1. The Operating Entity (Data Controller)
For the purposes of the General Data Protection Regulation (GDPR – EU 2016/679), the primary Data Controller is Escort Aura, operating under the jurisdiction of the Netherlands.
While our digital directory and community forums span global regions (hosting discussions relevant to locations from the EEA to the Middle East), our data processing core remains anchored in strict European privacy frameworks. We process your data under one philosophy: absolute necessity.
2. Data Processing Vectors & Legal Authority
We do not harvest data blindly. Every byte we process is tied to a specific operational function and a strict legal basis under Article 6 of the GDPR:
- Infrastructure Access (Account Creation): To provision your profile and allow you to interact with the platform, we require basic credentials. Legal Basis: Contractual Necessity [Art. 6(1)(b)].
- Client-to-Advertiser Routing: If you utilize our internal forms to ping an advertiser or submit a support ticket, we process that payload solely to deliver the message. Legal Basis: Contractual Necessity [Art. 6(1)(b)].
- Platform Defense & Integrity: We monitor traffic patterns, network requests, and hardware footprints to identify DDoS attacks, automated scrapers, and fraudulent actors. Legal Basis: Legitimate Interest [Art. 6(1)(f)].
3. Communications Protocol (Zero-Spam Doctrine)
We are an infrastructure provider, not a marketing agency. We do not send promotional newsletters, “special offers,” or third-party spam.
Any email you receive from Escort Aura is strictly an operational system alert. This includes:
- Password reset tokens.
- Two-Factor Authentication (2FA) codes.
- Automated confirmations of profile verification or account deletion.
- Disciplinary notices (e.g., automated alerts regarding mutes or hardware bans).
4. Data Lifespan & The “Kill-Switch” Retention
Data persistence is a liability. We enforce strict retention limits based on your status:
- Standard Users: Your data lives only as long as your account is active. If you execute a “Self-Service Erasure” (Delete Account), your profile, media, and active footprint are immediately wiped from our live databases.
- The Kill-Switch Exception: If an account is terminated by our moderation team for severe violations (e.g., financial scams, blackmail, deploying CSAM), we execute a permanent ban. Under the Legitimate Interest clause [Art. 6(1)(f)], we indefinitely retain anonymized hardware hashes and network identifiers associated with the offending account. This encrypted telemetry cannot be used to identify a natural person, but it acts as an impenetrable firewall to prevent the scammer from re-entering our ecosystem.
5. Cross-Border Routing & Infrastructure
Our core team operates within the Netherlands. However, maintaining a high-speed, globally accessible platform requires distributed architecture. We utilize enterprise-grade security and routing networks (such as Cloudflare) to shield the website from malicious attacks.
If any operational telemetry is routed through servers located outside the European Economic Area (EEA), we ensure it is protected by Standard Contractual Clauses (SCCs) approved by the European Commission, maintaining GDPR-level encryption “in transit” and “at rest.”
6. User Sovereignty (Your GDPR Rights)
You own your digital footprint. Under GDPR, you are entitled to the following uncompromising rights:
- The Right to Data Extraction (Access): You can request a copy of the data associated with your active profile.
- The Right to State Modification (Rectification): You have full autonomy to edit, update, or correct your profile inputs at any time via your dashboard.
- The Right to Absolute Erasure (The Right to be Forgotten): You do not need to submit a ticket to leave. Use the “Delete account” button in your settings to instantly trigger the purge protocol.
- The Right to Processing Limitations: You may object to certain types of data processing, provided it does not break the core functionality of your account.
- The Right to Escalate: If you believe our data protocols violate European law, you have the right to lodge a formal complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
To execute any complex data rights outside of your self-service dashboard, direct your inquiry to our compliance desk: [SUPPORT_EMAIL].