We collect account and device details, basic usage data, and information needed to keep you and others safe. Your live conversations are streamed in real time and are not recorded. For safety, we take periodic screenshots for moderation; a screenshot that shows no violation is kept for at most 3 days. We don't create faceprints to identify you, we don't sell your personal data, and we don't use your live content for advertising. You have rights to access and delete your data — see sections 15 and 16.
01 Introduction & scope
This Privacy Policy applies to the Gaga application, the website at hellogaga.com, and the embedded live matching experience (together, the "Service"). It describes how we handle personal data of people who use the Service and should be read with our Terms of Service and Community Guidelines.
02 Who is responsible for your data
The data controller is Bigglesworth Tech Limited (registration no. 77649784), Room 1911, Lee Garden One, 33 Hysan Avenue, Causeway Bay, Hong Kong. For any privacy question or request, contact [email protected]. Contact details for our representatives and data-protection contacts are in section 16.
03 Information we collect
Information you provide
- Age confirmation — your confirmation that you are 18 or older.
- Account & profile — where applicable, a display name and any optional details you add.
- Payment information — if you buy a subscription or Virtual Items, limited transaction details (payments are handled by app stores or third-party processors).
- Communications — messages you send us, such as support requests or reports.
Live content
- Video & audio streams — transmitted in real time to the person you are matched with (see section 5).
- Moderation screenshots — periodic still images captured during live sessions and reviewed for safety (see sections 5 and 6).
- In-session messages — any text exchanged during a match.
Information collected automatically
- Device & technical data — device type, operating system, browser, app version, and similar identifiers.
- Log & usage data — IP address, approximate location derived from it, dates and times of access, features used, and diagnostic information.
- Cookies & similar technologies — see section 8.
Information from others
- Reports — information other users submit when they report an interaction, which may reference you.
04 How we use information
- To provide and operate the Service, including matching you and delivering live conversations;
- To verify eligibility and enforce our 18+ requirement;
- To keep the Service safe — reviewing moderation screenshots, and detecting, investigating and acting on violations, abuse, fraud and security threats;
- To handle reports, blocks and support requests;
- To process purchases of subscriptions and Virtual Items, where offered;
- To maintain, troubleshoot and improve the Service and develop new features;
- To send service-related communications; and
- To comply with legal obligations, including child-safety reporting, and to enforce our Terms.
05 How we handle live video & moderation
Live conversations are the heart of Gaga, and we treat them with particular care.
- Camera and microphone are only activated after you opt in and the live experience is launched. You can stop, block or leave at any time.
- Streams are not recorded. Your live video and audio are delivered in real time between matched users; we do not record or store the continuous stream.
- Screenshots for moderation. To keep the community safe, we take periodic screenshots (still images) of live sessions and review them with a combination of automated tools and human moderators. Audio may also be analysed for safety.
- Automated age & content checks. We use an on-device model and third-party providers to estimate age and detect violations from these frames, so we can act on suspected minors and prohibited content (see section 6).
- Short retention of clean screenshots. A moderation screenshot that shows no violation is kept for at most 3 days and is then automatically deleted.
- Violation-related material. Where a screenshot, report or session indicates a breach of our rules or a legal issue, we may retain the relevant screenshot(s) and related metadata longer to investigate, enforce our rules, and cooperate with authorities (including child-safety reporting).
- Not used for ads. We do not use your live video, audio or moderation screenshots for advertising or to build marketing profiles.
Other users could attempt to capture or record a session outside the Service. Never share sensitive personal, financial, or identifying information during a live conversation.
06 Facial analysis, age assurance & biometric data
Because the Service involves live video, we use automated facial analysis for two safety purposes: detecting prohibited content, and estimating age to keep minors off the platform. We want to be clear about how this works.
- Content & age detection. We analyse video frames and moderation screenshots to detect prohibited content (such as nudity or child-sexual-abuse material) and to estimate whether a user appears to be a minor. This uses our own on-device model together with trusted third-party content-moderation and age-recognition providers.
- Age assurance. We may also use dedicated age-assurance providers to estimate or verify that a user is 18 or older. Where this requires you to complete an age check, we will tell you before it happens.
- Estimation, not identification. This facial analysis is used to detect content and estimate age — not to identify you. We do not create facial-recognition templates or "faceprints" to uniquely identify you or match you to your real-world identity across sessions, we do not sell biometric data, and we do not use it to train third-party models for unrelated purposes.
- Consent & retention. Where facial analysis or age assurance involves biometric data, we rely on your consent and/or our obligation to keep minors off an adult service, and we keep any age-check artefacts only as long as needed for the check and a short audit period, then delete them.
Some laws — including the Illinois Biometric Information Privacy Act (BIPA), the Texas CUBI Act, Washington's biometric law, and Article 9 of the GDPR — regulate biometric data. Where any processing falls within those laws, we comply with their notice, consent and retention requirements.
07 Legal bases for processing
Where the EU/UK GDPR applies, we rely on the following legal bases:
- Performance of a contract — to provide the Service you request (operating accounts, matching, delivering live sessions, processing purchases);
- Legitimate interests — to keep the Service safe and secure, moderate content, prevent abuse and fraud, and improve our features, balanced against your rights and freedoms;
- Consent — for camera and microphone access and for certain optional cookies, which you can withdraw at any time;
- Legal obligation — to comply with applicable laws and to detect, preserve and report child sexual exploitation and respond to lawful requests.
09 Advertising, analytics & "Do Not Sell or Share"
We do not use your live content for advertising, and we do not sell your personal data. We may use limited analytics to understand and improve the Service. If we ever "sell" or "share" personal information for cross-context behavioural advertising as those terms are defined under US state privacy laws, we will provide a clear opt-out and honour browser-based opt-out signals such as the Global Privacy Control (GPC). See section 16 for how to exercise these choices.
11 International data transfers
We operate globally and process and store information in Hong Kong and other countries whose data-protection laws may differ from those where you live. Hong Kong is not currently the subject of an EU "adequacy" decision, so when we transfer personal data of people in the EEA or UK to Hong Kong or other countries without adequacy, we rely on appropriate safeguards — primarily the European Commission's Standard Contractual Clauses and the UK's International Data Transfer Agreement / Addendum — together with a transfer risk assessment. You can contact us for more information about these safeguards.
12 Data retention
We keep personal data only for as long as necessary for the purposes in this policy, then delete or anonymise it. Indicative periods:
| Data | How long we keep it |
|---|---|
| Live video & audio stream | Not recorded |
| Moderation screenshots with no violation | Up to 3 days, then deleted |
| Screenshots / evidence tied to a violation, report or investigation | As needed for review, enforcement and legal compliance, then deleted or anonymised |
| Suspected child-exploitation material | Preserved and reported as required by law |
| Account & profile data | For the life of your account |
| After you delete your account | Removed promptly, typically within 30 days, except limited records below |
| Safety / ban records (to prevent ban evasion) | Up to 12 months after a ban |
| Transaction & tax records | As required by accounting and tax law |
| Support communications | Up to 24 months |
| Server, security & diagnostic logs | Up to 12 months |
13 Security
We use technical and organisational measures designed to protect personal data against unauthorised access, loss or misuse, including encryption in transit, access controls, and restricted access to moderation material. No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work to protect your information and to respond appropriately to any incident, including notifying you and regulators where required by law.
14 Automated decision-making & profiling
We use automated systems to operate the matching queue and to help moderate live content. Automated moderation may interrupt or pause a session, blur or flag content, or queue an account for review. Decisions with significant effects — such as suspending or permanently banning an account — involve human review, and you can ask us to reconsider by contacting [email protected] (see also the appeals process in our Community Guidelines). We do not make solely-automated decisions that produce legal or similarly significant effects about you without the safeguards required by law.
15 Your rights & choices
Depending on where you live, you may have rights to:
- access the personal data we hold about you and request a copy;
- correct inaccurate or incomplete data;
- delete your data (see Delete account);
- restrict or object to certain processing;
- request portability of certain data;
- withdraw consent where processing is based on consent; and
- opt out of any "sale" or "sharing" of personal information and lodge a complaint with a data-protection authority.
To make a request, contact [email protected]. We will verify your request and respond within the time required by law. You may use an authorised agent where the law allows, and we will not discriminate against you for exercising your rights.
16 Your regional privacy rights
EEA, UK & Switzerland (GDPR)
The controller is Bigglesworth Tech Limited. We process your data on the legal bases in section 7, transfer it under the safeguards in section 11, and keep it for the periods in section 12. You have the GDPR rights listed in section 15, including the right to object to processing based on legitimate interests and the right to lodge a complaint with your local supervisory authority. If we are required to designate a representative under Article 27 of the EU or UK GDPR, or a Data Protection Officer, their contact details will be published here and are available from [email protected].
California (CCPA / CPRA)
This serves as our notice at collection. We collect the categories of personal information described in section 3 (including identifiers, commercial information, internet activity, approximate geolocation, audio/visual information, and — for safety — content that may be sensitive personal information) for the purposes in section 4, and retain it for the periods in section 12. We do not sell or share personal information for cross-context behavioural advertising, and we honour the Global Privacy Control. You have rights to know, access, correct, delete, and limit the use of sensitive personal information, and a right against discrimination. California's "Shine the Light" law lets you request information about disclosures to third parties for their direct marketing; we do not make such disclosures. Submit requests to [email protected].
Other US states
If you are a resident of Virginia, Colorado, Connecticut, Texas, or another state with a comprehensive privacy law, you have rights to access, correct, delete and obtain a portable copy of your personal data, and to opt out of targeted advertising, sale, and certain profiling. Sensitive data (including biometric data) is processed only as permitted by law. You may appeal a decision on your request by replying to our response or contacting [email protected].
Hong Kong (PDPO)
As a Hong Kong company, we handle personal data in line with the Personal Data (Privacy) Ordinance. You may request access to and correction of your personal data, and we will use your data only for the purposes in this policy or directly related purposes. We will obtain your consent before using your data for direct marketing.
17 Age requirement & no children
The Service is strictly for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we learn that we have collected information from a minor, we will delete it and terminate the associated access. If you believe a minor is using the Service, contact us immediately at [email protected].
18 Third-party links & services
The Service may link to or integrate third-party services (such as app stores or payment processors). Their privacy practices are governed by their own policies, and we are not responsible for them. We encourage you to review the privacy policy of any third-party service you use.
19 Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy here with a new "Last updated" date and, where appropriate, provide additional notice. Your continued use of the Service after changes take effect indicates acceptance of the updated policy.
20 How to contact us
For any privacy question, request or complaint, contact Bigglesworth Tech Limited at [email protected], or by post at Room 1911, Lee Garden One, 33 Hysan Avenue, Causeway Bay, Hong Kong.
Report, block and leave on every screen — and you can delete your account anytime.