected]** with “CCPA Request” in the subject line. You may designate an authorized agent.

---

## 13. Automated Decision‑Making & Profiling

We use automated tools to:

- Screen content for prohibited material;

- Detect fraud and security threats;

- Personalize recommendations (e.g., suggested performers).

These processes do **not** produce legal effects on you nor significantly affect you in a similar way. You may request human review via **[email protected]**.

---

## 14. Links to Third‑Party Sites

Our Service may contain links to external websites or services that we do not operate. We are not responsible for their privacy practices; consult their privacy policies before providing data.

---

## 15. Children’s Privacy

EroCams is **strictly for adults**. We do not knowingly collect or solicit information from anyone under 18. If we learn we have collected personal data from a minor, we will promptly delete it and terminate the account.

---

## 16. Changes to This Policy

We may modify this Policy to reflect changes in law or our practices. We will post any revisions on this page and, where material, provide at least **14 days' notice** via email or in‑app notifications. Your continued use after the effective date signifies acceptance.

---

## 17. Contact Us

For all privacy‑related inquiries, data‑subject requests, or complaints, please contact:

**Email:** [email protected]  

**Subject Line:** Privacy Request / DPO  

We will do our best to address your concerns promptly and professionally.

---

## 18. Glossary

- **GDPR:** General Data Protection Regulation (EU 2016/679).  

- **CCPA/CPRA:** California Consumer Privacy Act as amended by the California Privacy Rights Act.  

- **Personal Data / Personal Information:** Any information relating to an identified or identifiable natural person.  

- **Processing:** Any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.

---

*Thank you for trusting EroCams. We value your privacy and strive to keep your personal data safe and secure.*