Logo

Unexpose.com

Adult privacy company

Privacy and Data Handling Policy

1. Introduction

In this Privacy and Data Handling Policy, the terms "we", "us", and "our" refer to Unexpose.com, also known as Unexpose, a company registered in the Netherlands with the Chamber of Commerce under number 74882120. We are committed to protecting your privacy and personal data. This Policy outlines how we collect, use, and safeguard your information during your interaction with our services. Our services are specifically intended for adult content creators, including those on platforms such as OnlyFans, Fansly, and other similar platforms, and are not suitable for use by general individuals.

2. Data Collection and Use

We collect personal data, including images, account details, and usage data, to provide targeted search services. This data is essential for delivering our services and helping you manage your digital footprint. We only collect the data necessary to provide the services requested.

Free Scan Data:

When you use our free scan feature (without creating an account), we collect and store the search term (username/stage name), selected platform, your IP address (to prevent abuse and enforce rate limits), email address (if provided), and scan results (match count). This information may be used for service improvement, statistical analysis, marketing outreach, and to contact you about our services and scan results. Free scan data is retained for up to 12 months.

3. Explicit Consent

By using our service, you consent to the processing of your personal data. You acknowledge that this processing is required to deliver the service and agree that your data will be processed according to this Policy and the consent you provide.

4. Login Logs and Security Measures

We collect and store user login details, such as IP addresses and location data, for security purposes. All data is encrypted in transit and at rest using advanced security measures, with storage provided by secure cloud infrastructure.

5. Access Control and Data Security

Your data is stored on secure servers with strict access control. We employ advanced security protocols to ensure that your data is protected against unauthorized access, and we continually update our systems to maintain a high level of security.

6. Data Breach Notification and Data Protection Contact

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, if it poses a risk to individuals' rights and freedoms. Where such risk is high, we will also notify the affected individuals without undue delay.

Notifications will include:

  • The nature of the personal data breach, including the categories and approximate number of data subjects affected.
  • The name and contact details of our data protection contact for further information.
  • The likely consequences of the breach.
  • The measures taken or proposed to be taken to address the breach and mitigate its potential adverse effects.

We are committed to ensuring that your data is protected, and we take data breaches very seriously. We will take all reasonable steps to minimize the impact of any breach.

Data Protection Contact:

For all data protection inquiries, requests to exercise your rights under GDPR, or concerns about how we handle your personal data, please contact our support team. We have designated staff responsible for overseeing data protection compliance and will respond to your inquiry within the timeframes specified in Section 7.

7. User Rights

As per GDPR, you have the right to:

  • Access: You have the right to request a copy of your personal data.
  • Correction: You can request corrections to any inaccurate or incomplete data.
  • Erasure: You may request the deletion of your personal data when it's no longer necessary for our services.
  • Objection: You can object to the processing of your data where we rely on legitimate interests as a basis for processing.
  • Withdraw Consent: You can withdraw your consent at any time without affecting the lawfulness of prior processing.
  • Data Portability: You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format. You can export your data at any time from the Settings > Danger Zone page.
  • Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, such as the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
  • Opt-out of Marketing: You can opt out of marketing communications at any time.

Response Timeframe: We will respond to your data subject request within one month of receiving it. If your request is particularly complex or you have made multiple requests, we may extend this period by up to two additional months. In such cases, we will notify you within the first month explaining why the extension is necessary.

If you have any concerns regarding a possible data breach or your data security, please contact our support team. We will respond promptly to address your concerns.

8. Data Transfers and Sharing

We may transfer your data, including images, to third-party for search and analysis purposes. By using our service and uploading your images, you acknowledge that these transfers are necessary for providing our services and consent to them. We ensure that any international transfers of personal data comply with GDPR, maintaining a high standard of data protection even outside the European Economic Area (EEA) where, and if, applicable.

International Transfer Safeguards:

For transfers of personal data to countries outside the EEA that do not have an adequacy decision from the European Commission (such as the United States), we rely on the following safeguards:

  • Standard Contractual Clauses (SCCs): We use the European Commission-approved Standard Contractual Clauses with our data processors.
  • Data Processing Agreements: All third-party processors are bound by contractual obligations to protect your data in accordance with GDPR requirements.
  • Technical Measures: All data transfers use encryption in transit (TLS 1.2 or higher) and at rest.

9. Data Usage for Service Features

Your personal data is used to manage your subscription and access to our service features. This includes handling your subscription, tracking service usage, and processing requests such as image scans and removal requests. When handling removal requests, staff may need to view your images, but all data is treated with the highest level of care and is not stored or shared outside of what is required for the removal process.

10. Automated Processing and Decision-Making

The Service uses automated image recognition and similarity detection to identify potential unauthorized uses of your content across the internet. This automated processing includes:

  • Content matching: Automated comparison of your uploaded content against web-indexed content to identify potential matches;
  • Automated scanning: Scheduled scans that run automatically at the frequency determined by your subscription plan, without requiring manual action each time;
  • Match classification: Automated categorization of matches by type, source, and severity to help you prioritize actions.

These automated processes are designed to assist in identifying potential matches but do not make final removal decisions on their own. For self-service plans, you review matches and decide which to act on. For Fully Managed plans, your dedicated agent reviews automated results and makes case-by-case decisions on your behalf.

In accordance with your rights under GDPR Article 22, you have the right to request human review of any automated match result. To do so, please contact our support team.

11. Evidence Collection and Screenshots

When potential matches are identified, the Service may automatically visit the identified web pages and capture visual records (screenshots) as evidence. This evidence is used to:

  • Provide you with visual proof of where your content was found;
  • Support DMCA takedown notices and removal requests filed on your behalf;
  • Maintain a record of infringing content for your reference.

Evidence screenshots are stored securely in encrypted cloud storage and are only accessible to you and authorized staff members involved in processing your removal requests. Screenshots are retained until account deletion (see Section 14 for retention periods).

12. Two-Factor Authentication (2FA)

We use two-factor authentication (2FA) for enhanced security. This requires you to provide two forms of identification to access your account when enabled, further safeguarding your personal data.

13. Billing Information

All transactions are processed securely through Stripe, our payment processor. Stripe ensures PCI DSS compliance, and your payment information is handled securely. We do not store, process, or transmit cardholder data directly. By using our services, you consent to Stripe's handling of your payment information in accordance with their Privacy Policy.

14. Data Retention and Deletion

We retain your data only for as long as necessary to provide the services, comply with legal obligations, resolve disputes, and enforce our policies. Upon request, we will delete your personal data following our data retention policies and applicable law.

Specific Retention Periods:

  • Account Data: Retained until you request account deletion, plus 30 days for final processing.
  • Uploaded Images: Retained until account deletion. Images can be individually deleted at any time.
  • Match History: Retained until account deletion or until you manually remove individual matches.
  • Removal Request Records: Retained until account deletion.
  • Evidence Screenshots: Retained until account deletion.
  • Login Logs & IP Addresses: Retained until account deletion for security purposes.
  • Billing Records: Retained via Stripe for 7 years as required by Dutch tax law.

Account Deletion Process:

When you delete your account, it will be immediately deactivated. After 30 days, your account and all associated data will be permanently deleted from all our systems. You will receive an email confirmation when your account is deactivated, including the date your data will be permanently deleted. If you change your mind during the 30-day period, please contact our support team.

15. Cookies, Local Storage, and Tracking

We use local storage for essential service functions, ensuring that your experience on our platform is smooth and secure. Additionally, we use Google Analytics to track usage patterns and improve our services. This data helps us understand how users interact with our platform and enhance our features. We do not use cookies or tracking mechanisms to monitor your activities across other websites.

16. Children's Privacy

Our services are not intended for children under 18. If we discover that we have inadvertently collected data from a minor, we will delete it immediately.

17. Legal Basis for Processing

We process your personal data based on the need to fulfill our contract with you and provide the services you have requested. In some cases, processing is also based on our legitimate interests, provided they do not override your rights under applicable data protection laws.

18. Use of Third Parties

We engage with third-party service providers to deliver our services effectively. These providers operate under strict data processing agreements to ensure a high level of security and confidentiality. Only data necessary to provide our services is shared in a secure manner with these parties.

  • Analytics providers: For anonymous, aggregated usage analytics to help us improve the Service.
  • Payment processing: For secure payment processing in compliance with GDPR and PCI DSS standards. Your payment information is handled directly by our payment processor — we do not store or process cardholder data.
  • Cloud storage providers: For secure storage of user-uploaded content, evidence screenshots, and other service data. All data is encrypted in transit and at rest.
  • Email delivery services: For sending transactional emails (account notifications, match alerts, removal request updates, and periodic reports).
  • Hosting and infrastructure providers: For hosting our application, database, and supporting services in secure data centers.
  • Content delivery and security networks: For protecting our Service against attacks, optimizing content delivery, and providing TLS encryption.
  • Error monitoring services: For detecting and resolving technical issues to maintain service reliability. Error reports may include anonymized request data but do not include your uploaded content.

We periodically review our third-party providers to ensure they maintain adequate data protection standards. For a specific list of current sub-processors, you may contact our support team.

19. Google Search Deindexing & Lumen Database

When you request removal of your content from Google Search results, we submit a delisting request to Google on your behalf. As part of this process, Google requires that all removal requests be published in the Lumen Database, a public research database maintained by Harvard University's Berkman Klein Center.

What information is shared:

  • Your first and last name (as the content owner)
  • The URLs of pages containing your content
  • The nature of the removal request (copyright/DMCA)

Your consent options:

  • During account setup, you can choose whether to allow Lumen Database submissions
  • This setting can be changed at any time in your Profile settings
  • If you disable this consent, future removal requests will still be sent to website hosts, but will NOT be submitted to Google for search result removal

Important limitations:

  • Once a removal request has been submitted to Google and published in the Lumen Database, it cannot be withdrawn
  • Disabling consent only affects future and pending removal requests
  • Removal requests already in progress or completed will remain in the Lumen Database

If you have concerns about Lumen Database publication, we recommend keeping this consent disabled and relying solely on direct website removal requests.

20. Changes to This Policy

If a revision significantly impacts your rights or obligations under this Policy, it will be considered a material change. In such cases, we will provide you with at least 30 days' notice before the changes take effect, using the email address you have provided to us.

21. Disclaimer

We strive to ensure that this Policy is accurate. If you notice any discrepancies or have concerns about how your data is handled, please contact our support team. This disclaimer does not affect your rights under national laws, including GDPR and regulations enforced by the Autoriteit Persoonsgegevens (AP) in the Netherlands.

Contact Us

For any questions or concerns regarding your personal data and this Privacy Policy, please contact our support team.

Last updated: February 26, 2026

◄ Home Terms of Service Privacy and Data Handling Policy Refund Policy