Privacy Policy
Last Updated: 9 January 2026
1. Introduction
Luca Wild ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), and other applicable data protection laws. We are registered with the Information Commissioner's Office (ICO) as a data controller.
2. Data Controller Information
The data controller responsible for your personal data is:
Luca Wild
Email: privacy@lucawild.xenginex.com
Data Protection Officer (DPO): dpo@lucawild.xenginex.com
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.
3. Personal Data We Collect
We collect and process the following categories of personal data:
Account Information:
- Email address (required for account creation)
- Name (optional)
- Password (stored securely using bcrypt hashing)
Identity Verification Data (for content creators):
- Full legal name
- Date of birth
- Government-issued ID (passport, driver's licence, national ID)
- Residential address
- Photographs/selfies for identity matching
Technical Data:
- IP address
- Browser type and version
- Device information
- Access times and pages viewed
Consent Records:
- Records of all consents you provide
- Timestamps of consent actions
4. Lawful Basis for Processing
Under UK GDPR Article 6, we process your personal data based on the following lawful bases:
Contract (Article 6(1)(b)):
- Processing necessary to provide our services to you
- Account management and authentication
Legal Obligation (Article 6(1)(c)):
- Age verification under UK Online Safety Act 2023
- Record keeping under 18 U.S.C. § 2257
- Responding to law enforcement requests
Legitimate Interests (Article 6(1)(f)):
- Security and fraud prevention
- Service improvement and analytics
- Direct marketing (with opt-out available)
Consent (Article 6(1)(a)):
- Marketing communications
- Non-essential cookies
- Processing special category data where required
5. Special Category Data
We process special category data (adult content, biometric data for ID verification) only with your explicit consent under UK GDPR Article 9(2)(a). You may withdraw consent at any time, though this may affect your ability to use certain services.
6. Data Retention
We retain your personal data according to the following schedule:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Duration of account + 6 years | Legal requirement |
| 2257 records | 7 years after content removal | US federal law |
| Age verification | 7 years after last access | UK OSA compliance |
| Consent records | 7 years | GDPR accountability |
| Server logs | 90 days | Security |
| Marketing preferences | Until withdrawn | Consent-based |
After these periods, data is securely deleted or anonymised.
7. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
Right of Access (Article 15): Request a copy of your personal data.
Right to Rectification (Article 16): Request correction of inaccurate data.
Right to Erasure (Article 17): Request deletion of your data ('right to be forgotten'), subject to legal retention requirements.
Right to Restrict Processing (Article 18): Request limitation of processing in certain circumstances.
Right to Data Portability (Article 20): Receive your data in a machine-readable format.
Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing.
Rights Related to Automated Decisions (Article 22): Not be subject to solely automated decisions with legal effects.
To exercise these rights, contact us at privacy@lucawild.xenginex.com. We will respond within 30 days.
8. Data Sharing and Transfers
We may share your data with:
Service Providers:
- Cloud hosting (Vercel, Neon PostgreSQL)
- Email services (SMTP provider)
- Age verification (manual review / Veriff API)
Legal Requirements:
- Law enforcement when legally required
- Regulatory bodies (ICO, Ofcom)
International Transfers:
Where data is transferred outside the UK, we ensure appropriate safeguards including:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions
- Binding Corporate Rules where applicable
We do not sell your personal data to third parties.
9. Data Security
We implement appropriate technical and organisational measures to protect your data:
- Encryption in transit (TLS 1.3) and at rest
- Secure password hashing (bcrypt)
- Regular security assessments
- Access controls and audit logging
- Staff training on data protection
- Incident response procedures
In the event of a data breach that poses a high risk to your rights, we will notify you and the ICO within 72 hours.
11. Children's Privacy
Our services are strictly for adults aged 18 and over. We do not knowingly collect data from anyone under 18. If we discover we have collected data from a minor, we will delete it immediately and report to appropriate authorities if required.
12. Changes to This Policy
We may update this Privacy Policy to reflect changes in law or our practices. Material changes will be notified via email or prominent website notice. We recommend reviewing this policy periodically.
13. Contact Us
For any privacy-related queries or to exercise your rights:
Email: privacy@lucawild.xenginex.com
DPO: dpo@lucawild.xenginex.com
Supervisory Authority:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
www.ico.org.uk