Privacy Policy
This Privacy Policy explains what personal data AfterWorn.com — operated by Xeble Holding — collects, why we collect it, how we use and protect it, and the rights you have. It is written with the EU General Data Protection Regulation (GDPR) in mind and applies to all users worldwide.
Last updated: 20 May 2026
This Privacy Policy is a working template describing intended data practices. It is not legal advice and must be reviewed and approved by a qualified data protection lawyer — including confirmation of the data controller's identity, the lawful bases, retention schedules and any required Data Protection Officer designation — before the Platform launches.
Data Controller
The data controller for AfterWorn is Xeble Holding, with its operating base in the Republic of Cyprus. Where AfterWorn engages third parties to process data on its behalf (for example payment, verification and hosting providers), those parties act as processors under contract.
1. Data We Collect
Account data
Email address, password (stored only as a hash), role, account status, language and currency preferences.
Profile data
Display name, bio, avatar and cover images, country, shipping origin and destinations, and other details you choose to add.
Verification (KYC) data
Verification tier and the TrustVerifyID submission identifier. Identity documents themselves are not stored on AfterWorn systems.
Payment data
Transaction records, wallet balances and payout details. Card and crypto payment credentials are handled by our payment processors, not stored by us.
Device & technical data
IP address, browser and device type, device fingerprint, and push-notification tokens — used for security and fraud prevention.
Usage & content data
Listings, orders, messages, voice notes, stories, reviews, favorites, swipe activity, and pages viewed.
2. Why We Use Your Data & Legal Bases
- To provide the Platform — create accounts, list items, process orders and messaging (legal basis: performance of a contract).
- To verify identity and age — operate KYC and meet age-restriction obligations (legal basis: legal obligation and legitimate interests).
- To prevent fraud and abuse — risk scoring, device fingerprinting, moderation and dispute handling (legal basis: legitimate interests).
- To process payments — commission, payouts and refunds (legal basis: performance of a contract).
- To communicate with you — service notices, security alerts and support (legal basis: contract and legitimate interests).
- For analytics and marketing — improving the Platform and relevant promotion (legal basis: consent, which you can withdraw).
- To comply with law — tax, anti-money-laundering and lawful requests (legal basis: legal obligation).
3. KYC & Identity Verification
Identity and age verification is carried out by our partner TrustVerifyID. When you complete verification, your documents are submitted directly to TrustVerifyID. AfterWorn receives and stores only the submission identifier and the resulting verification tier — we do not store copies of your ID documents or selfies on our own systems. This minimizes the amount of sensitive data we hold.
4. Payment Data
Payments are processed by our payment providers. These providers process your payment credentials under their own privacy terms. AfterWorn stores transaction metadata — amounts, currency, status and timestamps — needed to operate commission and payouts. Shipping addresses are stored encrypted.
5. Cookies & Tracking
We use strictly necessary cookies for authentication and security, and — only with your consent — analytics and marketing cookies. You can manage preferences through the cookie banner at any time. Full details are in the Cookie Policy section of our Terms. Cookie Policy.
6. How We Share Data
We do not sell your personal data. We share it only:
- With processors — payment, verification (TrustVerifyID), shipping, hosting, email, search and moderation providers, under data-processing agreements.
- Between users — limited information necessary for a transaction (for example display name and order details). Real names and exact addresses are masked.
- Within the Xeble ecosystem — where you use single sign-on or cross-promotion features, and only as needed for those features.
- For legal reasons — to comply with law, enforce our Terms, or protect the rights and safety of users and the public.
7. International Transfers
AfterWorn operates globally, and some processors may be located outside your country or the European Economic Area. Where personal data is transferred internationally, we rely on appropriate safeguards such as adequacy decisions or Standard Contractual Clauses.
8. Data Retention
We keep personal data only as long as necessary for the purposes described above:
- Account and profile data — for the life of your account, then deleted or anonymized after the deletion grace period.
- Transaction and tax records — for the period required by financial and tax law (typically several years).
- Messages and voice notes — for an operational period; voice notes are auto-purged after 90 days unless extended.
- Moderation and fraud records — for as long as needed to keep the Platform safe.
9. Your Rights
Subject to applicable law, you have the right to access, rectify, erase, restrict and object to the processing of your personal data, and the right to data portability. Where processing is based on consent, you may withdraw consent at any time.
AfterWorn provides a self-service data export through your account at /me/gdpr/export, which produces a machine-readable copy of your personal data. To exercise other rights, contact our data protection team (see below). You also have the right to lodge a complaint with your local data protection authority.
10. Account Deletion
You can request account deletion from your settings. Deletion is subject to a 30-day grace period, during which you can cancel the request. After the grace period, personal data is erased or scrubbed, while aggregate statistics may be retained in anonymized form, and records required by law (such as tax and transaction records) are kept for their mandatory retention period.
12. Children's Data
AfterWorn is an adult platform strictly limited to users aged 18 and over. We do not knowingly collect data from minors. If we learn that an account belongs to a minor, it is removed immediately.
13. Security
We protect personal data with measures including encryption of sensitive fields (such as shipping addresses) using AES-256-GCM, password hashing with Argon2id, encrypted transport (TLS), access controls, audit logging, rate limiting, a web application firewall, and AI moderation. No system is perfectly secure, but we work continuously to safeguard your data.
14. Contact Us
For privacy questions or to exercise your rights, contact our data protection team at privacy@afterworn.com. General questions can go to our Help Center. AfterWorn is operated by Xeble Holding, Cyprus.