Privacy Policy

This Privacy Policy applies to all visitors and users of RubRhythm, including registered providers, clients, and unregistered visitors. If you are a California resident, the additional rights under the California Consumer Privacy Act (CCPA) apply to you. If you are an EU/EEA resident, GDPR rights apply.

Account Data:

• • Name, email address, password (hashed — never stored as plain text)
• • User role (Provider or Client)
• • Account creation date and last login

Provider Listing Data:

• • Service category, city/state, listing description, and contact preferences
• • Photos uploaded to your profile
• • Credit balance and transaction history

Verification Data (if submitted voluntarily):

• • Government-issued ID document (stored securely, reviewed by staff only)
• • Self-photo/selfie submitted for identity confirmation
• • Full legal name as it appears on ID
• • Optional: Social media profile link

Technical Data (automatically collected):

• • IP address, browser type, operating system
• • Pages visited, time on site, referral source
• • Device type (mobile/desktop)

• • To operate and maintain your account and listings
• • To process credit purchases and advertising features
• • To verify your identity and issue Verified Badges
• • To detect and prevent fraud, abuse, and illegal activity
• • To communicate important account and platform updates
• • To comply with applicable laws and cooperate with law enforcement when required
• • To analyze aggregate, anonymized usage data to improve the platform

We do not sell your personal data to third parties. We do not use your data for behavioral advertising.

Government ID documents submitted for verification are treated as special category data with enhanced protections:

• • Stored in an encrypted, access-controlled directory
• • Accessible to authorized staff only for verification purposes
• • Never shared publicly or with third parties
• • Deleted or anonymized upon request (see Section 8)
• • Retained for no longer than 5 years or as required by 18 U.S.C. § 2257

We use the following types of cookies:

• • Essential cookies: Required for login sessions and security (cannot be disabled)
• • Analytics cookies: Anonymous usage data to improve the platform (you may opt out)

We do not use advertising or tracking cookies. We do not participate in cross-site user tracking.

We only share your data in the following limited circumstances:

• • Legal compliance: When required by valid legal process (court order, law enforcement request)
• • Anti-trafficking: We will proactively share information with authorities when we suspect trafficking or exploitation
• • Service providers: Limited technical vendors (hosting, database) under strict data processing agreements

We never sell, rent, or trade personal data.

• • Account data: Retained while your account is active
• • Deleted accounts: Personal data removed within 30 days of account deletion
• • Verification documents: Retained as required by 18 U.S.C. § 2257 (maximum 5 years)
• • Transaction records: Retained for 7 years for financial compliance
• • Logs: Security and access logs retained for 90 days

Depending on your location, you have the following rights:

• • Access: Request a copy of all data we hold about you
• • Correction: Update or correct inaccurate personal information
• • Deletion: Request deletion of your account and associated data (CCPA/GDPR right to erasure)
• • Portability: Receive your data in a structured, machine-readable format
• • Opt-out: Opt out of non-essential cookies and analytics
• • Complaint: Lodge a complaint with your relevant data protection authority

To exercise any of these rights, email: privacy@rubrhythm.com

If you are a California resident, you additionally have the right to:

• • Know what personal information is collected, used, and shared
• • Opt out of the sale of personal information (we do not sell data)
• • Non-discrimination for exercising privacy rights

To submit a CCPA request: privacy@rubrhythm.com — we respond within 45 days.

RubRhythm is strictly an 18+ platform. We do not knowingly collect data from anyone under 18. If we discover a minor has created an account, we will immediately delete all associated data and ban the account. If you believe a minor has used our platform, contact safety@rubrhythm.com immediately.

We implement the following security measures:

• • All data transmitted over HTTPS/TLS encryption
• • Passwords stored using bcrypt hashing
• • Verification documents stored in access-controlled encrypted directories
• • Regular security audits and penetration testing
• • Strict employee access controls (principle of least privilege)

We may update this Privacy Policy periodically. Significant changes will be announced on the platform with at least 7 days notice. Continued use of RubRhythm after changes constitutes acceptance of the updated policy.

For all privacy-related requests or questions: