Privacy Policy

1.1 Overview: This Privacy Policy describes how Rusaka Technologies Private Limited ("Company", "we", "us", "our") collects, uses, processes, stores, retains, shares, and protects personal data in connection with the operation of the Platform. 1.2 Legal Status: The Company acts as a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (DPDP Act) in relation to personal data collected and processed through the Platform. 1.3 Intermediary Nature: The Platform operates as a digital intermediary facilitating user-generated content and interactions. The Company does not assume the role of publisher of user-generated content and processes personal data primarily for operational, compliance, and security purposes. 1.4 Adult-Only Platform: The Platform is strictly intended for individuals aged eighteen (18) years and above. Access by minors is prohibited. 1.5 Binding Nature: By accessing or using the Platform, Users acknowledge that they have read and understood this Privacy Policy and agree to the processing of their personal data in accordance with its terms.

2.1 Applicability: This Privacy Policy applies to all Users of the Platform, including Creators, Subscribers, visitors, and individuals interacting with Platform services. 2.2 Covered Activities: The Policy governs personal data collected during account registration, identity verification, payment processing, content interaction, grievance submission, and communication within the Platform. 2.3 Territorial Scope: The Platform is operated from India and is governed by Indian law. However, this Policy applies to all Users regardless of geographic location. 2.4 Integration with Terms: This Privacy Policy forms an integral part of the Platform’s Terms of Service and should be read in conjunction with those Terms. 2.5 Consent by Use: By accessing or continuing to use the Platform, Users provide consent for the collection and processing of personal data as described herein.

3.1 Identification Data: Includes full name, date of birth, profile username, display name, government-issued identification documents submitted for age verification, Permanent Account Number (PAN) where required for payout compliance, and any other information voluntarily provided in profile settings. 3.2 Contact Data: Includes email address, phone number (if voluntarily provided), notification preferences, and communication settings necessary for account administration and security alerts. 3.3 Verification Data: Includes identity documents, selfies or verification images (where applicable), age verification confirmations, and other compliance-related documentation submitted by Creators for identity validation. 3.4 Financial Data: Includes payment transaction identifiers, subscription records, payout logs, billing metadata, and chargeback information. The Company does not store full debit or credit card numbers; such data is processed directly by certified third-party payment processors. 3.5 Technical Data: Includes IP address, device identifiers, browser type, operating system, access timestamps, session identifiers, security logs, and system interaction records collected automatically for security and analytics purposes. 3.6 Usage Data: Includes content engagement metrics, subscription history, platform navigation patterns, interaction timestamps, and behavioural analytics used for fraud detection and performance optimization. 3.7 Communication Data: Includes messages exchanged through Platform features, customer support correspondence, grievance submissions, and moderation-related records, subject to lawful review and compliance monitoring. 3.8 Compliance Data: Includes records maintained for regulatory compliance such as grievance logs, moderation actions, and account suspension history.

4.1 Consent-Based Processing: Personal data is processed based on explicit, informed, and affirmative consent obtained during account registration or data submission. 4.2 Contractual Necessity: Processing is necessary for performance of contractual obligations between the User and the Company, including account management, payment facilitation, and access to Platform services. 4.3 Legal Obligations: Processing may be necessary to comply with statutory obligations under the Digital Personal Data Protection Act, 2023, Information Technology Act, 2000, anti-money laundering laws, tax regulations, and other applicable Indian laws. 4.4 Legitimate Interests: Processing may occur for legitimate business interests including fraud prevention, cybersecurity, enforcement of Terms, dispute resolution, prevention of unlawful activity, and protection of rights and safety of Users and the Platform. 4.5 Lawful Exemptions: In circumstances permitted under applicable law, personal data may be processed without consent where required for compliance with legal duties or prevention of crime.

5.1 Account Creation and Authentication: To establish and manage User accounts, verify credentials, and maintain secure access controls. 5.2 Age Verification: To ensure compliance with adult-only access restrictions and prevent access by minors. 5.3 Subscription and Payment Facilitation: To process subscriptions, manage payouts to Creators, and maintain transaction records. 5.4 Platform Security: To detect fraud, unauthorized access, suspicious activity, and violations of Terms. 5.5 Regulatory Compliance: To comply with statutory obligations, respond to lawful government requests, and maintain required records. 5.6 Grievance Handling: To investigate and resolve complaints, disputes, and user grievances. 5.7 Enforcement of Terms: To enforce Platform policies, conduct moderation, and mitigate legal risks. 5.8 Prevention of Unlawful Activity: To identify and prevent trafficking, exploitation, fraud, impersonation, or other unlawful conduct. 5.9 Service Improvement: To analyze aggregated usage patterns for platform performance optimization and user experience enhancement.

6.1 Purpose-Specific Collection: The Company collects personal data strictly for specific, lawful, and clearly disclosed purposes necessary to operate the Platform, provide services, ensure regulatory compliance, prevent fraud, maintain security, and enforce the Terms of Service. 6.2 Data Minimization Principle: The Company limits the collection of personal data to what is reasonably necessary and proportionate for the intended purpose. The Company does not intentionally collect excessive, unrelated, or unnecessary personal information. 6.3 Compatibility of Processing: Personal data shall not be processed for purposes incompatible with those disclosed at the time of collection, unless additional consent is obtained or such processing is required under applicable law. 6.4 Functional Necessity: Certain categories of personal data, including age verification documents and payment-related metadata, are necessary to comply with legal obligations applicable to adult-only platforms operating in India. 6.5 Restricted Use: Personal data shall not be used for unrelated profiling, resale, or commercial exploitation outside the scope of Platform functionality and lawful business operations. 6.6 Periodic Review: The Company may periodically review data collection practices to ensure continued alignment with the principle of minimization and purpose limitation under applicable law.

7.1 Informed Consent: Users provide explicit, informed, and affirmative consent at the time of account registration and data submission. Consent is obtained through clear disclosures and acknowledgment mechanisms. 7.2 Granular Consent Where Applicable: Where specific processing activities require separate consent under applicable law, such consent shall be obtained distinctly from general acceptance of Terms. 7.3 Withdrawal of Consent: Users may withdraw consent for processing personal data where legally permissible. Withdrawal requests may be submitted through the grievance mechanism or account settings. 7.4 Effect of Withdrawal: Withdrawal of consent shall not affect the lawfulness of processing carried out prior to withdrawal. However, certain withdrawals may result in suspension, limitation, or termination of access to the Platform where such data is essential for lawful operation. 7.5 Record of Consent: The Company may maintain verifiable records of user consent to demonstrate compliance with statutory obligations. 7.6 Consent Not Required Where Exempted: In circumstances permitted under the Digital Personal Data Protection Act, 2023, processing may occur without consent where required for compliance with legal obligations, enforcement of law, prevention of fraud, or other legally recognized purposes.

8.1 Adult-Only Platform: The Platform is strictly limited to individuals aged eighteen (18) years and above. The Company does not knowingly allow registration, access, or participation by minors. 8.2 Age Verification Controls: The Company may implement age verification mechanisms, including identity document verification, to prevent access by minors. 8.3 No Knowing Collection of Minor Data: The Company does not knowingly collect, process, store, or profile personal data of individuals under the age of eighteen (18). 8.4 Detection and Deletion: If the Company becomes aware that personal data of a minor has been collected, such data shall be deleted within a reasonable timeframe, and the associated account shall be terminated. 8.5 Reporting Obligations: Where minor-related content or data indicates potential exploitation or unlawful activity, the Company may preserve evidence and cooperate with competent authorities as required under Indian law. 8.6 Parental Consent Not Applicable: As the Platform is not intended for minors, the Company does not seek parental consent mechanisms and prohibits use by individuals below eighteen (18) years.

9.1 General Retention: Personal data shall be retained only for as long as necessary to fulfill the purposes for which it was collected, including service provision, compliance, security, dispute resolution, and enforcement of legal rights. 9.2 Contractual Retention: Data associated with active user accounts shall be retained for the duration of the account’s existence and for a reasonable period thereafter to address disputes, chargebacks, fraud detection, and regulatory requirements. 9.3 Regulatory Retention: Grievance records, moderation logs, identity verification documents, and transaction records may be retained for at least one hundred eighty (180) days or longer where required under the Information Technology Act, 2000, IT Rules, 2021, anti-money laundering obligations, or other applicable law. 9.4 Investigation Retention: Where personal data is subject to regulatory inquiry, court proceedings, law enforcement investigation, or preservation requests, such data may be retained until final resolution of the matter, notwithstanding general retention timelines. 9.5 Secure Deletion: Upon expiry of retention periods, personal data shall be securely deleted, anonymized, or de-identified where feasible and consistent with statutory obligations. 9.6 Residual Copies: Users acknowledge that residual backup copies may persist for limited periods due to technical storage architecture, provided such data remains protected and inaccessible for active use. 9.7 Retention Review: The Company may periodically review retention practices to ensure compliance with applicable Indian law and evolving regulatory standards.

10.1 Technical Safeguards: The Company implements reasonable technical safeguards designed to protect personal data against unauthorized access, misuse, alteration, disclosure, or destruction. Such safeguards may include encryption of data in transit using secure communication protocols, encryption of data at rest where reasonably applicable, secure server infrastructure, firewall protection, and intrusion detection systems. 10.2 Access Controls: Access to personal data is restricted on a role-based and need-to-know basis. Employees and authorized personnel are granted access only to the extent necessary for performance of their duties. 10.3 Authentication Mechanisms: The Platform uses authentication systems including password protection, multi-factor authentication (where applicable), session management controls, and device monitoring to prevent unauthorized access. 10.4 Logging and Monitoring: The Company maintains logging and monitoring systems to detect suspicious activities, unauthorized access attempts, unusual account behavior, and potential security threats. 10.5 Organizational Safeguards: Employees and contractors are subject to confidentiality obligations and internal data protection policies. Access to sensitive systems is governed by internal approval and audit procedures. 10.6 Vendor Security Due Diligence: Third-party service providers with access to personal data are subject to contractual confidentiality and data protection obligations. 10.7 Periodic Review: Security controls may be reviewed and updated periodically to address evolving cybersecurity risks and regulatory requirements. 10.8 Limitation: While reasonable safeguards are implemented, no digital system can guarantee absolute security. The Company shall not be liable for breaches beyond its reasonable control, subject to compliance with applicable law.

11.1 Service Providers: The Company may share personal data with trusted third-party service providers strictly for operational purposes, including payment processors, cloud hosting providers, identity verification vendors, fraud detection services, cybersecurity providers, analytics platforms, and customer support tools. Such service providers are bound by contractual obligations requiring confidentiality, security safeguards, and processing only in accordance with Company instructions. 11.2 Legal Disclosure: Personal data may be disclosed to courts, law enforcement agencies, regulatory authorities, or governmental bodies pursuant to lawful requests, court orders, statutory directives, or where disclosure is necessary to comply with applicable law or prevent imminent harm. 11.3 Business Transfers: In the event of a merger, acquisition, restructuring, or asset transfer, personal data may be transferred as part of such transaction, subject to continuation of equivalent data protection safeguards. 11.4 Protection of Rights: Personal data may be disclosed where necessary to enforce the Terms of Service, investigate fraud, prevent unlawful activity, or protect the rights, property, or safety of the Company, Users, or the public. 11.5 No Sale of Data: The Company does not sell personal data to third parties for commercial profiling, advertising resale, or unrelated marketing purposes.

12.1 Data Storage Locations: Personal data may be stored or processed on servers located within India or in jurisdictions outside India where cloud infrastructure or service providers operate. 12.2 Legal Basis for Transfer: Cross-border data transfers shall occur only where permitted under the Digital Personal Data Protection Act, 2023 and applicable government notifications specifying permissible jurisdictions. 12.3 Safeguards: Where personal data is transferred outside India, the Company shall implement appropriate contractual, technical, and organizational safeguards to ensure that the data receives a level of protection consistent with applicable Indian law. 12.4 Regulatory Compliance: The Company shall comply with any future restrictions, government notifications, or regulatory guidance issued under Indian law regarding cross-border data transfers. 12.5 User Acknowledgment: By using the Platform, Users acknowledge that their personal data may be transferred to and processed in jurisdictions outside India in accordance with this Policy.

13.1 Right of Access: Users have the right to request confirmation of whether their personal data is being processed and to obtain access to such data, subject to lawful limitations. 13.2 Right to Correction: Users have the right to request correction of inaccurate or misleading personal data and completion of incomplete personal data. 13.3 Right to Erasure: Users may request erasure of personal data where such data is no longer necessary for the purpose for which it was collected, where consent has been withdrawn, or where erasure is required under applicable law, subject to statutory retention obligations. 13.4 Right to Withdraw Consent: Users may withdraw previously granted consent for processing of personal data. Withdrawal of consent shall not affect the lawfulness of processing conducted prior to such withdrawal but may affect continued access to the Platform. 13.5 Right to Grievance Redressal: Users have the right to raise grievances regarding personal data processing with the designated Grievance Officer. Complaints shall be addressed within timelines prescribed under applicable law. 13.6 Right to Nominate: Users may nominate another individual to exercise their data rights in the event of death or incapacity, subject to verification procedures and applicable law. 13.7 Limitations on Rights: Certain rights may be subject to limitations where data retention is required for compliance with statutory obligations, regulatory directives, prevention of fraud, or ongoing investigations.

14.1 Use of Automated Systems: The Platform may deploy automated technologies, including artificial intelligence (AI), machine learning algorithms, hash-matching systems, behavioural analytics, and keyword detection tools, to assist in identifying potentially unlawful, harmful, or policy-violating content. 14.2 Purpose of Automation: Automated systems are used for risk assessment, fraud detection, identity verification support, content flagging, spam prevention, and regulatory compliance monitoring. 14.3 Human Oversight: Automated systems do not independently impose legal penalties. Any material enforcement action, including account suspension or content removal, may be subject to human review, particularly where required under applicable law. 14.4 No Solely Automated Legal Decisions: The Platform does not engage in fully automated decision-making that produces legal consequences without reasonable oversight, except where necessary for immediate security, fraud prevention, or compliance risk mitigation. 14.5 Accuracy Limitation: Users acknowledge that automated systems may generate false positives or false negatives. The Company shall act in good faith to review disputed actions through its grievance redressal mechanism. 14.6 Security and Compliance Basis: Automated processing may be conducted where necessary to ensure compliance with statutory obligations, prevent harm, or detect illegal activity under Indian law.

15.1 Use of Cookies: The Platform uses cookies, session tokens, and similar tracking technologies to enable core functionality, secure user sessions, remember preferences, and improve performance. 15.2 Types of Cookies: Cookies may include essential cookies (required for authentication and security), performance cookies (to analyze usage patterns), and functional cookies (to store user preferences). 15.3 Analytics Tools: The Platform may use privacy-compliant analytics tools to assess aggregate user behaviour and improve user experience. Such analytics data is processed in anonymized or pseudonymized form where reasonably possible. 15.4 No Third-Party Advertising Profiling: The Company does not sell user data to advertising networks. Targeted advertising, if any, shall be conducted in compliance with applicable data protection laws. 15.5 User Control: Users may manage cookie settings through browser controls. Disabling certain cookies may affect Platform functionality. 15.6 Security Purpose: Cookies and device identifiers may also be used to detect fraud, unauthorized access, suspicious login attempts, and other security threats.

16.1 Definition of Breach: A personal data breach refers to unauthorized access, disclosure, alteration, loss, or destruction of personal data that compromises confidentiality, integrity, or availability. 16.2 Internal Incident Response: Upon detection of a suspected breach, the Company shall initiate an internal incident response process, including containment, forensic assessment, and risk evaluation. 16.3 Notification Timeline: In the event of a confirmed personal data breach that is likely to cause harm to Users, the Company shall notify affected Users and relevant authorities within seventy-two (72) hours or within such timeframe as prescribed under the Digital Personal Data Protection Act, 2023 or other applicable law. 16.4 Nature of Notification: Notifications may include details regarding the nature of the breach, categories of affected data, potential risks, mitigation steps taken, and recommended actions for Users. 16.5 Regulatory Reporting: Where required, the Company shall report the breach to competent regulatory authorities in accordance with statutory obligations. 16.6 Documentation: All breach incidents shall be documented internally for audit and compliance purposes.

17.1 Lawful Disclosure: The Company may preserve and disclose personal data pursuant to lawful court orders, governmental directives, or statutory obligations under Indian law. 17.2 Preservation of Evidence: Where required, the Company may retain specific user data and metadata to prevent destruction of evidence relevant to investigations. 17.3 Emergency Disclosure: In cases involving sexual content involving minors, trafficking, threats to life, terrorism, or other serious offences, the Company may take expedited action consistent with legal obligations. 17.4 No User Notification Where Restricted: Where disclosure is subject to confidentiality restrictions under law, the Company may be prohibited from notifying affected Users. 17.5 Good Faith Compliance: Any disclosure made in good faith pursuant to lawful authority shall not constitute a breach of this Privacy Policy.

18.1 Reasonable Safeguards: The Company implements reasonable technical and organizational security measures designed to protect personal data against unauthorized access, misuse, alteration, or disclosure. 18.2 Inherent Internet Risk: Users acknowledge that transmission of data over the internet involves inherent security risks beyond the Company’s direct control. 18.3 No Absolute Guarantee: While the Company applies industry-standard safeguards, no digital system can guarantee absolute security. 18.4 Force Majeure and External Threats: The Company shall not be liable for data incidents arising from force majeure events, state-sponsored cyberattacks, third-party infrastructure failures, or circumstances beyond reasonable control, provided statutory obligations have been met. 18.5 User Responsibility: Users are responsible for maintaining the confidentiality of login credentials and safeguarding access to their devices.

19.1 Designated Officer: A designated Grievance Officer has been appointed in compliance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the Digital Personal Data Protection Act, 2023. 19.2 Contact Details: The name, email address, and official contact information of the Grievance Officer are published on the Platform. 19.3 Complaint Submission: Users may submit privacy-related grievances including requests for access, correction, erasure, or withdrawal of consent. 19.4 Acknowledgment Timeline: Complaints shall be acknowledged within twenty-four (24) hours. 19.5 Resolution Timeline: Privacy-related grievances shall be addressed within fifteen (15) days or within such timeline prescribed under applicable law. 19.6 Escalation: Users may escalate unresolved grievances to appropriate regulatory authorities in accordance with law.

20.1 Right to Update: The Company reserves the right to amend this Privacy Policy to reflect changes in law, regulatory requirements, technical safeguards, or operational practices. 20.2 Notice of Material Changes: Users shall be notified of material changes at least seven (7) days prior to implementation, except where immediate changes are required for legal compliance. 20.3 Continued Use: Continued use of the Platform after the effective date of an updated Privacy Policy constitutes acceptance of such changes. 20.4 Version Control: The latest version of this Privacy Policy shall be made available on the Platform with an updated effective date.

21.1 Applicable Law: This Privacy Policy shall be governed by and construed in accordance with the laws of India. 21.2 Jurisdiction: Subject to applicable statutory authority, disputes relating to this Privacy Policy shall be subject to the jurisdiction specified in the Terms of Service. 21.3 Regulatory Oversight: Nothing in this Policy limits the powers of statutory authorities under applicable Indian law.