Privacy Policy
Last updated: July 2026
This policy explains how [LEGAL ENTITY NAME — e.g. Phoenix One Ltd](“Phoenix One”, “we”, “us”) collects, uses, shares, and protects your personal data when you visit phoenixoneagency.com or apply to work with us. It covers your rights under the UK GDPR, the EU GDPR, the California Consumer Privacy Act as amended by the CPRA, and the other US state privacy laws. For UK/EU data-protection law we are the “controller” of your personal data.
1. Who we are
- Controller: [LEGAL ENTITY NAME — e.g. Phoenix One Ltd]
- Registered address: [REGISTERED BUSINESS ADDRESS]
- Privacy contact: privacy@phoenixoneagency.com
- UK/EU representative (where required under GDPR Art 27): [EU/UK REPRESENTATIVE — appoint if GDPR Art 27 applies]
2. The personal data we collect
When you submit an application, we collect the information you give us:
- Identifiers & contact data — your name or alias, email address, and country/timezone.
- Social & professional information — your social media handles, any OnlyFans link you share, your earnings bracket, time creating, goals, working hours, and current setup.
- Content-preference information— the type of content you're comfortable creating and whether you appear on camera. See section 4 — we treat this as sensitive data.
- Anything else you write in the free-text fields.
- Your 18+ confirmation and consent records.
We also collect limited technical dataautomatically — approximate region, browser type, and pages viewed — through our hosting provider's standard server logs. This maps to the CCPA categories of identifiers, internet/electronic network activity, professional information, inferences, and sensitive personal information. Our website stores an in-progress copy of your application in your browser's local storage so you can return to it; that stays on your device until you submit.
3. Sources
We collect personal data directly from you (the application form and any correspondence), and automatically from your device/browser via our hosting provider. We do not buy personal data from data brokers.
4. Sensitive / special-category data
Information about the content you're comfortable creating may be treated as special-category data under the UK/EU GDPR (data concerning your sex life) and as sensitive dataunder US state privacy laws. We handle it as follows:
- This information is optional.
- Where you provide it, we process it only on the basis of your explicit, opt-in consent (GDPR Art 9(2)(a)), which we ask for separately on the form.
- We use it solely to review your application and match you to suitable work. It is never sold or shared, and access is limited to the team assessing your application.
- You can withdraw this consent at any time by emailing privacy@phoenixoneagency.com; withdrawal doesn't affect processing already carried out.
5. Why we use your data, and our GDPR lawful bases
- To review your application and contact you about it — lawful basis: steps taken at your request prior to entering a contract (Art 6(1)(b)), and our legitimate interest in assessing and responding to work applications (Art 6(1)(f)).
- To provide and improve our services if we work together — lawful basis: performance of our contract with you, and our legitimate interests in running our business.
- To keep records and meet legal obligations — lawful basis: legal obligation and legitimate interests. Your 18+ confirmation and consents are retained as a record they were given.
- Sensitive data — additional basis: your explicit consent (Art 9(2)(a)).
We do not use your data for third-party advertising, and we do not carry out automated decision-making that produces legal or similarly significant effects about you.
6. Who we share it with — and no sale or sharing
We share personal data only with service providers who process it on our behalf, under contract, and only as needed to run our service:
- Resend — delivers your application to us by email.
- Vercel — hosts this website and provides server logs.
We do not sell your personal information, and we do not share it for cross-context behavioral advertising (as those terms are defined under the CCPA/CPRA and other US state laws). We do not disclose your information to third parties for their own direct marketing, so California's “Shine the Light” disclosure does not apply. Because we don't sell or share, opt-out preference signals such as Global Privacy Control (GPC) are honored by default — there is nothing to opt out of. We may disclose data where required by law or to establish, exercise, or defend legal claims.
7. International transfers
Our providers may process data outside the UK/EEA, including in the United States. Where data is transferred outside the UK/EEA, we rely on appropriate safeguards — the UK International Data Transfer Agreement (or the UK Addendum to the EU Standard Contractual Clauses), the EU Standard Contractual Clauses, and/or certification under the EU–US and UK–US Data Privacy Framework — so your data receives an equivalent level of protection.
8. How long we keep it
If we don't take your application forward, we keep it no longer than 12 months from our decision, then delete it. If we work together, we keep your data for the duration of our relationship and for as long afterwards as we're required to for legal, tax, and record-keeping purposes. You can ask us to delete your data sooner (see your rights below).
9. Security
We use appropriate technical and organisational measures — encrypted transmission (HTTPS), access limited to the team working on your application/page, and confidential handling of everything you share. No system is perfectly secure, but discretion is built into how we work.
10. Cookies and local storage
This website does not use tracking or advertising cookies and runs no third-party ad or analytics trackers. It uses your browser's local and session storage only for strictly functional purposes — saving your in-progress application and remembering that you've seen the intro animation. Because we set no non-essential cookies, no consent banner is required.
11. Your rights (UK & EU / GDPR)
Under the UK GDPR and EU GDPR you have the right to:
- Access the personal data we hold about you.
- Have inaccurate data corrected.
- Have your data erased.
- Restrict or object to our processing.
- Data portability.
- Withdraw consent at any time, where we rely on consent.
To exercise these, email privacy@phoenixoneagency.com. We respond within one month. You may also complain to a data-protection regulator — the UK Information Commissioner's Office (ICO) at ico.org.uk, or your local EU data protection authority— though we'd ask you to raise it with us first.
12. Your rights (United States)
Depending on your state of residence (including California, Virginia, Colorado, Connecticut, Texas, Oregon, and the other states with comprehensive privacy laws), you have some or all of the rights below. We extend these rights to all US users regardless of state.
- Know / access the personal information we process about you.
- Correct inaccurate personal information.
- Delete your personal information.
- Data portability — a copy in a portable format.
- Opt outof the sale of personal information, targeted advertising, and profiling with legal or similarly significant effects. We don't do any of these, so there is nothing to opt out of, but the right is yours.
- Limit the use and disclosure of sensitive personal information (we already limit it to reviewing your application).
- Non-discrimination for exercising your rights.
How to submit a request: email privacy@phoenixoneagency.com or use the application-form contact. You may use an authorized agent; we may ask the agent for proof of authorization and verify your identity. We respond within 45 days (extendable once by a further 45 days where reasonably necessary), and we verify your identity before acting on access, correction, or deletion requests. We obtain opt-in consent before processing sensitive data (see section 4).
Appeals:if we decline your request, we'll tell you why. You may appeal by emailing privacy@phoenixoneagency.com with “Appeal” in the subject line. We'll respond in writing within 60 days. If we deny the appeal, you may contact your state Attorney General to submit a complaint.
13. Children
Our website and services are strictly for adults aged 18 and over. We do not knowingly collect data from anyone under 18 (and do not knowingly sell or share the data of anyone under 16). If you believe a minor has contacted us, email us and we will delete the data.
14. Changes to this policy
We may update this policy from time to time and review it at least every 12 months. The “last updated” date above reflects the current version.
15. Contact
For any privacy question or request, email privacy@phoenixoneagency.com.