Privacy Policy

Effective Date: 28.08.2025
This Privacy Policy explains how Fuchsia (“we,” “our,” or “us”) collects, uses, stores, and protects your personal data when you access or use our platform, website(s), application(s), products, and services (the “Platform”). We are committed to safeguarding your privacy and complying with the General Data Protection Regulation (GDPR) and applicable Austrian and EU data protection laws.

1) Data Controller

The data controller for your personal data worldwide is:
Fuchsia (operated by Knightify FlexCo)
Kelsenstraße 5, 1030 Vienna, Austria
Email: [email protected]

Full company details, including registration number, VAT ID, and managing directors, are available at: https://fuchsia.one/impressum

For EU/EEA/UK/Swiss users, we process your data in accordance with the EU General Data Protection Regulation (GDPR) and Austrian Data Protection Act (DSG).

2) Data We Collect

Identity Data: Government-issued ID images (front and back), a live selfie, full name, date of birth, and verification status for KYC/AML compliance. Verification is performed through visual checks (human review and/or non-biometric automated consistency checks) to confirm authenticity and prevent fraud.
Contact Data: Email, phone number, and communication preferences.
Profile Data: Profile bio, preferences, booking history, feedback, ratings, and limited profile visit history (for example, which members viewed your profile and when, where this feature is enabled).
Media & Content Data: Photos, videos, and other content you upload to your profile or share through the Platform, including technical metadata (such as file type, size, timestamps) and the results of automated content checks (e.g., flags for policy or law violations).
Financial & Wallet Data: Billing and payout details (e.g. IBAN, transaction references), and limited wallet identifiers you provide for crypto payments or withdrawals (such as a USDT-compatible wallet address or on-chain transaction IDs). We do not store your private keys. The Platform itself does not run on blockchain; cryptocurrencies are used only as external payment and payout methods via third-party providers.
Technical Data: IP address, browser type, device information, and session logs for security.
Usage & Analytics Data: Aggregated and pseudonymous information about how the Platform is used, such as which blog posts or pages are viewed, approximate engagement metrics, and trending content. We do not use this data to directly identify individual visitors; it is used to understand overall usage patterns and improve the Platform.
Communication Data: Messages and interactions through the Platform.
Compliance Data: Records required under legal obligations such as anti-money laundering (AML) and sanctions screening.

2.1) Special Categories of Personal Data

We may process special categories of personal data under GDPR Article 9 only where strictly necessary and with appropriate safeguards. In particular:

Sexual orientation and gender identity (if you choose to disclose them): This information is provided voluntarily in your profile to support matchmaking. We process it only with your explicit consent (Art. 9(2)(a) GDPR). You can choose “Prefer not to say” or remove this information at any time in your settings. Removing it may reduce certain matchmaking features.
No biometric identification: We do not use biometric identification or facial recognition templates. While we collect a selfie and ID images for KYC, these are used for visual identity verification and fraud prevention only. We do not create biometric templates or use automated facial recognition to uniquely identify you. Therefore, your selfie and ID images are not processed as biometric special-category data under Art. 9 GDPR.

3) How We Use Your Data

To create and manage your account.
To verify your identity and prevent fraud or illegal activity.
To process payments, escrow transactions, and withdrawals.
To process cryptocurrency payments and payouts through regulated payment service providers or Virtual Asset Service Providers (VASPs). We only receive limited information such as your wallet identifier and transaction references; we do not control your wallet or store private keys.
To provide support and resolve disputes.
To automatically review uploaded photos, videos, and other media using content moderation tools in order to detect and block illegal, unsafe, or policy-violating content (for example nudity involving minors, exploitation, or extreme violence).
To verify your identity for KYC/AML purposes using document and selfie matching without biometric identification (i.e., no facial recognition templates or biometric profiling).
To automatically scan and analyze on-Platform messages, booking details, and profile content using safety and fraud-detection systems (including AI-based tools) to detect and prevent fraud, harassment, solicitation of illegal services, and other violations of our Terms and Community Guidelines. This processing is carried out strictly for safety, security, and compliance purposes and is a condition of using the Platform.
To improve and secure the Platform.
To comply with legal and regulatory obligations.
To send service updates, security alerts, and required notifications.

3.1) Location Data

When you enable location services, we collect your precise geolocation (GPS coordinates) to:

Show you members in your vicinity (matchmaking radius).
Validate booking locations (for QR ticket check-ins).
Provide last-known location timestamps to your Trusted Contact if you trigger the Safe-Word feature.

We do not share your exact GPS coordinates with other members. Other users only see approximate distance (e.g., "5 km away") or general area (e.g., "Vienna, District 1"). You can disable location sharing at any time in your device or app settings; this may limit matchmaking functionality.

Legal Basis: Consent (Art. 6(1)(a) GDPR + § 165 Austrian TKG 2003). Location data is stored only as long as necessary for active bookings and safety features (typically 7 days after booking completion, or 30 days for Safe-Word triggers), then deleted.

3.2) Blog Analytics & Profile Visit History

When you browse our public content (for example, our blog or information pages), we may record anonymous or pseudonymous visit data to understand which posts are read, how often they are accessed, and how users navigate the Platform. We do not store directly identifying information for these blog analytics; instead, we use aggregated and pseudonymous metrics to improve our content and user experience.

Within the core Platform, we may also keep a limited profile visit history so that members can see which other members have viewed their profile (where this feature is enabled). This may include your profile identifier, the profile you visited, and the timestamp of the visit. This feature is part of the core functionality of the Platform and is visible to other members as designed (for example, "Recently viewed your profile").

Legal Basis: For privacy-friendly, server-side blog analytics, we rely on our legitimate interests (Art. 6(1)(f) GDPR) in improving and securing the Platform. Where we use third-party analytics tools such as Google Analytics that rely on cookies or similar technologies, we do so only with your consent, as described in our Cookie Policy.

4) Data Security

We use server-side encryption for data (messages and sensetive information) at rest and SSL/TLS for data in transit. While these measures protect against unauthorized access, we do not use end-to-end encryption. This allows our support and compliance teams to access your data when necessary for security, fraud prevention, or legal reasons. Despite our efforts, no system is 100% secure, and we cannot guarantee absolute data security.

5) Legal Bases for Processing

We process your personal data based on:

Contract: To provide the Platform and its services.
Legal Obligations: For KYC/AML compliance, tax, and regulatory requirements, including obligations to prevent illegal content and abuse.
Legitimate Interests: For security, fraud detection, content review and moderation, protecting users from abuse, and improving the Platform. We balance these interests against your fundamental rights and freedoms.
Consent: For optional features, such as marketing communications.

6) Data Sharing

We do not sell your data. We share data only when necessary, including:

Payment Processors: For subscription, token purchases, and payouts.
Verification Providers: Where applicable, we share only the minimum required KYC information (ID images, selfie, name, date of birth, and address proof) with trusted verification and AML-screening providers acting as data processors. They may use these materials solely to verify authenticity and compliance without performing biometric identification for their own purposes.
Content Moderation Providers: To automatically analyze uploaded photos, videos, and other media for illegal, harmful, or policy-violating content. These providers act as data processors under strict data protection agreements and do not use your media for their own purposes.
Legal Authorities: When required by law or for fraud prevention.
Service Providers: For hosting, analytics, and support infrastructure, under strict data processing agreements.

6.1) International Data Transfers

Personal data may be transferred to and processed in countries outside the EU/EEA, including:

United States: Cloud hosting providers (AWS, Google Cloud) – transfers are safeguarded by EU Standard Contractual Clauses (SCCs) approved under Art. 46(2)(c) GDPR and, where applicable, the EU-U.S. Data Privacy Framework.
Other jurisdictions: Only where necessary for KYC/AML screening, payment processing, or content moderation, and only with adequate safeguards (SCCs, adequacy decisions).

You may request a copy of the applicable safeguards via [email protected].

7) Data Retention

We retain data only as long as necessary to provide services, comply with legal obligations, or resolve disputes:

Data Category	Retention Period
Account & profile data	Until account deletion + 30 days (backup retention)
KYC/AML records (including ID images, selfie, address proof, and transaction logs)	5 years after account closure (§ 40 FM-GwG)
Chat logs, booking history	3 years after last activity (for dispute resolution)
Location data (GPS coordinates)	Deleted 7 days after booking completion (except Safe-Word triggers: 30 days)
Trusted Contact data	Until you remove them or delete your account
Fraud/security logs	Up to 7 years (for legal claims under Austrian civil law)
Blog analytics (aggregated/pseudonymous visit data)	Short-term technical logs (typically up to 7 days) and longer-term aggregated statistics without direct identifiers
Profile visit history (who viewed whose profile)	For a limited period consistent with product functionality and dispute resolution needs (for example, up to 12 months), then deleted or anonymized

After the retention period, personal data is securely deleted or anonymized in accordance with Art. 5(1)(e) GDPR.

8) Your Rights Under GDPR

Under GDPR and Austrian law, you have the following rights:

Right of Access (Art. 15): Request a copy of your personal data in a machine-readable format (JSON/CSV).
Right to Rectification (Art. 16): Correct inaccurate or incomplete data.
Right to Erasure / "Right to Be Forgotten" (Art. 17): Request deletion of your data (subject to legal retention obligations under FM-GwG – we must keep KYC/AML records for 5 years).
Right to Restriction of Processing (Art. 18): Limit how we use your data in certain circumstances (e.g., while disputing accuracy).
Right to Data Portability (Art. 20): Receive your data in a structured, commonly used format and transmit it to another controller.
Right to Object (Art. 21): Object to processing based on legitimate interests or direct marketing.
Right to Withdraw Consent (Art. 7(3)): Withdraw consent for location data, special categories, or marketing at any time (does not affect prior processing based on consent).
Right Not to Be Subject to Automated Decision-Making (Art. 22): Request human review of any automated decision that produces legal or similarly significant effects (e.g., account suspension).

To exercise your rights: Contact us via in-app support or email [email protected]. We will respond within one (1) month (Art. 12(3) GDPR), which may be extended by two months for complex requests.

Right to Lodge a Complaint

If you believe we have violated your privacy rights, you have the right to lodge a complaint with the competent supervisory authority:

Austrian Data Protection Authority (Datenschutzbehörde)
Barichgasse 40-42, 1030 Vienna, Austria
Website: www.dsb.gv.at
Email: [email protected]

9) Cookies & Tracking

We use essential cookies to operate the Platform and optional analytics cookies (with consent) to improve performance. Details are available in our Cookie Policy.

10) International Transfers

If your data is transferred outside the EU/EEA (e.g., for hosting, support, or content moderation services), we ensure adequate safeguards such as EU Standard Contractual Clauses or equivalent legal frameworks. Our external service providers are bound by data processing agreements and may only process your data on our instructions and for the purposes described in this Privacy Policy.

11) Children's Data

The Platform is strictly for users aged 18 and older. We do not knowingly collect or process data from minors. Accounts found to belong to underage individuals will be terminated and data deleted.

12) Safety Monitoring & Automated Analysis

For the safety of our community, and to enforce our Terms (including the prohibition of illegal services), you consent to the automated scanning and analysis of on-Platform messages, booking details, profile information, and media by our safety and fraud-detection systems (including AI algorithms). This processing is strictly for safety, abuse-prevention, and legal compliance purposes, is not used for marketing, and is a condition of using the Platform.

When you upload photos, videos, or other media, we may automatically analyze this content using internal tools and trusted third-party content moderation providers to detect illegal, unsafe, or policy-violating material (for example sexual content involving minors, exploitation, or extreme violence). These providers act as data processors under strict agreements and may not use your content for their own purposes.

Automated checks may result in your content being blocked, removed, or flagged for manual review. They do not involve automated decisions that produce legal or similarly significant effects for you without the possibility of human review. If you believe your content or account was restricted in error, you can contact our support team through the in-app support channel to request a review.

13) Changes to This Policy

We may update this Privacy Policy to reflect changes in laws, our services, or data processing practices. Significant updates will be notified via the Platform or by email. Continued use after updates constitutes acceptance.

13.1) Data Protection Officer (DPO)

Based on the current scale of our processing, we are not legally required to appoint a formal DPO at this time. We review this obligation at least annually and will appoint a DPO without undue delay if our processing reaches the thresholds under Art. 37 GDPR. For privacy matters, contact: [email protected].

14) Contact Us

For questions, concerns, or to exercise your rights, please contact us via the in-app support or by email:
Email:[email protected]

15) Crypto Payments and Off-Chain Tokens

The Fuchsia Platform itself does not run on blockchain, and our internal Tokens are not cryptocurrency or blockchain assets. Internal Tokens are off-chain digital credits recorded only in our own systems and used inside the Platform for bookings and related features.

Where you choose to pay or receive payouts in cryptocurrency (for example, USDT), those transfers are executed by regulated third-party payment or crypto-asset service providers (VASPs). We receive limited information such as wallet identifiers and transaction references for compliance and reconciliation, but we do not store or have access to your private keys and we do not control your external wallet.

On-chain data (such as transaction hashes and public addresses) may also be visible on public blockchains, which are operated by third parties outside our control. Please review the privacy policies of any wallet, exchange, or payment provider you use in connection with the Platform.