Privacy Policy
Last updated: April 2026
1. Data Controller
MitikLive is the data controller responsible for the personal data collected through MitikBoost (SMM panel) and MitikFans (creator directory), accessible at mitiklive.com/boost.
Data protection contact email: info@mitiklive.com
2. Data Collected
We collect the following personal data depending on the features used:
| Category | Data | Purpose |
|---|---|---|
| Registration | Email, password (bcrypt hash) | Account creation and management |
| Creator profile | Name, biography, country, category, gender, age range | Publication on the MitikFans directory |
| Multimedia content | Uploaded photos and videos | Public gallery and private zone |
| Payments | PayPal/Stripe transaction IDs (no card data is stored) | Deposit and payment processing |
| Technical | IP address, User-Agent, browser language | Security, rate limiting, fraud detection |
| Marketing | UTM parameters, referral cookie | Campaign attribution and referral programme |
| Communications | Messages between users, support tickets | Provision of messaging and support services |
3. Purpose of Processing
Personal data is processed for the following purposes:
- Service provision: account management, SMM order processing, directory operation, messaging, and video calls.
- Security: fraud prevention, rate limiting, content moderation, and abuse protection.
- Transactional communications: order confirmation emails, deposit receipts, account status updates, and support correspondence.
- Service improvement: aggregated and anonymised usage analysis to optimise the platform.
4. Legal Basis for Processing
- Performance of a contract (Art. 6(1)(b) GDPR): processing is necessary to provide the services contracted by the user (SMM purchases, directory, messaging, payments).
- Consent (Art. 6(1)(a) GDPR): for the sending of marketing communications and use of non-essential cookies.
- Legitimate interest (Art. 6(1)(f) GDPR): for platform security, fraud prevention, and content moderation.
- Legal obligation (Art. 6(1)(c) GDPR): where the law requires the retention of certain data.
5. Data Recipients
Personal data may be shared with the following third parties, solely for the purposes indicated:
| Provider | Purpose | Location |
|---|---|---|
| PayPal (PayPal Europe) | Payment processing | EU / US (Standard Contractual Clauses) |
| Stripe (Stripe Payments Europe) | Card payment processing | EU / US (Standard Contractual Clauses) |
| Brevo (Sendinblue) | Transactional email delivery | EU (France) |
| LiveKit | WebRTC video call infrastructure | Self-hosted (Spain) |
| NudeNet (local processing) | Automated content moderation | Self-hosted (Spain) |
We do not sell or share personal data with third parties for commercial purposes.
6. International Transfers
Where data is transferred outside the European Economic Area (EEA), appropriate safeguards are applied in accordance with the GDPR:
- Standard Contractual Clauses (Art. 46(2)(c) GDPR) for PayPal and Stripe.
- Content moderation (NudeNet) and video call (LiveKit) services run on our own servers located in Spain.
7. Data Retention
- Account data: retained while the account is active, plus 2 years after deletion to fulfil legal obligations.
- Transaction data: 5 years in accordance with Spanish tax legislation.
- Multimedia content: until the creator deletes it or cancels their profile.
- Security logs (IP, rate limiting): 90 days.
- Messages: retained while both users maintain active accounts.
8. User Rights
In accordance with the GDPR and Spain's LOPDGDD, users may exercise the following rights:
- Access: to know what personal data we hold about you.
- Rectification: to correct inaccurate or incomplete data.
- Erasure (right to be forgotten): to request the deletion of your data.
- Objection: to object to the processing of your data for specific purposes.
- Portability: to receive your data in a structured, machine-readable format.
- Restriction: to request restriction of processing under certain circumstances.
To exercise any of these rights, please contact info@mitiklive.com stating your request and attaching a copy of your identification document.
You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) — www.aepd.es.
9. Cookies
We use first-party and third-party cookies. For more information, please refer to our Cookie Policy.
10. Minors
The platform is not intended for individuals under the age of 18. We do not knowingly collect data from minors. If we become aware that a minor has created an account, we will proceed with its immediate deletion.
11. Security
We implement technical and organisational measures to protect personal data:
- HTTPS/TLS encryption on all communications.
- Passwords stored using bcrypt hashing.
- 256-bit CSRF tokens with constant-time comparison (hash_equals).
- Rate limiting to prevent brute-force attacks.
- HTTP security headers (CSP, HSTS, X-Frame-Options).
- Payment data processed directly by PayPal/Stripe (no card data is stored on our servers).
12. Modifications
This policy may be updated from time to time. The current version will always be available on this page with its last updated date. We recommend reviewing it periodically.