Oct 1, 2025
Legal
Privacy Policy
Last updated: October 1, 2025
Article 1. Identification of the company
The registered office of PRIVIZE.IO, a single-shareholder simplified joint stock company (SASU), is located at 25 rue de Ponthieu, 75008 Paris, registered in the Paris Trade and Companies Register under number 988 989 919, and bearing the intra-Community VAT number FR 20 988 989 919 (hereinafter referred to as the "Company").
Article 2. Purpose of this policy
This privacy policy (hereinafter the "Privacy Policy") establishes the legal framework governing the collection, use, and processing, by PRIVIZE.IO (hereinafter the "Company"), of personal data that is any information allowing the identification of a natural person directly or indirectly (hereinafter the "Personal Data") relating to individuals using the services offered by the Company (hereinafter the "Users"). These services are accessible via the online platform "Privize.io", designed, developed, and operated by the Company (hereinafter the "Platform").
Article 3. Role of the company as data controller
In its capacity as data controller within the meaning of GDPR, the Company exercises exclusive control over the collected Personal Data.
It determines alone or jointly the purposes, nature, means, duration, and methods of their processing, in strict compliance with the principles of legality, fairness, and transparency set forth in Article 5 of the GDPR.
Article 4. Necessity of providing data
The provision of the Personal Data collected under this Privacy Policy is mandatory and indispensable to allow adequate processing and delivery of the services offered by the Company (hereinafter the "Services"), which include access to creators' media, as well as interactions on the Platform.
Any refusal or failure to communicate this data would hinder the optimal functioning of the Services and could prevent their effective provision, in accordance with Article 6(1)(b) of the GDPR (execution of a contract).
Article 5. Commitment to Legal Compliance
The Company formally commits to comply with all applicable regulations regarding personal data protection, including, without limitation, the provisions of Regulation (EU) No 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the "GDPR"), as well as Law No. 78-17 of January 6, 1978, relating to information technology, files, and freedoms, as amended.
Article 6. Collection Principles
The Company only collects Personal Data in full compliance with the provisions of this Privacy Policy, as well as any legal, reasonable, and documented instruction coming from the User, at any point during the processing.
Any collection is limited to data strictly necessary for the declared purposes, in application of the principle of data minimization (Article 5(1)(c) of the GDPR).
Article 7. Data collection
Throughout the duration of the use of the Platform and/or services, the Company may collect Personal Data related to the Users.
When creating an account on the Platform, the User expressly consents to the processing of their Personal Data to the extent strictly necessary for the proper functioning of the Platform and the Services.
The Personal Data related to Users are communicated directly by Users (notably when they create an account on the Platform or unlock a Private Media)
The Personal Data may also be created by the Company as part of providing the Services.
7.2 On what basis do we use your data?
Purpose | Details | Legal basis |
Cookies | Ensure the proper functioning of the application and continuously improve the solution. | Non-essential cookies require your consent via our cookie banner. Essential cookies (functionality, security) rely on the execution of the contract. Please see our cookie policy |
Making the Privize.io Platform available to Users | • Register Users • Host Content on the Platform • Verify age and certify Creators • Send you the necessary documents and information for using our services (for example in the context of Creator Certification) | Execution of our contracts (CGBU) based on whether you are a Buyer or a Creator) |
Moderate Content on the Platform | • Respond to reports from Buyers • Ensure the removal of illegal Content from the Platform • Prevent the sharing of contact information on the Platform | Compliance with our legal obligations, particularly with respect to the processing of notifications of illegal content reported on the Platform, in accordance with Article 6 of the LCEN and the Digital Services Act (DSA). Pursuit of our legitimate interest Fulfillment of our contractual commitments, as defined in our General Terms of Service and Use (GTSU) |
Ensure the cybersecurity of our IT services | Implement security measures to ensure the proper functioning of the information system (application and network) • Test the vulnerability of the information system against cyber threats | Our legal obligation to implement the necessary technical and organizational security measures to ensure the security of your data (Article 32 GDPR) |
Delete and archive data | Comply with our obligations regarding data archiving and purges. | Our legal obligation to delete your data when it is no longer relevant to retain it (Article 5 GDPR) |
Distributing funds to Creators | Transfer revenues to Creators' personal accounts Track the financial performance of an account Block funds during the validation period of corresponding transactions. | Execution of GTSU |
Promote Privize.io | Send you marketing messages that may interest you via email, SMS, or any other means of communication, in accordance with applicable legal provisions. • Promote the Platform's brand image on social media • Contact you on our networks | Our legitimate interest in promoting the Creators present on the Platform and attracting new Users. You can unsubscribe from the mailing list at any time. |
Manage requests and controls from authorities | Ensure follow-up and response to requests from competent authorities (police, independent administrative authorities, etc.). | Our obligations arising from various applicable regulations (GDPR, consumer code, general tax code) |
Combat the leaks of Content from the Platform on the web | Process your requests related to detecting content leaks or illegal content | Our legitimate interest in ensuring that the exclusive Content hosted on the Platform is protected and lawful Execution of the CGV |
Article 8. What information do we collect and for how long
Processed data | Duration |
|---|---|
Identification data: first name, last name, address, phone, email, pseudonym, date of birth, biography, login token | Stored for the duration of the relationship + 5 years after its end |
Bank information | Stored for the duration necessary for payment + 5 years after its end |
Content of uploaded files (photos, videos) | Stored as long as the account is active, then deleted upon request or upon closure |
Transactional data (amounts, dates, withdrawals, etc.) | Stored for 10 years (accounting obligations) |
Device-related data (system, language, IP, etc.) | Stored for 6 months |
Consultation data on the application | Stored for 6 months to 1 year (analysis) |
Identification documents | Stored for 5 years after the end of the relationship |
Facial photograph (selfie) | Stored only for the duration of the verification, then deleted |
Warnings and sanctions | Stored for 5 years |
Private media from the personal Gallery | Deleted immediately after account deletion unless a media report occurs. Media ordered by a Buyer remain accessible until the defined period expires. |
Private media from the Creator | This data is stored for 2 years from the deletion of the Creator's account |
Identity document and facial photograph (KYC for Creators) | Stored only for the duration of the verification |
Login data (logs) | Stored for 6 months for security |
For Buyers: Email address, age verification selfie, device data (system, language) | Email: 5 years; selfie deleted after verification |
Inactive Creator account | Deleted after 5 years of inactivity |
Connection data | Deleted 12 months after collection |
Reports | Data retained for 6 years from the report (author and user) |
Media whose legality is contested | Archived for 1 year from their removal of access |
Handling of legal disputes | Stored as long as all appeal avenues are not exhausted |
Management of buyers' payments: Bank data, card number, billing data | Stored for 13 months from payment (evidence). Card numbers and security codes are not retained |
Distribution of earnings to Creators (Bank data, IBAN) | 18 months from the deletion of the Creator's account |
Marketing emails: Identification data, email address | 3 years from the last contact. Unsubscription possible at any time |
Establish accounting: Order descriptions (amount, nature of the purchase…) | 10 years from the end of the financial year |
All hosted data | Stored until the deletion of the corresponding account or media |
Privize.io is committed to anonymizing, archiving, or deleting the personal data of the concerned individuals as soon as the purpose of processing and retention period are reached, except if prolonged retention is required to comply with its legal obligations, taking into account civil and commercial limitation periods.
Article 9. What data do we automatically recover?
When you browse the platform https://privize.io, certain information related to your browsing is automatically collected.
Among this connection data, we notably record your IP address, unique identifier, operating system and its location, the type of browser used, as well as the pages viewed.
This information is kept in our server logs to ensure the proper functioning and security of the service.
We also invite you to consult our cookie policy, which details the cookies and other trackers used by Privize.io
Article 10. Transfers of private media outside the European Union
All media and personal data processed by Privize.io are stored and distributed from servers located in the European Union. The content is served via a network of secure servers (Points of Presence) to ensure speed, security, and compliance with the GDPR.
Privize.io remains the data controller and implements all necessary measures to protect your personal information.
The Private Media attracted by Privize.io may be transferred outside the European Union. These transfers are intended for processing by a moderation system aimed at preventing the import of illegal content.
In this context, Privize.io ensures that its subcontractors implement appropriate legal, technical, and organizational measures to frame any transfer of personal data, particularly through the application of contractual clauses
Data transfers outside the European Union are thus governed by appropriate safeguards, compliant with GDPR. These safeguards can be consulted upon request at the address support@privize.io or by mail at Privize.io – 25 rue de Ponthieu, 75008 Paris.
Article 11. Rights
In accordance with the General Data Protection Regulation (GDPR), individuals concerned have several rights regarding their personal data, in particular:
Right of access: Any concerned person may request to know the personal data that Privize.io holds about them and obtain a copy of this data.
Right to withdraw consent: Any person who has given consent to a processing activity may withdraw it at any time, without affecting the lawfulness of the processing carried out before this withdrawal.
Right to rectification and erasure: Individuals concerned may request the correction of inaccurate or outdated data concerning them, as well as their deletion, subject to legal retention obligations.
Right to data portability: Individuals concerned may request that their personal data be transferred to another data controller in a structured, commonly used, and machine-readable format when technically feasible.
Right to object and restrict processing: Individuals concerned may object to the processing of their data or request its restriction, to the extent possible, subject to compelling legitimate grounds of Privize.io, such as legal obligations regarding anti-money laundering and combating terrorism financing.
Right to set post-mortem directives: Any person may define, with Privize.io, directives regarding the fate of their personal data after their death, particularly concerning their communication to third parties.
Right to file a complaint: Any concerned person may notify the CNIL or any other competent data protection authority if they believe that Privize.io has not fulfilled its obligations, with information on the complaint procedure available on the CNIL website.
Article 12. Who are the recipients of your data?
Subject to the User's consent during registration on the Platform, the Company may entrust all or part of the execution of the Services to subcontractors, in compliance with the applicable legal provisions.
Any authorized subcontractor shall process Personal Data on behalf of the Company, solely within the framework of the execution of the Services, in accordance with the contractual conditions established with the Company, and without being able to deviate from the provisions of this Privacy Policy.
The Company commits to ensuring that the subcontractor:
Processes Personal Data solely within the specific purposes for which subcontracting has been entrusted;
Strictly complies with the instructions given by the Company regarding the processing of Personal Data;
Ensures the confidentiality and security of the Personal Data processed;
Receives the necessary training regarding the protection of Personal Data;
Integrates, into its tools, products, applications, or services, the principles of protection of Personal Data by design (privacy by design) and by default (privacy by default);
Immediately informs the Company if it believes that an instruction constitutes a violation of the General Data Protection Regulation (GDPR) or any other applicable legal provision at the European or national level concerning the protection of Personal Data.
Access to your data is strictly reserved for the authorized persons mentioned below, and only as necessary:
Other users of the platform;
Authorized personnel of Privize.io;
Providers responsible for the management and hosting of the platform and IT system of Privize.io;
Providers responsible for customer relationship management and content moderation;
Providers handling payment processing;
Judicial authorities, mediators, accountants, statutory auditors, lawyers, bailiffs, collection companies, and law enforcement agencies in case of judicial requisition;
Third parties placing cookies on your devices, only with your consent.
Your data is not communicated to any other third parties than those mentioned above. They will not be exchanged, sold, or rented.
Article 13. Security
The processing of Personal Data is carried out both on paper and electronically, through various operations such as collection, recording, organization, storage, consultation, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data.
The Company is committed to ensuring a rigorous and appropriate protection of Personal Data, taking all necessary measures to guarantee their security and confidentiality.
It notably aims to prevent any alteration, loss, unauthorized access, or disclosure to unauthorized third parties.
Personal Data is protected to minimize the risks of accidental destruction, loss, unauthorized access or use, as well as any exploitation incompatible with the initial purposes of processing.
In the event of a violation affecting Personal Data, the Company commits to notify the CNIL within a maximum period of 72 hours from the moment it becomes aware of the incident.
Furthermore, if this violation presents a high risk to the rights and freedoms of affected individuals, the Company will directly inform the affected User via email within one month.
Privize.io maintains a record of processing activities and conducts a DPIA for high-risk processing, in accordance with Articles 30 and 35 GDPR
Article 14. Support
For any questions regarding the processing of their personal data or to exercise their rights under the General Data Protection Regulation (GDPR), individuals concerned can contact Privize.io via the following means:
By email at: support@privize.io
By postal mail at: 25 rue de Ponthieu, 75008 Paris
It is important to specify that exercising these rights is subject to certain limits prescribed by the regulations. Privize.io thus reserves the right not to respond to manifestly unfounded or excessive requests.
In order to ensure efficient processing of requests, the following conditions apply:
Identification: Any person must prove their identity and provide a valid contact address.
Processing times: Requests will be processed within a reasonable time, taking into account their complexity, the volume of requests received, as well as GDPR requirements.
Failure to comply with these conditions may result in the refusal of request processing.
Article 15. Changes to our Privacy Policy
Privize.io regularly adjusts its privacy policy to adapt to changes in the platform as well as new legal requirements regarding personal data protection.
When major changes occur, users will be notified at least 15 days before they take effect, by email or via a notification visible on the platform.
Did you not find what you were looking for? Contact us now, we are here to help you!