Privacy Policy • simply adult.

Privacy Overview

At simply adult., we are committed to protecting your privacy and ensuring the security of your personal information. This comprehensive privacy policy explains what data we collect, how we process and protect it, and your rights regarding your personal information while using our platform at https://adult.the-simply-web.com.

We implement industry-standard security measures including end-to-end encryption, anonymization techniques, and strict access controls to protect your data. Your privacy is our priority.

1. Data We Collect

We collect the following categories of information to provide and improve our services:

1.1 Account Information

Registration Data: Email address, username, encrypted password hash with salt (PBKDF2 with 100,000 iterations)
Profile Information: User preferences, content categories, security settings
Authentication Tokens: Session tokens, JWT tokens for secure authentication

1.2 Usage & Behavioral Data

Search Activity: Search terms, filters, content preferences (stored locally and anonymized)
Viewing Statistics: Watched content categories, performers, viewing duration (anonymized)
Library Data: Saved videos, personal collections (stored locally with optional cloud sync)
Interaction Data: Comments, votes, user-generated content

1.3 Technical & Security Data

Device Information: Browser type, operating system, screen resolution (for optimization)
Network Data: IP address (hashed for security), connection type, geographic region
Security Logs: Login attempts, suspicious activity, fraud prevention data
Performance Data: Page load times, error reports, feature usage analytics

1.4 Communication Data

Support Interactions: Contact form submissions, support tickets, feedback
Administrative Communications: Account notifications, security alerts, policy updates

1.5 Legal Bases for Processing (Art. 6 GDPR)

We process your personal data based on the following legal grounds under Article 6 of the GDPR:

Art. 6(1)(a) GDPR - Consent

Cookie Consent: Non-essential cookies, analytics, and tracking technologies
Marketing Communications: Optional newsletters and promotional content
Data Sharing: Sharing data with third-party services beyond necessity
Special Categories: Any processing of sensitive personal data (where applicable)

Art. 6(1)(b) GDPR - Contract Performance

Account Management: User registration, authentication, and profile management
Service Provision: Content delivery, search functionality, and personalization
Payment Processing: Subscription management and billing (if applicable)
Customer Support: Responding to inquiries and resolving technical issues

Art. 6(1)(c) GDPR - Legal Obligation

Age Verification: Compliance with German JMStV and youth protection laws
Data Retention: Mandatory retention periods under German commercial law
Tax Records: Financial transaction records as required by German tax law
Law Enforcement: Cooperation with authorities when legally required

Art. 6(1)(f) GDPR - Legitimate Interests

Security & Fraud Prevention: Protecting our platform and users from abuse
Service Improvement: Analyzing usage patterns to enhance functionality
Network Security: Monitoring for cyber threats and unauthorized access
Business Operations: Internal administration and quality assurance

Balancing Test: We have conducted legitimate interest assessments (LIA) to ensure our interests do not override your fundamental rights and freedoms.

2. Cookies & Local Storage

We use various storage technologies to enhance your experience and maintain security:

2.1 Essential Cookies

Session Cookies (sid): Secure authentication tokens with HttpOnly and Secure flags
Fingerprint ID (fpid): Anonymous device identification for security and fraud prevention
Age Verification: Confirmation of age requirements (adult_age_confirmed_v1)

2.2 Local Storage Data

User Preferences (adult_prefs_v1): Content filters, security settings, provider preferences
Saved Content (adult_saved_videos_v1): Personal library and bookmarks (max 500 items)
Viewing Statistics (adult_watched_stats_v1): Anonymized usage patterns for recommendations

2.3 Service Workers & Caching

Offline Support: Cached resources for improved performance and offline functionality
Background Sync: Preference synchronization when connection is restored
Push Notifications: Optional security alerts and important updates (with consent)

Your Control: You can clear all local data through your browser settings or our in-app privacy controls. Essential cookies are required for basic functionality.

3. How We Use Your Data

We process your personal information for the following specific purposes:

3.1 Service Provision & Authentication

Account Management: User registration, login, password resets, and profile management
Content Delivery: Personalized content recommendations based on anonymized preferences
Feature Access: Library management, search functionality, and content filtering

3.2 Security & Fraud Prevention

Threat Detection: Monitoring for suspicious activity, bot detection, and abuse prevention
Access Control: Session management, multi-factor authentication, and unauthorized access prevention
Compliance Monitoring: Age verification, content moderation, and regulatory compliance

3.3 Platform Improvement & Analytics

Performance Optimization: Analyzing usage patterns to improve speed and reliability
Feature Development: Understanding user needs to develop new functionality
Quality Assurance: Error tracking, bug fixes, and user experience improvements

3.4 Communication & Support

Customer Support: Responding to inquiries, technical issues, and account problems
Security Notifications: Critical security alerts and account protection messages
Service Updates: Important policy changes and feature announcements (opt-out available)

4. Sharing

We do not sell personal data. Limited data may be shared with processors (e.g., database, cloud, analytics) bound by confidentiality and data processing agreements.

5. Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, in accordance with GDPR Article 5(1)(e) and German BDSG requirements:

Account & Profile Data

Active Accounts: Retained while account is active and for 30 days after account deletion request
Inactive Accounts: Automatically deleted after 3 years of inactivity (with prior notification)
Authentication Data: Session tokens expire after 30 days, refresh tokens after 90 days

Usage & Behavioral Data

Search History: Stored locally, automatically purged after 12 months
Viewing Statistics: Anonymized data retained for 24 months for service improvement
Preference Data: Retained while account is active, deleted with account closure

Technical & Security Data

Security Logs: Retained for 12 months for security monitoring and incident response
IP Address Hashes: Automatically deleted after 90 days unless security incident
Error Logs: Retained for 6 months for technical troubleshooting

Communication & Support Data

Support Tickets: Retained for 3 years for quality assurance and legal compliance
Email Communications: Retained for 2 years or until unsubscribe/account deletion
Feedback & Reviews: Retained for 5 years unless deletion requested

Legal & Compliance Data

Age Verification Records: Retained for 3 years as required by German JMStV
Financial Records: Retained for 10 years as required by German HGB/AO
Legal Dispute Data: Retained until resolution plus applicable limitation periods

Automated Deletion

We have implemented automated systems to ensure data is deleted according to these retention periods. You can request immediate deletion of your data (subject to legal obligations) by contacting [email protected].

6. Your Rights under GDPR

As a data subject under the GDPR, you have the following rights regarding your personal data:

Art. 15 GDPR - Right of Access

You have the right to obtain confirmation whether we process your personal data and, if so, access to your personal data and information about the processing.

Art. 16 GDPR - Right to Rectification

You have the right to obtain rectification of inaccurate personal data and to have incomplete personal data completed.

Art. 17 GDPR - Right to Erasure ("Right to be Forgotten")

You have the right to obtain erasure of your personal data without undue delay, subject to certain exceptions (e.g., legal obligations, freedom of expression).

Art. 18 GDPR - Right to Restriction of Processing

You have the right to obtain restriction of processing in certain circumstances (e.g., while accuracy is being verified).

Art. 20 GDPR - Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Art. 21 GDPR - Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Art. 7(3) GDPR - Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: [email protected]
Response Time: We will respond within 30 days (extendable by 60 days for complex requests)
Verification: We may request additional information to verify your identity
Free of Charge: Exercising your rights is generally free, except for manifestly unfounded or excessive requests

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State where you reside, work, or where the alleged infringement occurred.

German Supervisory Authority: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)

7. Right to be Forgotten - Data Deletion

Under GDPR Article 17, you have the right to request the deletion of your personal data. We provide an easy-to-use online process to exercise this right.

🗑️ Request Complete Data Deletion

This will permanently delete your account and all associated personal data. This action cannot be undone.

What will be deleted:

• Your account and profile information
• All personal data and preferences
• Content and activity history
• Communication records
• Analytics and usage data

What may be retained:

• Legal compliance records (as required by law)
• Fraud prevention data (anonymized)
• Financial transaction records (as required)
• Aggregated analytics (anonymized)

⚠️ Important Information

• Processing Time: Up to 30 days as required by GDPR
• Verification Required: Identity verification for security
• Immediate Effect: Account access will be suspended immediately
• No Recovery: Deleted data cannot be recovered

🗑️ Start Data Deletion Process

Legal Grounds for Deletion

You can request deletion if any of the following apply:

• No longer necessary: The data is no longer needed for the original purpose
• Withdraw consent: You withdraw consent and there's no other legal basis
• Unlawful processing: The data has been processed unlawfully
• Legal obligation: Deletion is required for compliance with legal obligations
• Child's data: Data was collected from a child without proper consent

Deletion Process Overview

1️⃣

Account Lookup

Verify your account details

2️⃣

Identity Verification

Email verification & personal details

3️⃣

Reason Selection

Choose legal ground for deletion

4️⃣

Confirmation

Final confirmation & processing

Alternative Options

Before requesting complete deletion, consider these alternatives:

Data Export

Download a copy of your data before deletion

Export My Data →

Account Deactivation

Temporarily disable your account instead

Deactivate Account →

Questions About Data Deletion?

Contact our Data Protection Officer for assistance:

Email: [email protected]
Support: [email protected]
Response Time: Within 72 hours

8. Security & Data Protection

We implement comprehensive security measures to protect your personal information and ensure data anonymity:

7.1 Encryption & Data Security

Transport Security: All data transmission uses TLS 1.3 encryption with perfect forward secrecy
Password Protection: PBKDF2 hashing with 100,000 iterations, unique salts, and timing-safe comparison
Database Security: Encrypted at rest with AES-256, regular security audits and penetration testing
Session Management: Secure token generation, automatic expiration, and IP-based validation

7.2 Anonymization & Privacy Protection

IP Address Hashing: IP addresses are immediately hashed using SHA-256 with salt for security logs
Behavioral Data Anonymization: Viewing statistics are aggregated and anonymized before storage
Local Storage Priority: Sensitive preferences and viewing history stored locally when possible
Data Minimization: We collect only necessary data and automatically purge expired information

7.3 Access Controls & Monitoring

Multi-Factor Authentication: Turnstile CAPTCHA and optional 2FA for enhanced security
Role-Based Access: Strict permission controls for administrative functions
Activity Monitoring: Real-time fraud detection and suspicious activity alerts
Regular Audits: Quarterly security reviews and compliance assessments

7.4 Infrastructure Security

Cloudflare Protection: DDoS protection, WAF, and global CDN with security headers
Content Security Policy: Strict CSP headers to prevent XSS and injection attacks
Secure Headers: HSTS, X-Frame-Options, and referrer policy implementation
Regular Updates: Automated security patches and dependency vulnerability scanning

Security Notice: While we implement industry-leading security measures, no system is 100% secure. Please report any security concerns immediately to [email protected].

8. Data Protection Officer (DPO)

In accordance with Article 37 GDPR and Section 38 BDSG, we have appointed a Data Protection Officer to monitor compliance with data protection laws and serve as your contact point for data protection matters.

Contact Information

Email: [email protected]
Postal Address: Data Protection Officer, JW Limited
Response Time: We will respond to your inquiry within 14 days

DPO Responsibilities

Monitoring compliance with GDPR, BDSG, and other data protection laws
Conducting data protection impact assessments (DPIAs)
Serving as contact point for supervisory authorities
Providing guidance on data protection matters to employees
Handling data subject requests and complaints

9. International Data Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place as required by Chapter V of the GDPR:

Adequacy Decisions

We may transfer data to countries that have received an adequacy decision from the European Commission (Art. 45 GDPR), ensuring an adequate level of protection.

Appropriate Safeguards

For transfers to countries without adequacy decisions, we implement appropriate safeguards including:

Standard Contractual Clauses (SCCs): EU Commission-approved contractual clauses
Binding Corporate Rules (BCRs): For transfers within multinational corporations
Certification Mechanisms: Approved certification schemes with binding commitments
Codes of Conduct: Approved codes with binding commitments for processors

Third Country Processing

Current third-country processors and safeguards:

Cloudflare (USA): Standard Contractual Clauses + additional security measures
Analytics Services: Data Processing Agreements with EU-approved safeguards
CDN Providers: Contractual safeguards and data minimization practices

Your Rights: You have the right to obtain information about the safeguards we use for international transfers and to obtain a copy of the safeguards (where feasible) by contacting our DPO.

10. Data Processing Activities (Art. 30 GDPR)

In accordance with Article 30 GDPR, we maintain records of our processing activities. Below is a summary of our main processing operations:

Controller Information

Name: JW Limited
Contact: [email protected]
DPO Contact: [email protected]
Representative (if applicable): [EU Representative Details if non-EU controller]

Categories of Processing

User Account Management: Registration, authentication, profile management
Content Delivery: Personalized content recommendations and search functionality
Security & Fraud Prevention: Monitoring, threat detection, access control
Customer Support: Inquiry handling, technical support, feedback processing
Legal Compliance: Age verification, regulatory reporting, law enforcement cooperation

Data Processors

Cloudflare: CDN, security, and performance services (USA - SCCs)
Database Providers: Data storage and backup services (EU/EEA)
Email Services: Transactional and support communications (EU/EEA)
Analytics Providers: Anonymized usage analytics (EU/EEA preferred)

11. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notification of Changes

Material Changes: We will notify you at least 30 days before material changes take effect
Notification Methods: Email notification, in-app messages, or prominent website notice
Version Control: Each version will be dated and archived for reference
Continued Use: Continued use of our services after changes constitutes acceptance

Your Options

Objection: You may object to changes by contacting us or exercising your right to erasure
Account Closure: You may close your account if you disagree with policy changes
Data Export: You may request a copy of your data before account closure

Current Version: This privacy policy was last updated on 2025-10-03. Previous versions are available upon request for transparency and compliance purposes.

12. Contact Information

For any questions about this privacy policy, your personal data, or to exercise your rights under GDPR, please contact us:

Data Controller

Company: JW Limited
Email: [email protected]
Telegram: https://t.me/simplyadult_bot
Response Time: We aim to respond within 72 hours

Data Protection Officer

Email: [email protected]
Purpose: Data protection inquiries, complaints, and GDPR-related matters

Supervisory Authority

German Federal Commissioner: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Website: www.bfdi.bund.de
Purpose: Lodge complaints about data protection violations

GDPR Compliance Statement

This privacy policy complies with the EU General Data Protection Regulation (GDPR), German Federal Data Protection Act (BDSG), and German Telecommunications-Telemedia Data Protection Act (TTDSG). Last compliance review: 2025-10-03