Privacy Policy
Last updated: 26 April 2026
1. Data controller
Operated by Simpelweb, contact privacy@simpelweb.site. The Data Protection Officer (DPO) is reachable at dpo@simpelweb.site.
2. What personal data we process
2.1 Account data
Username, hashed password, account creation date, terms acceptance date. We do not request an email address or other identifying contact details.
2.2 Communication content
During sessions: video, audio, chat messages. This content is processed by automated safety systems and may be stored temporarily.
2.3 Technical data
IP address, user agent, activity timestamps, device information needed for WebRTC sessions.
3. Purposes of processing
- Service delivery: to operate the platform and enable sessions;
- Automated safety analysis: to detect and prevent abuse, illegal content and harmful behaviour. This includes:
- NSFW detection (nudity, sexual content)
- Age estimation (to protect minors)
- Toxicity detection in chat (bullying, hate, threats)
- Object detection (weapons, drug paraphernalia)
- Multi-frame aggregation and risk score computation
- Report follow-up: when a user reports abuse;
- Legal obligations: compliance with statutory retention and reporting duties.
4. Legal grounds (GDPR)
- Article 6(1)(b): performance of the contract (safe service delivery);
- Article 6(1)(c): legal obligation (e.g. DSA, child protection);
- Article 6(1)(f): legitimate interest (protecting users and third parties).
5. Recipients
- Internal moderation team (with stricter access controls for sensitive data);
- Specialised safety partners in case of serious violations (e.g. Child Focus);
- Competent authorities where legally required;
- No transfer to commercial third parties. No advertising networks.
6. Retention
| Category | Term |
|---|---|
| Account data | Until account deletion |
| Session recordings (full video) | Maximum 30 days |
| Frame snapshots (AI analysis) | Maximum 7 days |
| Highlight thumbnails (moderation evidence) | As long as needed for investigation |
| Quarantine (critical triggers, e.g. suspected CSAM) | Until legal clearance |
| Aggregate statistics (anonymous) | Indefinite |
| IP logs | 6 months |
7. Transfers outside the EU
None. All servers and processing take place within the European Economic Area.
8. Data subject rights
You have the right of access, rectification, erasure, restriction, objection and portability. Send requests to privacy@simpelweb.site; you will receive a response within 30 days.
9. Security
Hashed password storage (bcrypt), HTTPS/TLS for all connections, role-based access control, audit logging of admin actions, encryption-at-rest for sensitive data.
10. Right to complain
You always have the right to file a complaint with the Belgian Data Protection Authority: Drukpersstraat 35, 1000 Brussels — www.gegevensbeschermingsautoriteit.be.
11. Contact
Questions or requests: privacy@simpelweb.site. DPO: dpo@simpelweb.site.
12. Changes
This policy may change. Material changes will be communicated proactively.