Privacy Policy

Introduction and Scope

This Privacy Policy explains how XENIA, a fantasy adult social network for verified adults aged 18 and over operating at xenia.studio, collects, uses, discloses, and protects information about the users of XENIA. By accessing or using XENIA, the user acknowledges the practices described in this Privacy Policy. This Privacy Policy should be read together with the Terms of Service of XENIA, the Section 2257 statement of XENIA, and the DMCA policy of XENIA.

XENIA is intended exclusively for adults. No part of XENIA is directed to, or intended for use by, any person under the age of 18. This Privacy Policy applies to all visitors, registered account holders, content creators, and purchasers who interact with XENIA, and it covers information processed through the XENIA website and the XENIA Studio desktop application.

Where XENIA determines the purposes and means of processing personal information, XENIA acts as a data controller for the purposes of the European Union General Data Protection Regulation, the United Kingdom General Data Protection Regulation, and applicable United States state privacy laws including the California Consumer Privacy Act as amended by the California Privacy Rights Act. The identity of the data controller and the means of contacting the data controller are set out in the section titled Contact below.

Information We Collect

XENIA collects the categories of information described below. The amount and type of information collected depends on how the user interacts with XENIA, including whether the user creates an account, completes age verification, publishes content, or transacts on chain.

Information You Provide

When the user registers for XENIA, the user provides an account username and an email address. The email address of the user is verified by means of a six digit code sent to that address. The user may also provide content captions, tags, profile details, pricing selections, and visibility preferences when publishing or managing content on XENIA.

Age and Identity Verification Information

XENIA requires every account holder to complete full identity verification establishing that the account holder is a real person who is at least 18 years of age. Verification is performed by Yoti, an independent third party verification provider acting as a processor of XENIA, by means of a scan of a government issued identity document together with a live face match, or a verification through the Yoti application. XENIA also stores the verified face image produced by this process, in encrypted form, used only to confirm that a real person is present in the content a creator uploads. Further detail is provided in the section titled Age and Identity Verification below and at the age verification documentation.

Wallet and On-Chain Information

XENIA generates a non custodial Solana wallet for each account at signup; external wallets cannot be imported, and the account is permanently bound to the single wallet address generated for it. XENIA stores only the public key, also described as the wallet address, of that wallet. The public key is public information and confers no ability to access or spend funds. XENIA does not collect, hold, or have access to the private key, the seed, or the recovery phrase of the user, or to the funds of the user. Transactions conducted by the user occur on the Solana public blockchain and are recorded on that public ledger. Further detail is provided in the section titled On-Chain Information Is Public and Permanent below.

Content and Usage Information

When a creator publishes to XENIA, XENIA receives and stores the filtered output media together with associated metadata, which may include captions, tags, the kind of media, visibility settings, and pricing. XENIA also collects activity information generated through the use of XENIA, including follows, hearts, views, tips, and unlocks. XENIA records access to creator off platform contact handles purchased through the DM reveal feature, as described in the section titled How We Share Information below.

Device and Technical Information

To support the XENIA Studio desktop application, XENIA collects device pairing public keys generated for the device of the user using the Ed25519 signature scheme. XENIA also collects standard server log information, which includes Internet Protocol addresses, request timestamps, browser and device characteristics, and similar technical data generated automatically when the user interacts with XENIA.

Cookies and Local Storage

XENIA uses cookies and browser local storage to operate XENIA, to remember preferences of the user, and to record a first visit compliance and age acknowledgement signal. The cookies used by XENIA, including the compliance and age acknowledgement cookie, are described in the section titled Cookies and Local Storage below.

How We Use Information

XENIA uses the information described in this Privacy Policy for the following purposes:

• To create, authenticate, and maintain the account of the user, including verification of the email address of the user.
• To confirm that the user is at least 18 years of age and to operate the age and identity verification process of XENIA.
• To enable creators to publish filtered content and to enable other users to discover, view, unlock, tip, and follow content and creators.
• To associate the wallet address of the user with the account of the user so that on chain transactions can be initiated and reflected within XENIA.
• To operate the XENIA Studio desktop application, including secure pairing between the device of the user and XENIA.
• To secure XENIA, prevent fraud and abuse, enforce the Terms of Service of XENIA, and protect the rights and safety of users of XENIA.
• To maintain server logs for diagnostics, reliability, and security purposes.
• To comply with legal obligations applicable to XENIA, including record keeping obligations relating to adult content.
• To communicate with the user regarding the account of the user, transactions, and material changes to the services of XENIA.

Where the law requires a legal basis for processing, XENIA relies on the performance of its contract with the user, compliance with legal obligations, and its legitimate interests in operating and securing XENIA. XENIA processes special categories of data, namely biometric data used to uniquely identify a creator and data concerning the sex life of the user, only on the basis of the explicit consent of the user under Article 9(2)(a) of the General Data Protection Regulation and the United Kingdom General Data Protection Regulation, given through account creation and the separate biometric consent. The user may withdraw this consent at any time as described in the Your Privacy Rights and Biometric Data sections, without affecting the lawfulness of processing carried out before withdrawal.

Because XENIA processes special categories of personal data, including biometric data and data concerning sexual activity, on a significant scale, XENIA has conducted and maintains a Data Protection Impact Assessment under Article 35 of the General Data Protection Regulation and the United Kingdom General Data Protection Regulation, and reviews it as its processing changes.

On-Device Filtering and What We Never Receive

Creators transform their own photographs and videos by applying an AI augmentation inside the XENIA Studio desktop application. This transformation occurs locally on the device of the creator. The original, un-filtered media of the creator never leaves the device of the creator. XENIA does not receive, transmit, process, or store the original un-filtered photographs or videos of the creator.

XENIA receives and stores only the filtered output produced by the XENIA Studio desktop application. That filtered output is stored in encrypted form, as described in the section titled Data Security below. Because the original media of the creator is never transmitted to XENIA, XENIA cannot access, recover, or disclose that original media, and XENIA cannot reconstruct it from the filtered output that XENIA holds.

Age and Identity Verification

Account creation on XENIA is restricted to verified adults aged 18 and over. To enforce this restriction, XENIA uses Yoti as a third party processor to perform identity verification. The information processed by Yoti includes a scan of a government issued identity document together with a live face match, or verification through the Yoti application.

Yoti processes verification information in accordance with the obligations of Yoti under applicable data protection law and under the agreement between Yoti and XENIA. XENIA seeks to handle verification information conservatively and to receive from the verification process only the outcome and the minimum information necessary to confirm that the user is at least 18 years of age and to support the identity features of XENIA. The signup face reference image collected by XENIA is stored in encrypted form and is used solely to support optional identity features of XENIA. To enforce that each verified person holds at most one account, and to prevent an account that has been banned from re-registering, XENIA derives a one-way identity hash from the verified document, for example from the document number, or from the name together with the date of birth, and stores only that hash, not the underlying document number or name. Each verification is also bound to the wallet that initiated it so that an approved verification cannot be used by a different account.

Additional information about the verification process is available at the age verification documentation.

Biometric Data

To confirm that each creator is a real, verified adult and that the person appearing in uploaded source media is the same verified account holder, XENIA and the XENIA Studio desktop application process biometric identifiers and biometric information as those terms are used in the Illinois Biometric Information Privacy Act (740 ILCS 14), the Texas Capture or Use of Biometric Identifier Act, and the Washington biometric privacy law. Specifically: XENIA stores, in encrypted form, a face reference image derived from the identity verification of the creator; and the XENIA Studio desktop application computes a mathematical representation of facial geometry, known as a face embedding, from that reference image and from the source media of the creator, on the device of the creator, in order to verify that the depicted person matches the verified account holder.

Purpose and sole use. XENIA uses this biometric data only to verify creator identity and presence and to prevent impersonation, non-consensual content, and fraud. XENIA does not use biometric data for advertising, profiling, or any purpose unrelated to verification.

Consent. XENIA collects, stores, and uses biometric data only after the account holder has given express, informed, written consent through the separate biometric consent presented during signup, before any biometric data is collected. Consent may be withdrawn at any time by deleting the account or by contacting XENIA using the details in the Contact section, after which XENIA destroys the biometric data in accordance with the retention schedule below, subject only to retention required by law.

Retention schedule. XENIA retains the encrypted face reference image only for so long as the account is active and the verification purpose continues. XENIA permanently destroys the face reference image and any associated face embeddings within thirty days after the earliest of: the date the verification purpose has been satisfied and is no longer needed; the date the account is deleted or the consent is withdrawn; or three years after the last interaction of the account holder with XENIA. Face embeddings computed on the device of the creator are ephemeral and are not transmitted to or stored by XENIA.

No sale, no disclosure, no profit. XENIA does not and will not sell, lease, trade, or otherwise profit from biometric data. XENIA does not disclose biometric data to any third party except: to a processor strictly necessary to perform the verification, acting under written contract and consistent with this policy; as expressly consented to by the account holder; or as required by valid legal process. XENIA stores biometric data using the reasonable standard of care for its industry and in a manner at least as protective as it protects other confidential and sensitive information.

On-Chain Information Is Public and Permanent

Payments on XENIA occur on the Solana public blockchain. XENIA is non custodial and never holds, controls, or has custody of the funds of any user. When the user transacts, the wallet address of the user and the amount of the transaction are written to the Solana public ledger.

Information recorded on the Solana blockchain is public, is permanent, and is outside the control of XENIA. XENIA cannot alter, delete, reverse, or anonymize information that has been recorded on the blockchain. A wallet address may, in combination with other information, be associated with the identity of a particular person. The user should consider these characteristics carefully before transacting. Where the user chooses to buy SOL or USDT through a fiat on ramp provider such as MoonPay or Transak, that provider collects its own know your customer information directly from the user under the privacy practices of that provider, and XENIA does not receive that information.

Cookies and Local Storage

XENIA uses cookies and browser local storage to provide and secure XENIA and to remember choices of the user. Cookies are small data files placed on the device of the user, and local storage is a mechanism by which a website stores data within the browser of the user.

XENIA sets a first visit compliance and age acknowledgement cookie that records that the user has acknowledged the adult nature of XENIA and the applicable compliance notices. This cookie is scoped to the domain .xenia.studio and is retained for a period of one year. XENIA also uses cookies and local storage that are necessary to authenticate sessions, maintain device pairing, and operate core features of XENIA.

The user may control or delete cookies and local storage through the settings of the browser of the user. Disabling cookies or local storage that are necessary for XENIA may prevent the user from accessing or using parts of XENIA.

Third-Party Services and Processors

XENIA relies on a limited number of third party services to operate. These third parties process information only as necessary to provide their services and, where they act as processors, in accordance with the instructions of XENIA and applicable law. The third parties of XENIA include:

• Yoti, which provides age and identity verification and processes verification information as a processor of XENIA.
• MoonPay and Transak, which are optional fiat on ramp providers that allow the user to buy SOL or USDT and which collect their own know your customer information directly from the user as independent controllers.
• The Solana network, which is a public, decentralized ledger that records transactions and is not controlled by XENIA.
• Hosting and database infrastructure providers, which store and serve the data of XENIA under the instructions of XENIA.
• An email and SMTP provider, which delivers verification codes and account communications on behalf of XENIA.

How We Share Information

XENIA does not sell the personal information of users, and XENIA does not share personal information for cross context behavioral advertising. XENIA discloses information only in the limited circumstances described below:

• To the processors and third party services described in the section titled Third-Party Services and Processors above, to the extent necessary for those parties to provide their services.
• To other users of XENIA, where the user chooses to publish content, set a profile to a public or purchasable visibility, or otherwise make information available through the features of XENIA.
• Through the DM reveal feature, by which XENIA sells access to the off platform contact handle of a creator. XENIA does not proxy, store, or read any conversation that takes place off platform after such access is granted, and XENIA has no visibility into communications conducted on an off platform service.
• Where required to comply with applicable law, legal process, or a lawful request of a public authority, or to enforce the Terms of Service of XENIA and protect the rights, property, or safety of XENIA and of the users of XENIA.
• In connection with a merger, acquisition, financing, reorganization, or sale of assets, in which case information may be transferred subject to this Privacy Policy.

Information written to the Solana blockchain is inherently public, as described in the section titled On-Chain Information Is Public and Permanent above.

Data Retention

XENIA retains personal information for as long as is necessary to provide XENIA to the user, to maintain the account of the user, and to fulfill the purposes described in this Privacy Policy. XENIA also retains certain information for longer periods where retention is necessary to comply with legal obligations, including record keeping obligations relating to adult content and age verification, to resolve disputes, and to enforce the agreements of XENIA.

When information is no longer required for these purposes, XENIA deletes it or renders it anonymous. The user should note that information recorded on the Solana blockchain is permanent and cannot be deleted by XENIA, as described in the section titled On-Chain Information Is Public and Permanent above.

Certain records cannot be deleted on request. Where a right to erasure conflicts with an obligation of XENIA to retain or preserve records, including age and identity verification and record keeping obligations under 18 U.S.C. Sections 2257 and 2257A and preservation obligations under 18 U.S.C. Section 2258A, XENIA retains the records to the minimum extent and for the minimum period required by law, restricts their use to legal compliance, and then deletes them. This limitation on erasure is recognized under Article 17(3) of the General Data Protection Regulation and corresponding provisions of other privacy laws.

Data Security

XENIA implements technical and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. Content stored by XENIA is encrypted at rest using AES-256-GCM envelope encryption. The original un-filtered media of the creator is never transmitted to XENIA, as described in the section titled On-Device Filtering and What We Never Receive above.

Requests to the application programming interface of XENIA are authenticated by means of device signed credentials, and XENIA does not rely on long lived, reusable access tokens. Device pairing for the XENIA Studio desktop application uses Ed25519 public key cryptography. Further detail about the security architecture of XENIA is available at the security documentation. These descriptions explain the design of XENIA and are not a warranty or guarantee of security. No method of transmission or storage is completely secure, and XENIA does not warrant that any specific measure will prevent all unauthorized access.

Personal Data Breaches

XENIA maintains procedures to detect, investigate, and respond to personal data breaches. Where a breach is likely to result in a risk to the rights and freedoms of affected individuals, XENIA will notify the competent supervisory authority without undue delay and, where required, within 72 hours, and will notify affected individuals where the law requires. XENIA also complies with applicable breach notification obligations under United States state law.

Your Privacy Rights

Subject to applicable law, the user may have rights in respect of the personal information of the user. These rights vary by jurisdiction and may include the rights described below.

Rights Under GDPR and UK GDPR

Where the General Data Protection Regulation or the United Kingdom General Data Protection Regulation applies, the user has the right to access the personal information of the user, to request correction of inaccurate information, to request deletion of information, to request restriction of processing, to object to processing carried out on the basis of the legitimate interests of XENIA, and to request portability of information that the user has provided to XENIA. Where processing is based on consent, the user may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal. The user also has the right to lodge a complaint with a supervisory authority.

Rights Under CCPA and CPRA

Where the California Consumer Privacy Act, as amended by the California Privacy Rights Act, applies, the user has the right to know the categories and specific pieces of personal information collected, the right to request deletion of personal information, the right to request correction of inaccurate personal information, and the right to be free from discrimination for exercising these rights. As stated in the section titled How We Share Information above, XENIA does not sell personal information and does not share personal information for cross context behavioral advertising.

How to Exercise These Rights

The user may exercise the rights of the user by contacting XENIA using the details set out in the section titled Contact below. XENIA may need to verify the identity of the user before responding to a request, and XENIA will respond within the time periods required by applicable law. The user should note that certain information, including information recorded on the Solana blockchain and information that XENIA is required to retain by law, cannot be deleted by XENIA.

International Data Transfers

XENIA and the service providers of XENIA may process and store personal information in countries other than the country in which the user resides. Where personal information is transferred outside the European Economic Area or the United Kingdom, XENIA relies on appropriate safeguards recognized under applicable data protection law, which may include standard contractual clauses or transfers to jurisdictions recognized as providing an adequate level of protection. The user may request information about the safeguards applied to such transfers by contacting XENIA using the details set out in the section titled Contact below.

Children

XENIA is an adult platform and is strictly limited to persons aged 18 and over. XENIA does not knowingly collect personal information from any person under the age of 18, and no person under the age of 18 is permitted to register for, access, or use XENIA. If XENIA becomes aware that a person under the age of 18 has provided personal information or gained access to XENIA, XENIA will promptly terminate that person's access and remove any content. XENIA will preserve, and will not delete, records, content, and associated data where preservation is required by law, including where required to comply with federal reporting and preservation obligations relating to the sexual exploitation of minors (including 18 U.S.C. Section 2258A) and federal record keeping obligations under 18 U.S.C. Sections 2257 and 2257A. Such preserved records are handled solely for legal compliance purposes, with restricted access, and are disclosed only to the appropriate authorities or as required by law.

Changes to This Policy

XENIA may update this Privacy Policy from time to time to reflect changes in the practices of XENIA, in the services of XENIA, or in applicable law. When XENIA makes a material change, XENIA will take reasonable steps to notify the user, which may include posting the updated Privacy Policy within XENIA or notifying the user by other means. The continued use of XENIA after an updated Privacy Policy takes effect constitutes acknowledgement of the updated Privacy Policy.

Contact

For questions about this Privacy Policy or to exercise the rights of the user, the user may contact XENIA at [privacy@xenia.studio].

The data controller responsible for the personal information processed through XENIA is [DATA CONTROLLER ENTITY NAME], located at [REGISTERED ADDRESS].

Where required by the General Data Protection Regulation or the United Kingdom General Data Protection Regulation, the representative of XENIA within the European Union or the United Kingdom is [EU/UK REPRESENTATIVE].