Dalye

Privacy Policy

Last updated: April 2026 | Effective: May 1, 2026

1. Controller / Data Controller

The controller responsible for the processing of your personal data is:
AUS2001 LLC ("Dalye," "we," "us," "our")
30 N Gould St Ste R, Sheridan, WY 82801, USA
Contact: i[at]dalye[dot]com

Where required by law, we designate a representative in the EU and/or UK. For all privacy inquiries, please contact: i[at]dalye[dot]com.

2. What Data We Collect

2.1 Data You Provide

  • Registration data: email address, username, encrypted password
  • Profile data: name, profile picture, bio, location information
  • User Content: videos, images, comments, listings
  • Communications: messages, support requests
  • Payment data: processed through third-party payment providers; we do not store card numbers

2.2 Automatically Collected Data

  • Technical data: IP address, device info, browser type, operating system
  • Usage data: pages visited, click paths, time-on-site, search queries
  • Log data: server access logs, error reports
  • Approximate location based on IP address
  • Cookies and similar tracking technologies (see Cookie Policy)

2.3 Data from Third-Party Sources

  • Social login data (e.g., Facebook) if you use that feature
  • Publicly available data for fraud prevention

3. Purposes & Legal Basis (GDPR Art. 13)

PurposeLegal Basis
Providing and operating the ServicesArt. 6(1)(b) GDPR — Contract performance
Account creation and managementArt. 6(1)(b) GDPR — Contract performance
Payment processingArt. 6(1)(b) GDPR — Contract performance
Security and fraud preventionArt. 6(1)(f) GDPR — Legitimate interest
Platform improvement and analyticsArt. 6(1)(f) GDPR — Legitimate interest
Marketing and personalizationArt. 6(1)(a) GDPR — Consent
Non-essential cookiesArt. 6(1)(a) GDPR — Consent
Legal complianceArt. 6(1)(c) GDPR — Legal obligation
AI content moderationArt. 6(1)(f) GDPR — Legitimate interest + Art. 22

4. Data Retention

  • Account data: until account deletion + 30-day technical buffer
  • Transaction records: 7 years (legal obligation)
  • Server log files: 90 days
  • Support communications: 2 years after resolution
  • Marketing data: until consent is withdrawn
  • Backup data: up to 30 days after deletion from active systems

5. Sharing Your Data

We do not sell your personal data. We share data only in these cases:

  • Service providers (processors): Cloud providers, payment processors, CDN providers — each under GDPR Art. 28 data processing agreements
  • Law enforcement: When legally required or to prevent illegal activity
  • Corporate transactions: In case of merger, acquisition, or asset sale, with prior user notice
  • With your consent: In other cases with your explicit agreement

6. International Data Transfers

As a US company, we process data in the United States. For users in the European Economic Area (EEA), we ensure adequate safeguards through:

  • EU Standard Contractual Clauses (SCCs) under GDPR Art. 46(2)(c)
  • UK International Data Transfer Agreement (UK IDTA) for UK users

Copies of applicable safeguards are available on request at i[at]dalye[dot]com.

7. Your Rights (GDPR Art. 15–22)

You have the following rights regarding your personal data:

  • Access (Art. 15): Request a copy of your personal data
  • Rectification (Art. 16): Request correction of inaccurate data
  • Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
  • Restriction (Art. 18): Request restriction of processing
  • Portability (Art. 20): Receive your data in a machine-readable format
  • Objection (Art. 21): Object to processing based on legitimate interests
  • Withdraw consent (Art. 7(3)): Revoke consent at any time without affecting prior processing
  • Human review (Art. 22): Request human review of automated decisions affecting you

To exercise your rights, contact: i[at]dalye[dot]com. We respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority. Find EU authorities at: edpb.europa.eu

8. UK GDPR

For UK users, the UK GDPR and Data Protection Act 2018 apply additionally. The supervisory authority is the Information Commissioner's Office (ICO): ico.org.uk. Your rights under UK GDPR mirror those described in Section 7.

9. California Privacy Rights (CCPA/CPRA)

California residents have the following rights:

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of personal information
  • Right to opt out of sensitive data profiling
  • Right to non-discrimination for exercising your privacy rights

Dalye does not sell your personal information. To submit a CCPA request:i[at]dalye[dot]com (Subject: CCPA Privacy Request).

10. Asia-Pacific

  • China (PIPL): We process personal information in compliance with China's Personal Information Protection Law. Cross-border transfers are conducted on a lawful basis.
  • Singapore (PDPA): Processing in accordance with Singapore's Personal Data Protection Act.
  • Australia (Privacy Act): Processing in accordance with the Australian Privacy Principles (APPs).

11. AI Moderation & Automated Decisions

We use automated AI systems to review uploaded Content for violations of our Terms (hate speech, violence, CSAM, etc.). These systems may automatically restrict content or escalate for manual review.

Under GDPR Art. 22, you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. You may request human review ati[at]dalye[dot]com (Subject: Appeal).

12. Data Security

We protect your data using technical and organizational measures including SSL/TLS encryption, Bcrypt password hashing, role-based access control, and regular security audits. No internet transmission can be guaranteed 100% secure.

In the event of a data breach, we will notify affected users and relevant authorities within the legally required timeframes (72 hours under GDPR Art. 33).

13. Changes to This Privacy Policy

We may update this Privacy Policy at any time. Material changes will be communicated at least 30 days before taking effect via email or in-app notification. The date of the last update is shown at the top of this page.