Controller identity and scope

This Privacy Policy explains how NOQ SRL (“the Company”, “we”, “us” or “our”) processes personal data in connection with the Website, the services offered through it, subscription management, customer support, billing support, security operations, complaint handling, content moderation and creator onboarding.

For the purposes of applicable data protection law, the Company acts as the data controller in relation to the personal data described in this Policy, except where the Company expressly states that a different role applies in a specific processing context.

Categories of data processed

We may process identification and account data, contact data, transaction and subscription data, support communications, device and usage data, cookie and tracking data, security-related logs, complaint and report data, and any information provided in connection with creator onboarding, identity verification, age verification, consent verification and payout administration.

Where the platform offers user-generated content and live streaming functionality, we may also process metadata associated with uploads, streams, moderation actions, reports, enforcement actions and retained evidence necessary for legal compliance, platform safety and dispute handling.

Purposes and legal bases

We process personal data to create and manage accounts, provide access to the services, manage subscriptions and payments, deliver customer and billing support, maintain website and platform security, prevent fraud and abuse, enforce our contractual terms, moderate content, process complaints and takedown requests, verify performer identity and age where required, comply with legal obligations and defend legal claims.

Where required, we rely on performance of a contract, compliance with legal obligations, legitimate interests in maintaining a safe and secure platform and, for non-essential cookies or similar technologies, the user’s consent. Where consent is used, the user may withdraw it at any time with effect for the future.

Recipients, processors and infrastructure

We may share personal data with service providers acting on our behalf, including infrastructure, hosting, content delivery, customer support, security, payment, anti-fraud and verification providers, to the extent necessary for the purposes described in this Policy and under appropriate contractual safeguards.

Where the Website infrastructure involves providers such as Amazon Web Services or Aruba, those providers should be reflected in the final published version of this Policy consistently with the actual architecture and the data processing agreements in place. Their role will typically be that of service provider or processor, unless a different role is legally applicable in a specific service arrangement.

International transfers, retention and rights

Where personal data are transferred outside the jurisdiction from which they originate, we will implement the safeguards required by applicable law, which may include adequacy decisions, standard contractual clauses or other recognized transfer mechanisms.

We retain personal data only for as long as necessary for the purposes for which the data were collected, including to comply with legal, tax, accounting, safety, moderation, dispute and evidentiary obligations. Retention periods may vary depending on the processing activity and legal risk profile.

Subject to applicable law, data subjects may have the right to request access, rectification, erasure, restriction, portability and objection, and the right to lodge a complaint with a competent supervisory authority. Requests may be submitted to support@notonlyqueens.com.