Stephsis Media logo
Legal

Privacy Policy

Last updated: 14 June 2026

This Privacy Policy explains how Stephsis Media collects, uses, stores and protects your personal data, and the rights you have under the EU General Data Protection Regulation (GDPR) and Dutch data-protection law.

1. Who we are (Data Controller)

Stephsis Media is the data controller responsible for your personal data. The Platform is operated from the Netherlands and is subject to the GDPR and the Dutch implementation thereof.

  • Controller: The operator of Stephsis Media
  • Location: The Netherlands (full postal address available on request)
  • Contact: [email protected]

2. What personal data we collect

  • Account data: email address, username and display name.
  • Authentication data: your password, stored only as a salted cryptographic hash — we never store your password in plain text.
  • Payment references: blockchain transaction references and wallet addresses related to your Solana Pay purchases. We do not store credit-card or bank details; cryptocurrency payments are processed on-chain.
  • Technical data: IP address and basic device/browser information.
  • Usage data: activity on the Platform such as logins, subscriptions, and content you interact with, used to deliver and secure the service.
  • Communications: messages you send through the Platform and any correspondence with us.

3. Why we collect it and our legal basis

We process your personal data on the following legal bases under Article 6 GDPR:

  • Performance of a contract (Art. 6(1)(b)): account creation and management, providing subscriptions and content, and processing your payments.
  • Legitimate interests (Art. 6(1)(f)): securing the Platform, preventing fraud and abuse, age-assurance, and maintaining and improving the service. We balance these interests against your rights and freedoms.
  • Legal obligation (Art. 6(1)(c)): complying with applicable law, including tax, accounting and content-related legal requirements.
  • Consent (Art. 6(1)(a)): where we rely on your consent (for example, certain non-essential cookies), you may withdraw it at any time.

4. How long we keep your data

We retain personal data only for as long as necessary for the purposes set out above. Account data is kept for the life of your account; after account deletion we remove or anonymise personal data within a reasonable period, except where we must retain certain records (for example, transaction and tax records) to meet legal obligations.

5. Who we share data with

We do not sell your personal data and we do not share it with third-party advertisers. We share data only with service providers that act as our processors and strictly on our instructions, such as:

  • hosting and infrastructure providers that operate the servers running the Platform;
  • email-delivery providers used to send verification and account messages;
  • blockchain networks, which are inherently public, to the extent necessary to process and verify payments.

Where a processor is located outside the European Economic Area, we ensure appropriate safeguards (such as the European Commission’s Standard Contractual Clauses) are in place.

6. Your rights under the GDPR

Subject to the conditions in the GDPR, you have the right to:

  • Access — obtain a copy of the personal data we hold about you;
  • Rectification — correct inaccurate or incomplete data;
  • Erasure — request deletion of your data (the “right to be forgotten”);
  • Restriction — request that we limit processing in certain circumstances;
  • Portability — receive your data in a structured, commonly used, machine-readable format;
  • Objection — object to processing based on our legitimate interests;
  • Withdraw consent — where processing is based on consent, withdraw it at any time.

7. Cookies

We use a small number of cookies that are necessary for the Platform to function:

  • Session cookies — to keep you logged in and to protect against cross-site request forgery;
  • Preference cookies — such as the cookie that remembers your age-verification confirmation and your theme preference.

These cookies are essential or based on your preferences; we do not use third-party advertising or cross-site tracking cookies.

8. How to exercise your rights

To exercise any of your rights, contact us at [email protected]. We will respond within the timeframe required by the GDPR (generally within one month). We may need to verify your identity before acting on your request.

9. Right to lodge a complaint

If you believe we have not handled your personal data lawfully, you have the right to lodge a complaint with the Dutch Data Protection Authority, the Autoriteit Persoonsgegevens, at autoriteitpersoonsgegevens.nl. You may also contact the supervisory authority in your country of residence.

10. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit, hashing of passwords, and access controls. No method of transmission or storage is completely secure, but we work to protect your data and to respond promptly to any incident.

11. Changes to this policy

We may update this Privacy Policy from time to time. Changes are indicated by the “Last updated” date above. Please review this page periodically. For any questions, see our Terms of Service or contact us at [email protected].