Privacy Policy

Your Privacy and Data Protection Rights

Last Updated: October 27, 2025

GDPR Compliant
Your Privacy Matters
SarmasDolas is committed to protecting your privacy and personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
1. Data Controller

SarmasDolas is the data controller responsible for processing your personal data. For any questions or concerns regarding your personal data, you can contact us:

2. Data Collection
2.1 Types of Personal Data We Collect

We collect and process the following categories of personal data to provide our services:

Identity Information
  • • Full name
  • • Date of birth
  • • Identity document number
  • • Identity verification photos
Contact Information
  • • Email address
  • • Phone number
  • • Postal address
Technical Data
  • • IP address
  • • Browser type and version
  • • Device information
  • • Operating system
  • • Cookies and tracking data
Usage Data
  • • Pages visited
  • • Time spent on platform
  • • Click behavior
  • • Interaction patterns
  • • Search queries
Payment Information
  • • Payment method details
  • • Transaction history
  • • Billing information
  • • Purchase records
Content Data
  • • Uploaded videos and images
  • • Live stream recordings
  • • Chat messages
  • • Profile information
  • • User preferences
2.2 Automatic Data Collection

Some data is collected automatically when you use our services, including:

3. Purpose of Data Processing

We process your personal data for the following legitimate purposes:

To provide, maintain, improve, and personalize our platform services including live streaming, chat features, and content distribution.

To create, manage, and maintain your user account, including authentication and access control.

To process transactions, manage billing, prevent fraud, and handle refund requests through our payment partner CCBill.

To protect against fraud, abuse, security threats, and unauthorized access. To verify user identity and age compliance.

To analyze usage patterns, understand user behavior, and improve our services, features, and user experience.

To respond to your inquiries, provide customer support, send service updates, and communicate important information.

To comply with applicable laws, regulations, legal processes, and law enforcement requests. To maintain records as required by law.
Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):

  • Consent (Art. 6(1)(a) GDPR): When you have given explicit consent for specific processing activities
  • Contract Performance (Art. 6(1)(b) GDPR): To fulfill our contractual obligations to provide services to you
  • Legal Obligation (Art. 6(1)(c) GDPR): To comply with legal requirements and regulations
  • Legitimate Interests (Art. 6(1)(f) GDPR): For our legitimate business interests, carefully balanced against your rights and freedoms

Special Categories of Data: For any content involving adult material or special categories of personal data, we rely on explicit consent under Article 9(2)(a) GDPR with additional safeguards.

4. Data Sharing and Disclosure

We only share your personal data in the following circumstances:

Recipient Category Purpose
Payment Processors We share necessary payment information with CCBill to process transactions securely
Cloud Hosting Providers To host our platform infrastructure and store data securely
Analytics Services To analyze platform usage and improve services (anonymized where possible)
Customer Support Tools To provide efficient customer support and resolve issues
Legal Authorities When required by law, court order, or regulatory authority
Business Transfers In case of merger, acquisition, or sale of business assets

International Data Transfers: If we transfer your data outside the European Economic Area (EEA), we ensure adequate protection through:

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

Data Type Retention Period
Account Information Until account deletion or 3 years after last activity
Transaction Records 7 years (tax and accounting requirements)
Identity Verification Documents 7 years (legal compliance)
Content and Media Files Until deletion by user or account termination
Communication Records 2 years for customer service purposes
Technical Logs 12 months for security and analytics
Marketing Data Until consent withdrawn or 2 years of inactivity

After the retention period expires, we securely delete or anonymize your personal data unless longer retention is required by law.

6. Your Rights
Data Protection Rights Under GDPR

You have the following rights regarding your personal data:

Right Description
Right to Access Request a copy of the personal data we hold about you
Right to Rectification Request correction of inaccurate or incomplete data
Right to Erasure Request deletion of your personal data ("right to be forgotten")
Right to Restriction Request limitation of processing of your data
Right to Data Portability Receive your data in a structured, commonly used format
Right to Object Object to processing based on legitimate interests or direct marketing
Rights Related to Automated Decision-Making Not be subject to decisions based solely on automated processing
Right to Withdraw Consent Withdraw your consent at any time (where processing is based on consent)
How to Exercise Your Rights

To exercise any of these rights, please contact us at: [email protected]

We will respond to your request within 30 days. You may also lodge a complaint with your local data protection authority if you believe your rights have been violated.

7. Data Security
How We Protect Your Data

We implement comprehensive technical and organizational measures to protect your personal data:

Technical Security Measures
  • TLS/SSL encryption for data in transit
  • AES-256 encryption for data at rest
  • Secure authentication mechanisms (2FA available)
  • Regular security audits and penetration testing
  • Intrusion detection and prevention systems
  • Automated backup and disaster recovery
Organizational Security Measures
  • Strict access controls and least privilege principle
  • Regular employee training on data protection
  • Confidentiality agreements with all staff
  • Data protection impact assessments
  • Incident response procedures
  • Secure data disposal protocols
Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our platform:

Cookie Type Purpose Duration
Essential Required for basic website functionality and security Session / 1 year
Performance Analyze website usage and improve performance 1-2 years
Functional Remember your preferences and settings 1 year
Marketing Deliver personalized content and advertising 1-2 years

Managing Cookies: You can manage your cookie preferences through:

9. Policy Updates

We may update this privacy policy from time to time to reflect changes in our practices or applicable laws. When we make significant changes, we will:

We encourage you to review this privacy policy periodically to stay informed about how we protect your data.

10. Under 18 Privacy
Age Restriction

Our services are strictly for users aged 18 years and older. We do not knowingly collect personal data from individuals under 18. If we become aware that we have collected data from someone under 18, we will delete it immediately. If you believe we have collected data from a minor, please contact us at [email protected]

11. Contact Us
Privacy and Data Protection Inquiries

For questions about this privacy policy or to exercise your data protection rights:

General Privacy Inquiries:

[email protected]

Data Protection Officer:

[email protected]

Data Subject Requests:

[email protected]

Response Time: We will respond to all privacy-related inquiries within 30 days.