01Data controller
[TO BE COMPLETED — LEGAL ENTITY NAME]
[TO BE COMPLETED — ADDRESS]
Email: contact@thedoor.vip
Privacy Policy
Last updated : [TO BE COMPLETED — DATE]
02Data collected
The Door collects only the minimum data necessary for its operation:
Site visitors (without an account): no personal data is collected. The Door uses Plausible Analytics, a privacy-friendly analytics tool that sets no cookies and collects no personal data. Browsing data is aggregated and anonymous.
Registered users: email address, hashed password, registration date. Optional: pseudonym, browsing preferences.
Professional establishments: name of the responsible person, professional email, professional phone number, establishment address, business registration number where applicable. This data is provided voluntarily when claiming a listing.
Honour declaration: when a listing is claimed, the timestamp of signature, the signer's IP address, and the text of the accepted declaration are stored as legal evidence. This data is retained throughout the establishment's listing period and for 5 years after any subsequent removal.
03Special category data — GDPR Article 9
The Door is a platform thematically related to adult experiences. Mere browsing of the site does not constitute processing of data concerning sexual life within the meaning of GDPR Article 9, since no personal data is collected during navigation.
If future features require the processing of data that may reveal information about users' sexual life (favourites, personalised browsing history), explicit and specific consent will be requested in accordance with GDPR Article 9.
04Minors
The Door is a website intended exclusively for adults aged 18 or over. No data of minors is knowingly collected. If we discover that a minor has created an account or submitted personal data, that data will be deleted immediately. If you are a parent or guardian and believe a minor has provided data via our site, please contact us at contact@thedoor.vip.
05Processing purposes
Data collected is used for: platform operation, user account management, establishment listing management, sending service-related communications (no marketing without consent), service improvement through aggregated and anonymous statistics.
06Legal basis
Visitors: legitimate interest (anonymous statistics). Registered users: contract performance (account creation). Establishments: contract performance (listing claim). Public data of unclaimed establishments: legitimate interest (informing the public about lawful activities).
07Recipients
Personal data is never sold or rented to third parties.
Technical sub-processors: Vercel (hosting), Supabase (database), Plausible (anonymous analytics). Each sub-processor is selected for its GDPR compliance.
08Retention period
User accounts: retained as long as the account is active. Deleted within 30 days following a deletion request. Claimed establishment listings: retained as long as the establishment does not request removal. Data of unclaimed establishments: public data, periodically reviewed. Technical logs: 12 months maximum.
09Data subject rights
In accordance with the GDPR, you have the following rights: access to your data, rectification, erasure (“right to be forgotten”), restriction of processing, portability, objection.
For establishments: right of listing withdrawal within 72 hours upon simple request.
To exercise your rights: contact@thedoor.vip. Response within a maximum of 30 days.
In case of complaint, you may contact the French Data Protection Authority (CNIL): www.cnil.fr — or your local supervisory authority.
10Transfers outside the EU
Some sub-processors (Vercel, Supabase) may process data in the United States. These transfers are governed by the Standard Contractual Clauses approved by the European Commission and/or the EU–US Data Privacy Framework.
11Security
The Door implements technical and organisational measures to protect data: HTTPS encryption, hashed passwords, restricted database access, regular backups, WHOIS privacy on the domain.
12Data breach notification
In the event of a personal data breach likely to cause a risk to the rights and freedoms of individuals, The Door commits to notifying the supervisory authority within 72 hours of discovering the incident, in accordance with GDPR Article 33. Affected individuals will be informed if the breach is likely to result in a high risk to their rights and freedoms.
13Privacy Policy modifications
The Door may modify this policy at any time. In case of substantial modification, the “last updated” date at the top of this page will be revised. Registered users will be informed by email of significant changes. Continued use of the site after modification constitutes acknowledgement of the updated policy.