Legal · Privacy

Privacy Policy

Last updated: 2026-05-06

Gilded Night (“we,” “us”) takes the protection of your personal data seriously. This Privacy Policy explains what data we collect when you use our platform at gildednight.com, how we process it, and your rights under the General Data Protection Regulation (GDPR) and applicable data protection laws.

Data Controller

Gilded Night
London, United Kingdom
Email: info@gildednight.com

Data We Collect

We collect data in three categories:

  • Data you provide: Account registration information (email, username, password hash), Advertiser profile data (text, photos, contact details), support enquiries.
  • Data collected automatically: IP address (anonymised after 7 days), browser type and version, operating system, referring URL, pages visited, date/time of access, device identifiers.
  • Data from third parties: Payment processor transaction confirmations (we do not store full payment card data), analytics data from Google Analytics (with IP anonymisation enabled).

Legal Basis for Processing (Art. 6 GDPR)

We process your data on the following legal bases:

  • Art. 6(1)(a) — Consent: Analytics cookies, marketing communications.
  • Art. 6(1)(b) — Contract performance: Account management, Advertiser profile hosting, service delivery.
  • Art. 6(1)(c) — Legal obligation: Tax documentation, regulatory compliance, law enforcement requests.
  • Art. 6(1)(f) — Legitimate interests: Platform security, fraud prevention, service improvement. Our legitimate interest is balanced against your fundamental rights.

How We Use Your Data

We use your personal data to: (a) operate, maintain, and improve the Platform; (b) create and manage user accounts; (c) display Advertiser profiles; (d) process payments and invoicing; (e) respond to enquiries and provide support; (f) ensure platform security and prevent fraud; (g) comply with legal obligations; (h) send service-related communications (transactional); (i) with your consent, send marketing communications.

Cookies & Tracking

We use cookies in accordance with applicable law and our Cookie Policy. Essential cookies are set without consent as they are strictly necessary for Platform operation. Analytics and preference cookies require your explicit consent via our cookie consent banner. You may withdraw consent at any time.

Data Sharing & Recipients

We share personal data only where necessary:

  • Hosting providers: Servers located within the EU/EEA.
  • Payment processors: For transaction processing (PCI DSS compliant).
  • Analytics providers: Google Analytics (with IP anonymisation, Data Processing Agreement in place).
  • Law enforcement: When legally required by valid court order or statutory obligation.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

International Data Transfers

Where data is transferred outside the EU/EEA, we ensure appropriate safeguards under Art. 46 GDPR, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on an adequacy decision under Art. 45 GDPR.

Data Retention

We retain personal data only as long as necessary for the purpose of processing:

  • Account data: Duration of account plus 30 days after deletion.
  • Server logs (anonymised IP): 7 days.
  • Invoicing/tax data: 10 years (as required by applicable tax law).
  • Support enquiries: 2 years after resolution.
  • Cookie consent records: 12 months.

Your Rights (Art. 15–21 GDPR)

You have the following rights regarding your personal data:

  • Access (Art. 15): Request confirmation and a copy of your data.
  • Rectification (Art. 16): Correct inaccurate or incomplete data.
  • Erasure (Art. 17): Request deletion (“right to be forgotten”).
  • Restriction (Art. 18): Restrict processing in certain circumstances.
  • Data portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Objection (Art. 21): Object to processing based on legitimate interests.
  • Withdraw consent: At any time, without affecting prior lawful processing.

To exercise these rights, email: info@gildednight.com. We respond within 30 days.

Data Security (Art. 32 GDPR)

We implement appropriate technical and organisational measures to protect your data, including: TLS/SSL encryption in transit; encryption at rest for sensitive data; access controls and authentication; regular security audits; staff training on data protection. Despite these measures, no method of electronic transmission or storage is 100% secure.

Automated Decision-Making

We do not use fully automated decision-making or profiling that produces legal effects concerning you (Art. 22 GDPR).

Children

The Platform is not intended for individuals under 18 years of age. We do not knowingly collect data from minors. If we become aware of such collection, we will delete the data promptly.

Supervisory Authority (Art. 77 GDPR)

You have the right to lodge a complaint with a data protection supervisory authority in your jurisdiction if you believe that the processing of your personal data infringes the GDPR.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or on-site notification. The “Last updated” date at the top reflects the most recent revision.

Contact

For privacy-related enquiries:

Gilded Night
London, United Kingdom
Email: info@gildednight.com