Privacy Policy

1. Introduction

KLS Digital Solutions Limited ("Company", "we", "us") is committed to protecting the privacy and personal data of all users of the SovereignChat platform ("Platform"). This Privacy Policy explains what data we collect, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

3. Data We Collect

3.1 Account Data

Email address, display name, encrypted password hash, account role (fan, creator, moderator), and account status. For Creators, we additionally collect stage name, biography, branding preferences, and payout details.

3.2 Age Verification Data

We use Yoti as our age verification provider. Yoti processes a facial scan or identity document to confirm you are 18 or older. SovereignChat receives only a verification receipt confirming the result and the document country. We do not receive, store, or have access to your biometric data, facial images, or identity document details. Yoti permanently deletes your biometric data immediately after the verification check.

3.3 Creator Identity Records

In compliance with applicable record-keeping laws, Creators are required to provide government-issued identification. We store: legal name, date of birth, performer aliases, identification document type, a cryptographic hash of the document number (not the number itself), and the document country. This data is stored securely and retained for the legally required period.

3.4 Transaction Data

Records of credit purchases, tips, subscriptions, pay-per-view transactions, and payout history. All transactions are recorded with a timestamp, amount, type, and associated parties. We do not store full credit card numbers — payment processing is handled by our third-party processor (CCBill).

3.5 Technical Data

IP address (used for geoblocking, fraud detection, and security), device type, browser type, and session data. IP geolocation data is used for analytics and creator-configured geoblocking features.

3.6 Communication Data

Messages sent in public (unencrypted) rooms are stored on our servers. Messages sent in end-to-end encrypted rooms are encrypted on the sender's device and can only be decrypted by intended recipients. We cannot access the content of end-to-end encrypted messages unless a specific message is reported by a participant using the in-app reporting function.

4. How We Use Your Data

We process your personal data for the following purposes:

• Providing and operating the Platform
• Verifying your age and identity as required by law
• Processing payments and managing creator payouts
• Preventing fraud, abuse, and illegal activity
• Complying with legal obligations (UK Online Safety Act, record-keeping laws)
• Communicating with you about your account and our services
• Enforcing our Terms of Service and Acceptable Use Policy

5. Legal Basis for Processing

We process your data under the following legal bases: performance of a contract (providing the service you signed up for), legal obligation (age verification, record-keeping, law enforcement cooperation), legitimate interests (fraud prevention, platform security, service improvement), and consent (where specifically requested).

6. Data Sharing

We share personal data only with the following categories of third parties, and only to the extent necessary:

• Yoti — age verification processing
• CCBill / NOWPayments — payment processing
• Paxum — creator payout processing
• Law enforcement — where required by valid legal process

We do not sell your personal data to any third party. We do not share your data with advertisers.

7. Data Retention

• Account data: Retained while your account is active, deleted within 30 days of account closure
• Creator identity records: Retained for 7 years from last activity (legal requirement)
• Transaction records: Retained for 6 years (UK tax and accounting requirements)
• Age verification receipts: Retained for 6 years
• Encrypted messages: Deleted when the associated room is deleted
• Public messages: Deleted when the associated room is deleted or upon request

8. Your Rights

Under the UK GDPR, you have the following rights:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate data
• Right to erasure — request deletion of your data (subject to legal retention requirements)
• Right to restrict processing — request limitation of how we use your data
• Right to data portability — receive your data in a machine-readable format
• Right to object — object to processing based on legitimate interests

To exercise any of these rights, contact privacy@sovereignchat.uk. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your data, including: encryption in transit (TLS) and at rest, end-to-end encryption for private communications, access controls and role-based permissions, regular security updates and monitoring, and encrypted off-site backups.

10. International Transfers

Our servers are located in the European Economic Area (Netherlands). Where data is transferred outside the EEA (for example, to payment processors), we ensure appropriate safeguards are in place as required by UK GDPR.

11. Cookies

The Platform uses essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 14 days before taking effect.

13. Complaints

If you have concerns about how we handle your data, please contact privacy@sovereignchat.uk. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.