Privaatsuspoliitika

Last updated: 15/05/2026

This Privacy Policy describes how Stella And Pow OÜ (“we”, “our”, “us”) processes the personal data of users of the website sugardaddyplanet.com (hereinafter, “the Website” or “the Platform”).

Given the nature of our service — a private social network for adults interested in sugar dating — we handle personal data with particular care. This includes information that the law classifies as “special category data” (such as data relating to sexual life or sexual orientation). This Policy explains in detail what data we collect, why, on what legal basis, with whom we share it, how long we retain it, what security measures we apply, and what rights you have.

The “Sugar Daddy Planet” brand, the sugardaddyplanet.com domain and the underlying technology are owned by Polaris Nexus LLC (Wyoming, United States), which licenses them to Stella And Pow OÜ for operation in the European Union, the United Kingdom, the European Economic Area and Switzerland. The processing of your personal data, however, is the responsibility of Stella And Pow OÜ as data controller. The limited role of Polaris Nexus LLC in relation to your personal data, and any data flows between us and Polaris Nexus LLC, are described in Sections 8 and 10 of this Policy.

1. Data controller

The controller responsible for processing your personal data is:

Stella And Pow OÜ
Majaka tn 26, Lasnamäe linnaosa
13516 Tallinn, Harju maakond
Estonia

Privacy matters: info@sugardaddyplanet.com
Corporate email: info@stellaandpow.com

2. What data we collect

Data you provide directly:

• Identification: username, email address, date of birth, gender, country of residence.
• Profile content: photographs, personal description, preferences, interests and lifestyle expectations.
• Communications: private messages exchanged with other users, video calls initiated through the Platform’s integrated function, forum posts and interactions.
• Payment data: handled directly by our payment processors. Stella And Pow OÜ does not store full card numbers or banking credentials.
• Verification data: where applicable, documents and data submitted to verify your age or identity, and the result of such verification.
• Support data: information you provide when contacting customer support or reporting other users.

Data collected automatically:

• IP address, connection data and approximate geolocation derived from the IP.
• Browser type and version, operating system, device model and identifiers.
• Pages visited, session duration, click patterns and feature usage.
• Information obtained through cookies and similar technologies (see our Cookies Policy).

Data we generate about you:

• Account status, subscription level and payment history.
• Activity logs: logins, profile updates and message metadata (not content).
• Trust and safety signals: flags raised by automated systems or reports filed by other users.
• Results of moderation and verification decisions.

3. Special category data (Article 9 GDPR)

Because of the nature of a sugar dating platform, the data you choose to share may reveal information about your sexual life or sexual orientation, which is considered “special category data” under Article 9 of the GDPR.

We only process such data when you actively share it through your profile, your communications with other users, or other features of the Platform. The legal basis for processing this data is your explicit consent under Article 9(2)(a) GDPR, granted when you complete your registration and publish content on the Platform.

You can withdraw your consent at any time by deleting the relevant content from your profile or by closing your account. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

We do not knowingly process data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a person, or health data, unless you voluntarily include such information in your profile or communications.

4. Photographs

Photographs you upload may include information that qualifies as special category data (for example, by revealing your appearance, apparent ethnicity or health). Photographs are processed solely to display them within your profile and on the Platform, and to allow you to communicate visually with other users.

We do not use facial recognition, facial geometry analysis or any other biometric technology to uniquely identify individuals from their photographs.

Where age or identity verification involves the analysis of photographs (for example, comparison between an ID document and a selfie), this is performed by specialized third-party providers under strict contractual safeguards, only for the purpose of verification, and not for ongoing biometric tracking. See our Age Verification Policy for further detail.

You are responsible for the photographs you upload and you warrant that you hold the necessary rights over them and that they do not infringe the rights of third parties.

5. Purposes of processing and legal bases

We process your personal data for the following purposes and on the following legal bases:

Purpose	Legal basis
Creating and managing your account	Performance of the contract
Providing Platform services (profiles, messaging, video calls, forums)	Performance of the contract
Processing payments and managing subscriptions (Stella And Pow OÜ acts as Merchant of Record)	Performance of the contract and legal obligation
Issuing invoices and complying with Estonian and EU VAT/accounting obligations	Legal obligation
Processing special category data revealed through your profile and communications	Explicit consent (Art. 9(2)(a) GDPR)
Verifying the age and, where applicable, the identity of users	Legal obligation and legitimate interest
Preventing fraud, impersonation, abuse and prohibited conduct	Legitimate interest and legal obligation
Moderating content and enforcing the Community Guidelines	Legitimate interest and performance of the contract
Sending transactional communications (confirmations, notices, renewals)	Performance of the contract
Sending marketing communications and newsletters	Consent (revocable at any time)
Conducting statistical analysis and improving the service	Legitimate interest
Protecting the intellectual property of the Platform on behalf of and in cooperation with our licensor, Polaris Nexus LLC	Legitimate interest
Complying with legal obligations and responding to requests from authorities	Legal obligation
Cooperating with authorities and organizations in the prevention and investigation of human trafficking, sexual exploitation, money laundering or other crimes	Legal obligation and public interest

You may request a copy of our legitimate interest assessments by writing to info@sugardaddyplanet.com.

6. Automated decision-making and profiling

We use automated systems to assist with the operation of the Platform. In particular:

• Fraud and abuse detection — algorithms analyze account behavior, payment patterns, IP signals and content to flag potentially fraudulent, abusive or fake accounts. Flagged accounts may be subject to additional verification or temporary suspension while reviewed.
• Content moderation — automated tools scan uploaded content (profiles, photographs, messages, forum posts) for prohibited material such as explicit sexual content, offers of escort services, breaches of the Community Guidelines, hate speech or illegal content. Content that is flagged may be hidden pending human review.
• Search and discovery — recommendation features use signals such as your stated preferences, location, activity and profile completeness to suggest potentially relevant profiles. This is a recommendation system; it does not produce binding decisions.
• Triage of support and trust & safety queues — reports and tickets are prioritized automatically by severity to ensure timely review.

No solely automated decisions producing legal or similarly significant effects are made without human review. Decisions to suspend or ban a user, or to reject a verification, may be initiated by automated systems but are reviewed by our trust and safety team before becoming final.

You have the right to obtain human intervention, to express your point of view and to contest any such decision. To exercise this right, contact info@sugardaddyplanet.com.

7. Retention periods

We retain your data for the following periods:

• User account data: while the account is active and for 5 years after closure, in order to handle potential claims, comply with legal obligations and prevent reopening by sanctioned users.
• Transaction and billing data: 7 years, in accordance with Estonian Accounting Act and applicable EU VAT/tax obligations.
• Private messages and posted content: while the account is active; after closure, may be retained for up to 12 additional months for security purposes and to preserve other users’ conversations.
• Age and identity verification data: for the duration of the account and 2 additional years after closure, to evidence regulatory compliance.
• Connection logs and technical data: 12 months, for security and fraud prevention.
• Consent for marketing communications: until you withdraw it.
• Data relating to investigations of fraud, abuse, trafficking or other crimes: for the legally required period or as required by the competent authority.

After the applicable period, data is securely deleted or anonymized.

8. Sharing of data with third parties

Stella And Pow OÜ does not sell your personal data. We do not work with affiliate marketing networks that track users across third-party sites.

Your data may be shared with the following recipients:

Service providers (data processors):

• Payment processors — for processing payments and managing subscriptions.
• Google LLC — email services (Gmail), storage (Google Drive) and web analytics (Google Analytics).
• Web hosting and infrastructure providers.
• Age and identity verification providers (including Ondato), where applicable.
• Customer support tooling.
• Email delivery services for transactional and marketing communications.

All processors are bound by data processing agreements under Article 28 GDPR that require compliance with data protection law.

Polaris Nexus LLC (licensor of the Platform). Polaris Nexus LLC is the owner of the “Sugar Daddy Planet” brand, the sugardaddyplanet.com domain, the Platform’s source code and the editorial content, which it licenses to Stella And Pow OÜ. Polaris Nexus LLC may receive limited personal data only where strictly necessary to: (i) support the technical operation, maintenance, backup or disaster recovery of the Platform; (ii) protect, enforce or defend the intellectual property rights in the Platform; (iii) defend, bring or settle legal claims related to the Platform; or (iv) comply with a legal obligation imposed on the licensor or the operator. Where Polaris Nexus LLC processes personal data on our behalf, it acts as our data processor under a data processing agreement, and the transfer of data to the United States is protected by the safeguards described in Section 10 below.

Other users of the Platform — see Section 9 below.

Public authorities, law enforcement and regulatory bodies where required by law, in response to a valid legal request, or where necessary to investigate unlawful conduct, in particular conduct relating to human trafficking, sexual exploitation, fraud or money laundering.

Organizations specialized in the prevention of trafficking and exploitation, where necessary to report or cooperate in the prevention of these crimes.

In the context of a business transaction — in the event of a merger, acquisition, restructuring or sale of assets affecting Stella And Pow OÜ or Polaris Nexus LLC, your data may be transferred to the acquiring party, subject to confidentiality obligations and prior notice.

9. Data shared with other users

The Platform is a social network. By creating an account, you accept that certain information will be visible to other users.

Visible to other registered users:

• Username
• Profile photographs
• Personal description, preferences and interests you choose to publish
• Approximate location (city or region — not exact address)
• Verification badges, where applicable
• Activity status (for example, “online” or “last seen”)

Shared only with users you interact with:

• Private messages, photographs and videos you send
• Video calls you initiate through the Platform
• Any other information you choose to share in conversations

Never visible to other users:

• Email address
• Exact date of birth (only your age or age range)
• Payment information
• Verification documents
• IP address and technical data
• Internal moderation flags

You control your visibility. From your account settings you can edit your profile content, adjust visibility, block users, report misconduct, and delete content at any time.

10. International data transfers

Stella And Pow OÜ is established in Estonia, a Member State of the European Union. As a rule, your personal data is processed within the European Economic Area.

International transfers of personal data outside the European Economic Area occur only in the following limited cases:

• Sub-processors located outside the EEA, such as Google LLC (United States) for email, storage and analytics services.
• Transfers to Polaris Nexus LLC (United States) for the limited purposes described in Section 8 (technical operation, intellectual property protection, legal defense and the like).
• Other service providers located outside the EEA, where necessary for the provision of the Platform.

Such transfers are carried out under the following safeguards provided for in the GDPR:

• EU–US Data Privacy Framework (DPF) where the recipient is certified under that framework.
• Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented, where necessary, by additional technical and organizational measures (such as encryption, pseudonymization and strict access controls).
• Adequacy decisions of the European Commission, where applicable to the destination country.

You may request a copy of the applicable safeguards by emailing info@sugardaddyplanet.com.

11. Data security and encryption

We apply technical and organizational measures designed to protect your data, including:

• Encryption in transit — all communications between your device and our servers are encrypted using TLS 1.2 or higher.
• Encryption at rest — sensitive data, including private messages between users, is encrypted on our servers.
• Access controls — strict access management based on the principle of least privilege; only authorized personnel can access user data and only for legitimate purposes (security, support, moderation or legal compliance).
• Continuous monitoring — automated systems monitor activity for security incidents on a 24/7 basis.
• Vendor due diligence — we evaluate the security posture of our service providers and execute data processing agreements with all of them.
• Periodic review — security measures are reviewed regularly and updated in response to new threats and best practices.

Despite these measures, no online system is completely secure. We recommend that you use strong, unique passwords, enable any available account security features, and never share your credentials.

12. Security breach notification

In the event of a security breach likely to result in a risk to your rights and freedoms, we will notify the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) — and any other competent supervisory authority — without undue delay and, where required, within 72 hours of becoming aware of the breach, in accordance with Article 33 GDPR.

If the breach is likely to result in a high risk to your rights and freedoms, we will notify you directly by email and, where appropriate, by in-platform notification, without undue delay, in accordance with Article 34 GDPR. The notification will describe the nature of the breach, the likely consequences, the measures we have taken and any recommended actions on your part.

13. Your rights under the GDPR and UK GDPR

As a data subject under the EU GDPR and, for UK residents, the UK GDPR, you have the following rights:

• Right of access — obtain confirmation as to whether we process your data and a copy of it.
• Right to rectification — correct inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”) — request the deletion of your data when the conditions provided by law apply.
• Right to restriction of processing — limit the use of your data in certain cases.
• Right to data portability — receive your data in a structured, commonly used format, or have it transmitted to another controller.
• Right to object — object to processing based on legitimate interest, including profiling. You may object to direct marketing at any time.
• Right not to be subject to solely automated decisions producing legal or similarly significant effects, with the right to obtain human intervention and to contest the decision.
• Right to withdraw consent at any time, without retroactive effect.
• Right to lodge a complaint with a competent supervisory authority (see Section 15).

14. How to exercise your rights

You may exercise your rights by sending a request to info@sugardaddyplanet.com, indicating:

• The right you wish to exercise.
• The username and email address associated with the account.
• Reasonable proof of identity, where necessary.

We will respond within one month of receipt of the request. This period may be extended by up to two additional months in particularly complex cases, in which case we will inform you within the first month.

The exercise of your rights is free of charge, except where requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request, as permitted by law.

15. Supervisory authorities

Because Stella And Pow OÜ has its main establishment in Estonia, our lead supervisory authority under the GDPR one-stop-shop mechanism is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) — www.aki.ee.

You also have the right to lodge a complaint with the supervisory authority of your country of residence. Among others:

• Hispaania — Agencia Española de Protección de Datos (AEPD) — www.aepd.es
• Prantsusmaa — Commission Nationale de l’Informatique et des Libertés (CNIL) — www.cnil.fr
• Saksamaa — Federal Commissioner for Data Protection (BfDI) — www.bfdi.bund.de
• Itaalia — Garante per la protezione dei dati personali — www.garanteprivacy.it
• Madalmaad — Autoriteit Persoonsgegevens — www.autoriteitpersoonsgegevens.nl
• United Kingdom — Information Commissioner’s Office (ICO) — ico.org.uk

The complete list of EU supervisory authorities is available on the European Data Protection Board website (edpb.europa.eu).

16. Minors

Access to and use of the Platform is strictly prohibited to persons under 18 years of age, or under the age of majority applicable in their country of residence if higher.

We apply age verification mechanisms and, if we detect that a minor has provided personal data, we will delete their information immediately and ban the account. Anyone who becomes aware of the improper use of the Platform by a minor may report it to info@sugardaddyplanet.com.

See our Age Verification Policy for further details.

17. Cookies

The use of cookies and similar technologies is governed by our Cookies Policy, available on the website.

18. Changes to this Policy

We may update this Privacy Policy to reflect legal, technical or operational changes. The “Last updated” date at the top of this Policy indicates the version in force. In the event of material changes, we will notify you through our usual channels (email and/or in-platform notification) with reasonable advance notice before the changes take effect.

19. Kontakt

For any query relating to this Policy or the processing of your data:

• Email (privacy matters): info@sugardaddyplanet.com
• Data Controller (Stella And Pow OÜ): Majaka tn 26, Lasnamäe linnaosa, 13516 Tallinn, Harju maakond, Estonia. Corporate email: info@stellaandpow.com.
• Licensor (Polaris Nexus LLC) — brand and intellectual property owner: 1621 Central Ave, Cheyenne, WY 82001, United States. Polaris Nexus LLC is not the data controller of your personal data and acts only as described in Sections 8 and 10 above.