Legal·Privacy Policy

Privacy Policy

Updated
Jun 30, 2026
Contact

This Privacy Policy explains how Tingz Group Inc. (doing business as "Para") and its subsidiary Parasocial Limited ("Para," "we," "us") collect, use, disclose, and protect personal information in connection with the Services. For users in the EEA/UK, the data controller is Parasocial Limited; elsewhere, Tingz Group Inc. Contact: privacy@para.co.

The Services are for adults 18+. We do not knowingly collect data from anyone under 18.

1. Personal information we collect

You provide:

  • Account & contact — username, email, password, profile details, date of birth.
  • Age & identity verification — government-issued ID, selfie/liveness data, and biometric information derived from your ID or content solely to verify age and identity (see Section 6). For Creators and collaborators, additional ID, consent/release forms, and the records described in our § 2257 Statement.
  • Payment & payout — billing details, partial card data, transaction history, and (for Creators/Agencies) payout and tax information (e.g., W-9/W-8). Card numbers are handled by our Payment Providers; we do not store full card numbers.
  • Content & communications — the content you post and messages, support requests, and reports you send.

Collected automatically: device and log data (IP address, device/browser identifiers, operating system, pages/timestamps, referring URLs, errors) and usage data, via cookies and similar technologies (see our Cookie Policy). We do not collect precise geolocation.

From third parties: our age/identity-verification, payment, fraud-prevention, hosting, and analytics providers, and (where you connect them) limited data from third-party log-ins.

We use personal information for the following purposes (with the corresponding GDPR legal basis):

  • Provide, operate, and secure the Services and process payments and payouts — performance of a contract.
  • Verify age and identity; keep § 2257 records; prevent CSAM and fraud; comply with card-network and AML/sanctions rules — legal obligation; legitimate interests; substantial public interest.
  • Moderate content and handle complaints and appeals; enforce our Terms — legitimate interests; legal obligation.
  • Communicate with you (service messages, and — with consent where required — marketing) — legitimate interests; consent.
  • Improve and develop the Services; analytics — legitimate interests, or consent for non-essential cookies.
  • Comply with law and respond to lawful requests — legal obligation.

We process special-category data (such as data revealing sexual orientation, and biometric/ID data used for verification) only where a GDPR Article 9 condition applies — including your explicit consent, the establishment, exercise, or defence of legal claims, or substantial public interest (child protection, fraud and crime prevention).

3. How we share personal information

We share personal information only with:

  • Service providers / processors acting on our behalf under contract — payment processing, age/identity verification, content moderation and CSAM detection, hosting, analytics, customer support, and security — limited to what they need;
  • Authorities and NCMEC, and other parties, where necessary to comply with law or legal process, to report CSAM, to detect or prevent fraud or crime, or to protect the rights, safety, and property of Users, the public, or Para;
  • A successor in a merger, acquisition, financing, or sale of assets (subject to this Policy).

We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising. We do not disclose your data to advertising networks or data brokers for their own marketing.

4. International transfers

We may transfer personal information to countries other than where you live, including the United States. Where we do, we use appropriate safeguards — such as the EU Standard Contractual Clauses and the UK International Data Transfer Addendum — or another lawful transfer mechanism. Contact privacy@para.co for details.

5. Retention

We keep personal information only as long as necessary for the purposes above, then delete or de-identify it. In particular:

  • Age/identity-verification and § 2257 records are retained for the period required by applicable law. Where age verification is performed by a third-party provider on a "no-retention" basis, only a pass/fail (over-18) result is recorded and the underlying ID is not retained by us.
  • Transaction and tax records are retained for the periods required by financial, tax, and card-network rules.
  • Moderation, complaint, and CSAM-report records are retained as required to meet our legal obligations and to defend claims.

6. Age- and identity-verification data

We (or our verification providers) may collect and process government-ID and biometric information (such as facial-geometry/liveness data) strictly to verify that a person is 18+ and is who they claim to be, to keep § 2257 records, and to prevent CSAM and fraud. We obtain consent where required, minimize what we collect, restrict access, and retain or delete this data in line with Section 5 and applicable biometric-privacy laws.

7. Security and breach notification

We implement technical and organizational measures designed to protect personal information. No system is perfectly secure, but if a breach affecting your personal information occurs, we will notify you and the relevant authorities where required by law and take steps to mitigate it.

8. Your rights

Depending on where you live, you may have rights to access, correct, delete, port, restrict, or object to the processing of your personal information, to opt out of "sale"/"sharing" and certain profiling, to limit use of sensitive personal information, and to withdraw consent. EEA/UK users may lodge a complaint with their data-protection authority. To exercise rights, email privacy@para.co; we will verify your identity before acting and respond within the timeframes required by law (for example 30–45 days). We will not discriminate against you for exercising your rights.

We retain certain data despite a deletion request where the law allows or requires it (for example § 2257 records, fraud/AML and CSAM-related records, tax records, or to defend legal claims).

9. Children

The Services are for adults 18+. We do not knowingly collect personal information from anyone under 18, and we will delete it promptly if we learn we have. Contact privacy@para.co.

10. Changes and contact

We may update this Policy and will change the "last updated" date; for material changes we will provide notice where required. Questions or requests: privacy@para.co, or by mail to Tingz Group Inc., 200 Central Ave #511, St. Petersburg, FL 33701, USA / Parasocial Limited, 71-75 Shelton Street, London, WC2H 9JQ, UK.