Babelix is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and share your data when you use our sugar dating platform “Babelix”, operated by Marvixia OÜ.

We also outline your privacy rights and explain how to exercise them. Additionally, our Cookie Policy details cookies and similar technologies in our services.

This policy aims to comply with the General Data Protection Regulation (GDPR) of the European Union, the California Consumer Privacy Act (CCPA) and its CPRA amendment, data protection laws in Latin America (e.g., Mexico, Brazil), and international best practices for digital privacy.

Data Controller

Your data controller is Marvixia OÜ, a company registered in Estonia under registration number 16539801 and VAT number EE102593347. Its registered office is Ahtri 12, 10151 Tallinn, Estonia.

If you have any questions or requests regarding your data, please don’t hesitate to contact us by email at privacy@babelix.com (or the designated email address on the platform). Marvixia OÜ is supervised by the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), the country’s data protection authority.

Personal Data We Collect

We collect various personal data to provide and improve the Babelix service. Below are the categories of information we may gather:

• Registration & Account Data: Information you provide when creating an account, such as your name, username or alias, city of residence, email address, and password. We also request your date of birth to verify that you are over 18 and your gender, which are required for matching purposes.
• Profile & Personal Information: Data you choose to include in your Babelix profile. This may include photos, a personal description, details about what you are looking for, your interests and preferences (e.g., hobbies, type of relationship sought), lifestyle or personality details, and information about your income or financial situation (only for Sugar Daddies). Other profile details may include occupation or education level, depending on what you wish to share.
• Generated Content: Information and content you exchange on the platform. This includes private messages you send and receive via Babelix, as well as any other content you upload (e.g., additional photos). Note: User messages are treated as private, but Babelix may analyze them automatically or manually only for security purposes (e.g., investigating fraud reports or policy violations).
• Usage & Activity Data: Information about how you use Babelix. This includes activity logs such as date and time of access, features used (e.g., which profiles you view or mark as favorites), searches performed, clicks and interactions within the platform, and selected preferences. We also record actions like profile updates or changes to privacy settings. This data helps us understand how active your account is and enables us to improve your experience.
• Location Data: We may collect location data, including geographical information. For example, you can specify your general location (city or region) in your profile to be visible to or see nearby users. If you enable geolocation in the Babelix web interface, we may collect your location to suggest profiles near you. You can always choose not to share your location by turning off this feature in your browser or device settings.
• Device Identifiers & Technical Data: When you use Babelix, we automatically collect technical information from your devices. This may include your IP address, browser type and version, device type (e.g., iPhone, Android, PC), operating system and version, unique mobile device identifiers or advertising identifiers (for example, the Android Advertising ID or iOS IDFA), your internet service provider or mobile network, language and time zone, and other technical details derived from your device settings. We use this data to ensure service compatibility and security (for example, to detect suspicious logins).
• Payment Data: If you choose to purchase a Premium subscription or other paid services within Babelix, we collect the information necessary to process the transaction. Stripe is our payment processor, so your credit/debit card or other payment details are entered into forms managed directly by Stripe. Babelix does not store your whole card number; we receive only limited information from Stripe to confirm the payment (such as a transaction ID, the last four digits of the card, card type, and transaction status). We also retain associated billing details—such as your full name, country, and, where applicable, postal code—needed to issue receipts or invoices and comply with accounting obligations.
• Cookies & Similar Technologies: On our website, we use cookies, pixels, and similar tracking technologies to collect information about your interactions with Babelix. This may include data such as your site preferences, active session, anonymous identifiers for usage statistics, or identifiers for advertising purposes. For more details, please refer to our Cookie Policy, located later in this document.
• Third-Party Data: Generally, we collect data directly from you. However, in some cases, we may obtain additional information from third parties. For example, suppose we offer the option to log in or register via social networks or third-party accounts (such as Google or Facebook). In that case, as you have authorized, we will receive specific basic profile data from those third parties (e.g., your name and email address linked to the external account). Likewise, we may use external providers for identity verification or fraud prevention; for example, a verification service might confirm the authenticity of an identity document or the validity of certain personal information. In such cases, the processing will be carried out with your explicit consent, and you will be informed of it during the verification process.

Purposes & Legal Bases for Processing

We use your data for legitimate and necessary purposes related to the Babelix service. Under the GDPR, we are required to have a legal basis for each processing activity.

Below, we describe for which purposes we process your data and the corresponding legal basis (in parentheses, for EU users):

• To provide the dating service and manage your account: We process your data to create and administer your account, enable you to set up a profile, and deliver all core Babelix features—such as viewing and being viewed by other members, matching or connecting with users, sending and receiving messages, and generally facilitating platform interactions. This includes displaying your profile (username, age, photos, video, description, etc.) to other users and showing profiles matching your search or compatibility criteria—legal basis: Performance of a contract with you.
• Personalizing your experience: We may use information about your preferences, declared interests, or activity on the platform to tailor the service to your needs. For example, Babelix may rank or prioritize suggested profiles based on your indicated preferences (e.g., desired age range, location, shared interests) or display relevant content to you. This enhances the quality of the connections we propose—legal basis: Our legitimate interest in optimizing and personalizing the service for our users. We will request your explicit consent if personalization involves analyzing sensitive data (e.g., preferences that could reveal sensitive information).
• User verification & security: Babelix strives to maintain a safe and authentic community. We may process personal data to verify user identities when necessary (e.g., confirming age via official documents or validating profile photos to prevent impersonation). We also monitor activity automatically for fraudulent behavior or policy violations (e.g., scammers, spam, illicit proposals). The Babelix team may manually review reported profiles or communications to take appropriate action (warnings, suspensions, or bans) when needed.
  Legal basis: Our legitimate interest in ensuring the platform’s security, authenticity, and integrity (preventing fraud, protecting vulnerable users, and avoiding harm) and, where applicable, compliance with a legal obligation.
• Payment processing & subscription management: If you make a payment on Babelix (for example, to purchase a Premium membership or other paid features), we process your payment data to complete the transaction, activate the associated Premium service on your account, and maintain accounting records. This includes sharing necessary details with our payment processor (Stripe) and verifying that the payment is successful.
  Legal basis: Performance of a contract – We need to process the payment to fulfill the requested service. Additionally, we are bound by tax and accounting laws to retain payment records, which is a compliance with a legal obligation.
• Service-related communications: We may use your email address or other contact details to send you essential service messages, such as verification emails during registration, security alerts (e.g., password change notifications or login notifications from a new device), updates to our Terms of Service or Privacy Policy, and other critical operational notices. These are not marketing messages but are essential for your use of Babelix.
  Legal basis: Performance of the contract (necessary for your use of Babelix) and/or our legitimate interest in keeping you informed about security or essential service matters.
• Marketing Communications & Promotions: With your consent, we may use your contact data (such as your email address) to send newsletters, offers, promotions, or surveys about Babelix. For instance, we might share tips to improve your profile, inform you of new features, or announce special promotions. You can opt out of these communications at any time, for example, by clicking the “unsubscribe” link in any marketing email we send or adjusting your preferences in your account settings.
  Legal basis: your explicit consent for marketing communications. In certain jurisdictions, for existing customers, we may rely on our legitimate interest to send service-related messages; however, you will always have the option to opt out.
• Personalized advertising: Babelix (or third parties we work with) may process your data for digital marketing purposes, such as displaying personalized Babelix ads on third-party websites or platforms (e.g., Facebook, Instagram). This may involve using cookies or advertising identifiers to segment ads based on your interests or activity on Babelix. For example, if you visited our site but did not complete the registration, we might later show you an ad reminding you to join Babelix.
  Legal basis: Our legitimate interest in promoting our service and growing the community, where permitted by applicable law. However, in jurisdictions requiring it (e.g., the EU), we will obtain your consent for cookies or identifiers used for behavioral advertising (e.g., via our cookie banner). You can always object to personalized advertising by following the opt‑out mechanisms described in this policy (see the Cookies section and California “Do Not Sell/Share My Personal Information” rights).
• Service Analysis & Improvement (Analytics): We collect and analyze data on how users interact with Babelix to understand and continually improve our platform’s performance. This includes metrics such as the number of signups, interaction levels (average messages sent, matches made), most-used features, click-through rates, and usability issues. Much of this data is aggregated and anonymized to generate overall statistics (e.g., percentage of users within a specific age range). We may use third-party analytics tools, such as Google Analytics, which automatically collect information via cookies (see our Cookie Policy). Legal basis: Our legitimate interest in understanding and improving our services. In the EU, using non-essential cookies by these tools depends on your consent (via our cookie banner). We always handle analytics data in a privacy-preserving manner (e.g., anonymizing the last digits of your IP in Google Analytics).
• Fraud Prevention & Legal Compliance:
  We may process personal data to prevent illegal activities, fraud, unauthorized use of our platform, or to enforce our Terms of Service. This includes implementing automated fraud detection mechanisms and, when necessary, utilizing and retaining data for internal investigations or cooperating with law enforcement authorities. For example, we might keep records of users expelled for fraud to prevent them from re-registering (blocklists). We may also use and share personal data when required to comply with legal obligations, such as responding to valid requests from government or judicial bodies, adhering to child protection laws, or following court orders. Legal basis: compliance with a legal obligation when applicable (e.g., formal requests) and/or our legitimate interest in protecting our business and users from illicit activities or policy breaches.
• Other Purposes with Your Consent: If Babelix wishes to process your data for any additional purpose not covered above, we will request your explicit consent. For example, if in the future we decide to collect extra sensitive data (such as health information, detailed sexual orientation, criminal history, biometrics, etc. for a specific feature), or if we want to use your data for testimonials or publish your content outside the platform, we will inform you and obtain your consent before proceeding. You always have the right to withdraw that consent at any time.

We always ensure that we do not process your data in a way incompatible with the original purposes for which it was collected. If we ever need to use your data for a purpose unrelated to the original purpose, we will notify you and, where legally required, obtain your prior consent.

Data Recipients: Sharing with Third Parties

Babelix does not sell your data to third parties. However, we share specific data with trusted service providers and other third parties when necessary to operate our service or fulfill our obligations, always under appropriate safeguards. Below are the types of third parties with whom we may share data and why:

• Payment Processor (Stripe): As mentioned, Stripe handles card transactions. When you make a payment, some of your data (such as your name, email, purchase amount, and payment method) is transmitted to Stripe to process the charge. Stripe is a data processor contractually obligated to protect and use your information solely for payment processing purposes. Sensitive financial data (card number, CVV) goes directly to Stripe and is not stored on our servers.
• Cloud Computing & Hosting Providers: We may store your data on servers managed by cloud or hosting providers (e.g., Amazon Web Services, Google Cloud, Hostinger, or other infrastructure vendors). These providers act as data processors, meaning they use your data only to store or process it according to our instructions under high-security standards. We maintain data protection agreements (such as Data Processing Agreements or Standard Contractual Clauses) with these providers to ensure GDPR or equivalent compliance.
• Analytics Services: We utilize third-party tools, primarily Google Analytics, to collect usage statistics. These tools collect information about your interaction with Babelix via cookies or unique identifiers. The data that Google Analytics collects (e.g., pages visited, time spent on page, device type, general location) may be transmitted to and stored by Google, including in the U.S., in an anonymized form. Google acts as our analytics provider and may use the data for any purpose, provided that it is aggregated and used solely for giving statistics. We have configured Google Analytics to anonymize your IP address (masking the last digits) and disabled data sharing with other Google products. For more details, please refer to our Cookie Policy, where you can find opt-out options.
• Digital Advertising & Marketing Services: Babelix may partner with advertising networks or marketing platforms to promote our service. For example, we may integrate the Facebook Pixel, Google Ads, or similar tools into our website or app.These tools collect technical information via cookies or pixels (e.g., cookie IDs, pages visited, registration events) which Meta or Google use to run efficient ad campaigns (e.g., showing you Babelix ads on Facebook if you visited our site without registering, or tracking how many users sign up from our Google ads).

  These third parties independently control the cookie data for behavioral advertising purposes. However, Babelix does not share personally identifiable information such as your name or email; the shared information is limited to encrypted identifiers or aggregated conversion data.
  As our Cookie Policy explains, you can manage marketing cookies, including options to opt out of personalized advertising.

• Identity Verification & Security Providers: To foster a secure environment and enhance the integrity of our community, Babelix manages all user verification processes internally. This includes, but is not limited to, Selfie Verification and ID Verification, which are conducted by our dedicated internal team.

  When you voluntarily submit information for verification, we collect the necessary data to perform the procedure, including a copy of your government-issued identification and/or a selfie. This information is used exclusively to confirm your identity, check the authenticity of documents, and mitigate fraud on the platform.

  All data provided for verification is treated as strictly confidential and is governed by our internal data protection and security protocols. Access to this sensitive information is restricted to authorized personnel directly involved in the verification process. We do not share this data with any third parties for verification purposes and handle it in strict accordance with the principles laid out in this Privacy Policy. Upon successful completion of the verification, your identification document is permanently deleted from all our systems.

• Communications & Support Services: To send you emails, notifications, or other communications, we may use third-party tools such as transactional email services (e.g., SendGrid, Mailchimp, Amazon SES) or push-notification platforms. When doing so, these services process your email address, other contact details, and the message content. Similarly, if you use our customer support (e.g., live chat or ticketing), the support platform (e.g., Zendesk) will process your inquiry data. All these providers act under our instructions and use your data solely to facilitate communications.
• Authorities & Legal Compliance: We may disclose personal data to government authorities, courts, or regulatory bodies when required or permitted by law. This includes responding to valid legal orders, subpoenas, or other legal processes and, when necessary, investigating illicit activities, enforcing our Terms of Use or legal rights, or defending against legal claims. For example, suppose we receive a court order to provide the records of a user involved in a crime. In that case, we may be legally obliged to share certain information with the relevant authorities.
• Corporate Transactions: If Babelix or Marvixia OÜ undergoes a merger, acquisition, sale of assets, bankruptcy, or other corporate transaction, your data may be transferred as part of that transaction to the new entity that will operate the service. In such an event, Babelix will notify you in advance (e.g., via a notice on the platform or by email) and ensure the receiving entity commits to at least the same level of data protection outlined in this Privacy Policy.

In all cases where we share your data with third parties, we adhere to the principle of data minimization (providing only the information necessary for the intended purpose). We also enter into robust contractual agreements (such as Data Processing Agreements) with these providers to ensure they maintain confidentiality, implement appropriate security measures, and comply with applicable data protection laws.

International Data Transfers

Babelix operates globally, so some of the third parties mentioned above or even our servers may be located in countries outside your country of residence. In particular, if you are in the European Union (EU) or European Economic Area (EEA), you should know that we may transfer your data outside the EEA, for example, to the United States or other countries where our providers (such as Amazon, Google, Meta, etc.) operate.

When we transfer personal data from the EU/EEA to countries that do not have an adequacy decision by the European Commission (i.e., whose privacy laws are not deemed equivalent to EU standards), we implement appropriate safeguards to protect your data. These safeguards typically include executing the Standard Contractual Clauses approved by the European Commission, which are standardized contracts requiring the data recipient to uphold data privacy. Additionally, we assess on a case-by-case basis whether supplementary security measures are needed (such as encryption in transit and at rest or specific confidentiality requirements).

In the context of international transfers, we may also rely on other applicable legal mechanisms, such as your explicit consent for the transfer in specific situations or verifying whether the recipient is certified under a recognized data protection framework. We are committed to ensuring that any transfer of your data complies with applicable law: Chapter V of the GDPR for European data, as well as the international transfer requirements of other local laws (for instance, Brazil’s LGPD requires contractual safeguards for exporting data outside Brazil, and in Mexico transfers to third parties generally require your consent, subject to certain exceptions).

If you would like more information about the international transfer of your data or the specific safeguards we apply in a particular case, please do not hesitate to contact us at any time (see the Contact section).

Data Retention

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, unless a more extended retention period is required or permitted by law. The main criteria we use to determine retention periods are:

• Account & Profile: As long as you maintain an active Babelix account, we will keep your profile information and other data associated with your account. If you choose to delete your account, or if we close it under our terms, your personal data will be immediately removed from our primary systems. This means that your profile will no longer be visible, and all associated information (photos, messages, preferences, etc.) will be deleted immediately upon confirmation of deletion. In exceptional cases (e.g., to address legal claims or prevent fraud), we may retain minimal identifying records (such as a user ID or email) in encrypted, isolated storage. Still, we will not keep personal content or sensitive data in our active systems.
• Data Shared with Other Users: Please note that information you shared with other users within Babelix (for example, messages you sent to another user or that you were in their contacts or history) will remain in those users’ possession even after you delete your account. However, those users will no longer be able to view your complete profile or contact you via the platform once your account is deleted.
• Activity Logs: Technical logs (access records, IP addresses, and change histories), as well as other activity data, are retained while you have an account and for a limited additional period for legitimate Babelix purposes, such as security analysis, statistics, or service improvement. If you delete your account, we may retain some of these logs (de-identified as much as possible) for an additional period. Typically, anonymized log data may be retained indefinitely in aggregate form for analytical purposes.
• Legal Obligations and Disputes: In certain circumstances, we are required to retain specific data for extended periods due to legal requirements. For example, tax and accounting laws may require us to maintain payment receipts, invoices, and accounting records that include personal data (such as name and transaction details) for 5 to 7 years (depending on the jurisdiction) after the end of the relevant fiscal year. Similarly, if you have made a purchase, we will retain transaction records for the legally mandated duration. Also, suppose a pending legal dispute or claim involving a user. In that case, we will preserve the necessary data for the duration of the dispute—potentially beyond our standard retention periods—and delete it once it is no longer needed.
• Security backups: Our systems maintain periodic backups. It is possible that after data is deleted from primary systems, your personal data may persist temporarily in encrypted backup files until those backups are rotated or purged according to our backup retention policies (typically, backups are deleted on a rolling schedule after a set number of weeks).
• Security retention: In exceptional cases, Babelix may retain certain identifying information even after you have requested deletion when there is a compelling security need. For example, suppose we expel a user for serious fraud or abuse. In that case, we may keep minimal data (such as email, phone number, or device identifier) in an internal blocklist to prevent that person from evading the ban by creating a new account. This retention is based on our legitimate interest in protecting the community and is carried out to the extent permitted by law.

In all cases, once the applicable retention periods have expired, we will securely delete, anonymize, or pseudonymize your data. When data is anonymized, it is no longer associated with an identifiable person. Without further notice, it may be used for statistical or improvement purposes, as it no longer constitutes personal data.

User Rights under Various Privacy Laws

As the data subject, you have various legal rights that are designed to give you control over your personal information. Babelix is committed to facilitating the exercise of these rights. Below, we summarize your key rights under the EU GDPR, the California CCPA/CPRA, and relevant Latin American laws, including those in Mexico and Brazil. Note that these rights may overlap; regardless of jurisdiction, we will do our best to address any privacy rights requests you make to the extent they apply to our relationship with you.

Rights under the GDPR (EU/EEA)

• Right of Access: You may request confirmation of whether we are processing your data and, if so, obtain access to it. We will provide you with a copy of the personal data we hold about you and details on the processing purposes, data categories, recipients, retention periods, and your other rights.
• Right to Rectification: You have the right to request the correction of any incomplete or inaccurate personal data. For example, if your email address, phone number, or any other details, such as your name, username, or date of birth, have changed, we will update the relevant information. You can also correct much of your data directly through your profile settings.
• Right to Erasure (“Right to be Forgotten” ): You may request the deletion of your data when, for example, it is no longer necessary for the purposes for which it was collected, you withdraw your consent (and no other legal basis for processing exists), or you object to the processing and no overriding legitimate grounds remain. Upon receiving a valid erasure request, we will delete your data unless a legal exception requires us to retain it (e.g., for legal obligations or the establishment or defense of claims).
• Right to Restrict Processing: In certain circumstances, you may request that we temporarily restrict the processing of your data. This may apply, for example, if you contest the accuracy of your data (we can pause processing while we verify it) or if the processing is unlawful. Still, you prefer restriction over erasure, or if you have objected to processing, and we are assessing your objection. During the restriction period, we will only store your data and not carry out any other processing except as permitted (e.g., to establish or defend legal claims).
• Right to Object: You have the right to object, on grounds relating to your particular situation, to any processing of your data based on a public interest or our legitimate interests. This includes an objection to profiling based on those interests. If you object, we will cease processing your data for the contested purpose unless we can demonstrate compelling legitimate grounds for the processing that override your interests (e.g., a legal requirement) or the processing is necessary to establish, exercise, or defend legal claims.
  Important: If your data is used for direct marketing purposes, you have the right to object at any time. If you request that we stop marketing (e.g., promotional emails), we will honor your request immediately. You can unsubscribe at any time, and we will cease sending you commercial communications.
• Right to Data Portability: In some instances, you may request a copy of your personal data in a structured, commonly used, and machine-readable format (e.g., CSV or JSON) to facilitate quick transfer to another provider. This right applies when processing is based on your consent or a contract and is carried out by automated means. At Babelix, this could include basic data you provide (such as your profile and registration information) and data generated by your usage (such as your match history), to the extent technically feasible, in a portable format.
• Right Not to Be Subject to Automated Individual Decisions: The GDPR grants you the right not to be subject to decisions based solely on automated processing (i.e., without human involvement) that produce legal or similarly significant effects on you. At Babelix, important decisions that affect you (e.g., account suspension for serious violations) commonly involve human review. If we were to apply any system of automated profiling that makes decisions without human intervention with legal or significant effects, we would inform you and advise you of your right to request human intervention, express your viewpoint, and challenge the decision.
• Right to Withdraw Consent: You have the right to withdraw your consent at any time when processing is based on your consent. For example, you can withdraw consent for email marketing or precise geolocation in the platform. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
• Right to Lodge a Complaint: You can complain to a competent data protection authority if you believe Babelix/Marvixia OÜ has violated your data protection rights or failed to address your request. You may contact the authority in your country (e.g., the Spanish Data Protection Agency in Spain, CNIL in France, etc.) or the lead authority in Estonia, where Marvixia OÜ is established. The primary supervisory authority for Babelix is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon). We encourage you, however, to first attempt to resolve any concerns directly with us so we can assist you promptly.

Privacy Rights in California (CCPA/CPRA)

If you are a resident of the State of California (U.S.), local law (the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA)) grants you additional rights regarding your data. These rights focus on transparency and control over certain personal information we collect and use. Below, we summarize the main rights under the CCPA/CPRA:

• Right to Know (Access & Disclosure): You have the right to request that we disclose the personal information we have collected and used about you. This includes the right to know the categories of personal information collected about you in the past 12 months, the sources from which we obtained that information, the business purpose for collecting it, and the categories of third parties with whom we shared it. You may also request a copy of the personal data we collected about you during that period. Additionally, as defined by law, you have the right to know whether your personal information has been “sold” or “shared” for commercial or advertising purposes. (At Babelix, as noted, we do not sell your personal information for money, but we may share specific identifiers for personalized advertising; see below for the right to opt out of sale/sharing.)
• Right to Delete: You may request that we delete the personal information we have collected and retained about you, subject to certain exceptions. Once we receive and verify your request, we will delete (and instruct our service providers to delete) your personal information from our records unless a legal exception applies. For example, we may be unable to delete data necessary to complete a transaction you requested, to detect or prevent fraud or security incidents, to comply with a legal obligation (e.g., tax requirements), or for lawful internal uses aligned with our relationship with you. If we must refuse a deletion request due to an exception, we will inform you of the specific reasons.
• Right to Correct Inaccurate Personal Information: Under the CPRA (effective 2023), California residents have the right to request the correction of any inaccurate personal information we hold about you. Upon receiving a verifiable request, we will correct your information as necessary and practicable, taking into account the nature of the data and its processing purposes. We will explain the situation if we cannot comply with a specific correction request (e.g., retaining historical data for legal reasons).
• Right to Opt Out of Sale or Sharing of Personal Information: The CCPA grants California consumers the right to opt out of the sale of their personal information to third parties. The CPRA extends this right to include opting out of “sharing” personal data with third parties for cross‑context behavioral advertising. At Babelix, we do not sell your personal data for monetary consideration. However, as described in our Cookie Policy, we may share limited identifiers with advertising partners (e.g., Facebook) to optimize our campaigns, which could be considered “sharing” under the CPRA. You have the right to object to this. You can exercise your “Do Not Sell or Share My Personal Information” right via the mechanisms we provide—for example, by clicking the “Do Not Sell My Personal Information” link in our website footer or by contacting us directly to request the opt‑out of sale/sharing. Additionally, if your browser sends a Do Not Track or Global Privacy Control (GPC) signal. In that case, we will interpret it (to the extent technically feasible) as a valid opt-out request for that device or browser under the CPRA.
• Right to Non‑Discrimination: Babelix will not discriminate against you for exercising any of your privacy rights under the CCPA/CPRA. This means we will not deny you service, provide a lower quality of service, charge you different prices, or impose penalties because you have exercised your rights to privacy. Any variation in service you experience will be for legitimate business reasons unrelated to your exercise of rights. Suppose we ever offer financial incentives (e.g., discounts or rewards) in exchange for allowing specific uses of your data. In that case, we will notify you in advance, participation will be entirely voluntary, and we will comply with CCPA requirements regarding such incentives.
• Additional Disclosures: The CPRA requires that we inform consumers, at or before the point of data collection, about any categories of “sensitive personal information” we collect (if any) and the purposes for which it is used. At Babelix, we may collect sensitive personal information as defined by the CPRA, such as account login credentials, sexual orientation or intimate preferences implied in your profile, financial data (e.g., estimated income, which is considered sensitive under the CPRA), or official identification for verification purposes (if requested). We do not use or disclose sensitive personal information beyond what is necessary to provide the expected services (i.e., we use this sensitive data exclusively for matching, security, and verification purposes, not for secondary purposes such as targeted advertising). Therefore, under the CPRA, we offer California consumers the right to limit the use or disclosure of sensitive personal information to those purposes that are essential. Babelix already restricts such use in practice, but if you have concerns, please contact us for further assurance.

How to Exercise Your CCPA Rights: To submit a verifiable request for access (Right to Know), deletion, or correction, you may contact us at privacy@babelix.com with the subject “California Privacy Request” and detail your request. You may also use a specific web form or a mailing address on our site (see the Contact section). We will need to verify your identity before fulfilling specific requests to protect your privacy, which may involve asking for information that matches our records (e.g., confirming your registered email or answering questions about your Babelix usage). Suppose you wish to have an authorized agent submit a request on your behalf. In that case, we require a written and signed authorization that demonstrates the agent’s permission to act on your behalf, and we will also verify the agent’s identity. We will acknowledge receipt of your request within 10 days and respond substantively within 45 days, with a possible 45‑day extension in complex cases, about which you will be notified.

Rights of Users in Latin America (Mexico, Brazil & Others)

Babelix acknowledges and respects the rights granted by data privacy laws in Latin American countries. Although each national law has nuances, many of these rights are similar to those described above. Below, we highlight some key rights:

• ARCO Rights (Access, Rectification, Cancellation & Objection) – Mexico: If you are a user in Mexico, the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) grants you ARCO rights, which include the following:
  • Access: Request access to the personal data we hold about you and details of its processing.
  • Rectification: Correct any inaccurate or incomplete personal data.
  • Cancellation: Delete your data when it is no longer required for the original purposes or is being misused.
  • Objection: Object to the processing of your data for specific purposes (e.g., secondary uses like marketing).

  These rights can be exercised at any time, subject to legal exceptions.

• Rights under the LGPD – Brazil: If you are a user in Brazil, you are protected by the General Data Protection Law (LGPD), which grants you rights such as:
  • Confirmation & Access: Confirm whether your data is being processed and access it.
  • Correction: Correct incomplete, inaccurate, or outdated data.
  • Anonymization, Blocking, & Deletion: Request anonymization, blocking, or deleting unnecessary, excessive, or unlawfully processed data.
  • Data Portability: Receive your data in a structured, commonly used, machine‑readable format for transfer to another provider.
  • Deletion: Delete personal data processed with your consent, subject to exceptions.
  • Information: Know which public and private entities we share your data with.
  • Consent and Withdrawal: Be informed of your right to not consent and the consequences, as well as your right to withdraw consent.
  • Objection: Object to processing based on non‑consent legal bases if you believe it violates the LGPD.
• Rights in Other Latin American Countries: Many other Latin American nations (e.g., Argentina, Colombia, Peru, Uruguay, Chile) grant similar rights, including access, rectification, deletion or cancellation, and objection. Babelix will honor any valid request under these laws in accordance with local procedures and timelines.
• Rights in Other Latin American Countries: Similar data protection rights exist in most Latin American countries. For example:
  • Argentina (Law 25.326): rights of access, rectification, updating, and deletion.
  • Colombia (Law 1581): rights of access, correction, deletion, and proof of authorization, among others.
  • Peru, Uruguay, Chile, and others: rights to information, access, rectification, cancellation/deletion, and objection, each with specific local conditions.

  Babelix will endeavor to honor any valid requests from users in these countries that comply with their local data protection laws.

Procedure to Exercise Rights (Latin America): If you wish to exercise any of the rights mentioned above (ARCO, LGPD, or others) and you are located in Latin America, you may contact us through the channels indicated in this policy (see the Contact section), clearly stating which right you wish to exercise and providing the information necessary for us to verify your identity and process your request (for example, we may require a copy of an identity document to confirm that the requester is indeed the data subject). We will address your request within the legal timeframes applicable in your country. For instance, in Mexico, we will respond to your ARCO request within a maximum of 20 business days, informing you whether it is valid. If so, we will implement the requested measure within the next 15 business days (extendable as permitted by law). In Brazil, data subject requests are typically answered within a reasonable period, generally within 15 days. In all cases, we will communicate the outcome of your request via the contact method you specify.

Please note that in certain circumstances, we may partially or fully deny a rights request if a legal exception applies. For example, in Mexico, we may refuse a deletion request if the data must be retained to comply with a legal obligation. Similarly, in Brazil, we may deny an objection if we can demonstrate compelling, legitimate grounds that override your rights. If we deny your request, we will explain the legal basis for our decision.

Data Security

Data security is of utmost importance to us. At Babelix, we implement technical, administrative, and organizational security measures to protect your information against unauthorized access, misuse, alteration, loss, or destruction. Below are some of the key security practices we apply:

• Encryption: Communication channels on Babelix are secured with SSL/TLS encryption. This ensures that information you send and receive through our platform (e.g., logging in, sending messages, uploading photos) travels encrypted, preventing interception by malicious third parties in transit. Additionally, sensitive data stored on our servers (such as account passwords) is kept encrypted or as a one‑way hash; for example, passwords are hashed using cryptographic hash algorithms rather than stored in plain text, so even our staff cannot view them.
• Access Control: We strictly limit access to personal data to only those employees, contractors, or third-party teams who require it to perform specific service tasks (the “need-to-know” principle). Our personnel receive privacy training and are bound by confidentiality obligations. Administrative accounts are protected with strong authentication and, where available, two‑factor authentication (2FA) to prevent unauthorized access even if credentials are compromised.
• Firewalls & Monitoring: Our servers and databases are shielded by firewalls and other perimeter security solutions to block unauthorized external access. We continuously monitor our systems to detect any unusual activity or attempted intrusion. Intrusion detection tools and security logs are used to audit system access, and any sign of a breach or vulnerability is investigated immediately.
• Regular Testing & Updates: We implement protocols for periodic system and software updates to apply security patches as soon as they become available, minimizing the risk of known exploits. Additionally, we regularly conduct security testing (e.g., penetration tests or code audits) on our application and infrastructure to proactively identify vulnerabilities. Any issues found are promptly remediated.
• Secure Backups: We perform regular backups of critical data to ensure availability and resilience against unexpected events (hardware failures, natural disasters, etc.). These backups are stored encrypted with restricted access. We maintain disaster recovery plans that enable us to restore functionality with minimal disruption in the event of a significant incident.
• Additional Measures: Where appropriate, we anonymize or pseudonymize personal data for certain processing activities to reduce risk in the event of a breach (e.g., using irreversible identifiers for internal analysis rather than directly identifying information). We also have procedures to manage and notify you of any personal data breaches: if, despite our precautions, a breach significantly affects your data, we will inform you by legal requirements (for example, under the GDPR, we will inform you without undue delay if the breach poses a high risk to your rights and freedoms, and we will notify the competent authority as required).

While we strive to protect your information to the highest standard, no security system is 100% infallible. Therefore, your role is also crucial: we recommend keeping your password confidential, not sharing it with anyone, and using a unique, strong password for Babelix. If you believe someone has gained unauthorized access to your account or personal data, please contact us immediately so we can help secure your account.

Privacy of Minors

Babelix is intended exclusively for users aged 18 or older. We do not offer our services to minors or knowingly collect personal data from individuals under 18. By registering on Babelix, you confirm that you are of legal age in your jurisdiction (typically 18 years). If we discover that we have inadvertently collected data from a minor (e.g., if a user misrepresented their age), we will promptly delete that information. Specifically, we will terminate the associated account and remove the minor’s data from our systems unless retention is required to comply with a legal obligation (for example, related to a reported incident).

We encourage parents or legal guardians to supervise their children’s online activities. If you are a guardian and believe a minor has provided personal data to Babelix, please contact us immediately so we can assist you in removing that information.