Privacy Policy

Contents

1. Who we are and how to contact us
2. The information we hold
3. How we use your information
4. Where your information comes from
5. What we will never do with your data
6. How we protect your data
7. How long we keep your data
8. Third parties and legal disclosures
9. Cookies
10. Your rights
11. International users
12. Children
13. Changes to this policy

1. Who we are and how to contact us

ALTLFE Ltd is the data controller for the personal information described in this policy.

1. Company: ALTLFE Ltd, registered in England and Wales, company number 12625919
2. Registered address: ALTLFE Ltd, 483 Green Lanes, London, England, N13 4BS
3. Privacy contact: privacy@altlfe.com
4. Data Protection Officer: Chanoch Wiggers, Company Director

You can also raise a concern with the UK Information Commissioner's Office at ico.org.uk.

2. The information we hold

We collect different categories of information at different points. The lawful basis on which we process each category is set out in Section 3.

2a. Account data

The information needed to create and maintain your account: email address, date of birth, country of residence, account preferences, and security data.

2b. Profile data

The information you choose to add to one or more profiles within your account: display name, photos, biography, dynamic and relationship information, location to the level you have chosen to share, interests, and any other content you elect to share. This may include special category data — for example, information about your sexuality, your relationship structure, or your health — where you choose to disclose it.

You control what you share and with whom. You may maintain multiple profiles within your account to reflect different aspects of your life and dynamics. Each profile is subject to the same privacy controls and standards.

2b-bis. Business profile data (feature pending launch)

Where you choose to create a business profile within your account, the business profile holds a separate set of information: the business name, description, services, location, contact details, opening hours, imagery, posts and updates, follower lists, and any other information appropriate to a public-facing business presence. We will also hold information collected at the point we verify the business — for example, registered company details, sole-trader confirmation, or evidence of the relationship between you and the business. Business profile content is treated as public-facing by default; the underlying account remains your personal account and the personal data within it remains subject to the rest of this policy.

2c. Verification data

The information needed to confirm you are a real, present, age-eligible person.

1. Live identity check: During registration you complete a live identity check that confirms you are a real, present individual. The recording is not retained beyond the check itself. A small set of reference frames is kept for the duration of your membership so our internal team can confirm photos you upload later are genuinely of you. Reference frames are accessible only to our internal team and are permanently deleted on account closure.
2. Age check: As part of the live identity check we assess apparent age. If your apparent age suggests you may be under 25, our Challenge 25 process is triggered.
3. Challenge 25 — identity document: If Challenge 25 is triggered, you submit a single image of yourself holding a government-issued photo identity document. This is used solely to confirm you meet the minimum age requirement of 18. It is permanently and automatically deleted from our systems immediately upon completion of the check, regardless of outcome. It is not stored, indexed or retained in any form.
4. Private message photo: If you choose to enable a private message photo, that image must be a face photo of you. Our internal team checks it against the reference frames from your live identity check. This is an identity feature, not an intimate-image feature. You control who can see it and on what terms.

2d. Content data

Anything you upload or create on the platform: posts, comments, photos, reviews, and the categorisation you apply to your photos.

2e. Preference and settings data

Your filter and visibility preferences, including your account-level content preference, your NSFW filter state, and the per-thread permissions you set in private conversations. These preferences govern what you see and what others can send you.

2e-bis. Follow and feed data (feature pending launch)

Where the business profile feature is available, the businesses you choose to follow and the resulting feed activity. Following a business is opt-in, can be revoked at any time, and is the basis on which business updates appear in your personal feed.

2f. Behavioural data

Limited interaction data needed to operate the platform — for example, when you last logged in, which features you have used, and reports you have made or received.

2g. Communication data

Messages between you and us (support, complaints, appeals, and so on).

2h. Technical data

Data automatically collected when you use the platform: IP address, session data, device type, browser type. We use this for security, fraud prevention and to keep the platform working.

2i. Regulatory data

Records we are legally required to maintain — for example, under the Online Safety Act 2023 and the CSEA Content Reporting Regulations 2025.

3. How we use your information

The table below sets out the purposes for which we process each category of information, and the lawful basis under UK GDPR.

Special category data. Some of the data you may choose to share — about your sexuality, your relationship structure, or your health — is special category data under UK GDPR. We process this on the basis of your explicit consent, which you give by choosing to add it to your profile. You can remove or change this information at any time, and you can withdraw your consent by removing the data or closing your account.

Biometric data. Our verification process involves biometric processing — comparing your image against itself to confirm liveness, and comparing the reference frames against subsequent uploads to confirm authenticity. We process this data on the basis of your explicit consent, given as part of registration. The processing is limited to the verification and authenticity purposes described in this policy.

Business profile data (feature pending launch). A business profile is, by design, a public-facing presence. The business profile name, description, services, location, opening hours, posts, and imagery are visible to the platform's verified members within the dedicated business section and (where members have followed the business) in those members' personal feeds. Personal data within your underlying member account — your personal profile, your verification data, your messages, your follows — is not made public by virtue of you operating a business profile, and remains governed by the rest of this policy. Where you provide business verification information, that information is held internally and used for the purposes of verifying and operating the business profile feature. We do not publish business verification documents or registered company submissions.

Following businesses and your feed(feature pending launch). Where you choose to follow a business, that follow is the basis on which we surface that business's updates in your personal feed. Your follow list is held within your account; it is not used to build advertising profiles, is not sold to anyone, and is not shared with the businesses you follow beyond the aggregate follower count and the basic follower information necessary to operate the feature. You can unfollow at any time.

4. Where your information comes from

From you — when you register, complete verification, build a profile, set preferences, post content, message other members, or contact us.

Automatically — when you use the platform, we collect technical data including IP address, session data and device information.

From your interactions with other members — when you receive a review, report, or message, data associated with that interaction is generated.

We do not receive personal data from third-party data brokers or external sources, other than the limited fraud-prevention use described in Section 8.

5. What we will never do with your data

This section matters. We want to be explicit.

1. Sell, rent or licence your personal data to any third party
2. Use your data to serve you advertising, on or off platform
3. Share your data with external AI providers for moderation or for any other purpose. Our moderation tools operate in-house with no external data sharing
4. Use marketing cookies or tracking technologies
5. Read the content of your private messages without your consent. Messages are end-to-end encrypted. The sole exception is the consent-based dispute review described in Section 6
6. Retain your identity document beyond the verification check itself
7. Share your data with any party not described in Section 8

The only exceptions are legal obligations we cannot override. These are in Section 8.

6. How we protect your data

Encryption in transit. All connections to ALTLFE use TLS encryption (the secure standard indicated by HTTPS and the padlock in your browser).

Encryption at rest. Data stored on our servers is encrypted. Encryption keys are held by ALTLFE Ltd, not by our infrastructure providers — meaning our hosting partners store encrypted data they cannot themselves read.

End-to-end encrypted messaging. Private messages on ALTLFE are end-to-end encrypted. The content of your conversations is readable only by you and the person you are messaging. Our team — including administrators — cannot access message content.

Consent-based dispute review. If a dispute arises about a private conversation, our platform offers a consent-based review process. Every party to the thread must agree before the thread can be reviewed by our moderation team. Where everyone agrees, the relevant content is made available to a closed group consisting of those parties and the reviewer for the duration of the review and any applicable appeal period — and is automatically and permanently deleted afterwards. If anyone declines, the thread remains private and we resolve the report on the basis of the rest of the available evidence. This consent-based architecture is a deliberate and permanent design decision.

Password security. Your password is stored as a one-way encrypted and salted hash. We cannot view or retrieve your password. If you lose it, you reset it. We will never ask for your password and we will never share it.

Access controls. Access to personal data within ALTLFE is restricted to team members who require it for their role, and is subject to access logging and review.

Image watermarking. Photos uploaded to ALTLFE carry both a visible watermark and a hidden digital watermark. The watermarks let our team identify the source of any image shared outside the platform without permission, including where sharing occurred via screenshot. The digital watermark contains platform-level identifiers readable only by us — it does not contain your name or contact details.

7. How long we keep your data

We retain your data only for as long as is necessary for the purposes for which it was collected, and in accordance with our legal obligations.

Account closure and the right to erasure. When you close your account and request full deletion, your personal data is permanently and irreversibly deleted from our systems, subject only to data we are legally required to retain under Section 8. We are the sole custodian of your data — there are no third-party copies. Deletion is final.

Content involving others. Some content involves more than one person. Messages you have sent appear in the inbox of the person you sent them to; reviews you have left appear on another member's profile; shared profiles include data about more than one person. When you close your account:

1. Messages you sent are deleted from your record. The other party's copy is governed by their account.
2. Reviews you have left remain on the recipient's profile but are anonymised
3. For shared profiles, your data is removed and the profile remains under the control of the other named member(s); if no other named member remains, the profile is closed.

This treatment reflects the right to erasure as it applies in a multi-person context — your data is deleted, and we do not retain it, but we cannot retroactively delete data from a person who lawfully holds their own copy.

8. Third parties and legal disclosures

We share your data with third parties only in the following limited and defined circumstances.

Infrastructure and hosting. We use third-party hosting and infrastructure providers to operate the platform. Data is encrypted in transit and at rest. Encryption keys are held by ALTLFE Ltd, not by the provider, meaning our hosting partners store encrypted data they cannot themselves read. These providers process data on our behalf under data processing agreements and are contractually prohibited from using your data for any other purpose.

Payment processing. When you purchase or renew a membership, payment data is processed by our payment provider. We share only the information needed to complete the transaction. We do not store full payment card details.

Fraud prevention. We may use credit reference and fraud prevention services to detect and prevent fraudulent transactions. This involves limited data sharing for the sole purpose of fraud detection.

CSEA mandatory reporting. Under the Online Safety (CSEA Content Reporting) Regulations 2025, ALTLFE is legally required to detect and remove child sexual exploitation and abuse material and to report confirmed instances to the National Crime Agency. We are also required to retain specified records relating to such content. This obligation is automatic, mandatory, and cannot be overridden by any contractual commitment or member instruction. Data retained for this purpose is held under strict access controls and deleted as soon as the legal retention period expires.

Other legal obligations. We may be required by law to provide data or assistance to law enforcement, regulatory authorities, or other bodies exercising lawful powers. Where such obligations exist, they take precedence over our standard privacy commitments. We will verify any such request before complying and provide only what is legally required. We may be legally prohibited from disclosing that such a requirement has been made.

In all other circumstances, we do not share your data.

We do not use third-party AI providers for moderation or for any other purpose involving member data.

9. Cookies

We use only essential cookies — those required for the platform to function securely, including session authentication and security tokens.

We do not use:

1. Marketing or advertising cookies
2. Third-party analytics cookies
3. Tracking or behavioural profiling cookies

You can configure your browser to block or delete cookies. Note that blocking essential cookies may affect your ability to log in and use the platform.

10. Your rights

Under UK GDPR you have the following rights in relation to your personal data. We take these seriously and will not use them against you.

1. Right of access. You can request a copy of the personal data we hold about you. We will provide this within one month of receiving your request, free of charge.
2. Right to rectification. You can ask us to correct inaccurate data or complete incomplete data we hold about you.
3. Right to erasure. You can ask us to delete your personal data. In most cases we will comply. Limited exceptions: moderation records may be retained where there is an active investigation; data we are legally required to retain cannot be deleted until the legal retention period expires.
4. Right to restriction. You can ask us to restrict how we process your data in certain circumstances.
5. Right to object. You can object to processing based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds.
6. Right to portability. Where processing is based on your consent or the performance of a contract, you can ask us to provide your data in a portable format.
7. Right to withdraw consent. Where processing is based on consent, you can withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights: Contact us at privacy@altlfe.com from the email address associated with your account so we can confirm your identity. We will respond within one month.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or your local supervisory authority.

11. International users

ALTLFE is operated under UK law and this policy is written primarily to reflect UK GDPR obligations. Nothing in this policy removes or limits any rights you have under the mandatory privacy or data protection laws of your country of residence — where your local law provides greater rights, those rights apply.

If you are accessing the platform from outside the United Kingdom, please note: data may be transferred to and processed in the UK and other jurisdictions where our infrastructure providers operate. Where we transfer data internationally, we use appropriate safeguards (such as the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or equivalent).

If you are an EU resident and would like to lodge a complaint with your national data protection authority, you may do so in addition to contacting us or the UK ICO.

If you are a California resident, you have rights under the California Consumer Privacy Act and California Privacy Rights Act, including the right to know what personal information we collect, the right to delete it, the right to opt out of its sale (we do not sell personal information), and the right to non-discrimination for exercising these rights. To exercise any US privacy rights, contact us at privacy@altlfe.com.

If your local privacy law provides specific rights not described above, contact us and we will explain how those rights apply.

12. Children

ALTLFE is for adults only. We do not knowingly collect data from anyone under 18, or under the age of majority in their country of residence. Our verification process is designed to prevent under-age access. If you believe a child has nonetheless created an account, please contact safety@altlfe.com immediately.

13. Changes to this policy

We may update this policy from time to time. Where the change is material, we will notify you in advance and explain what is changing and why. The current version is always available at altlfe.com/privacy.

ALTLFE Ltd is registered in England and Wales. Company number: 12625919