(Document compliant with EU Regulation 2016/679 – GDPR, UK GDPR, CCPA/CPRA, PIPEDA and other applicable data protection laws)
1. Data Controller
Karma Corporation a.s. - Máchova 439/27, Vinohrady - 120 00 Praha - Czech Republic.
The Data Controller is Karma Corporation a.s., having its registered office at - Máchova 439/27, Vinohrady - 120 00 Praha - Czech Republic, e-mail: [contact email].
For any matters relating to this Privacy Policy or the processing of personal data, the Controller may be contacted at the above addresses.
2. Scope of Activity and Purpose of the Service
The website (the “Service”) provides interactive and digital content intended exclusively for adults (18+), through:
• a chat platform based on generative artificial intelligence technologies;
• the provision of customized digital images and paid content;
• user assistance, payment processing, and account management services.
Such services may involve the processing of personal data, including certain special categories of data within the meaning of Article 9 GDPR, processed only upon the explicit consent of the data subject.
3. Categories of Personal Data Processed
The Controller may process the following categories of data:
1. Identification and contact data
(e-mail address, username, payment details, billing information).
2. Browsing and technical data
(IP address, device identifiers, cookies, usage logs, session metadata).
3. Interaction and preference data
collected pseudonymously through use of chat or content-generation functions.
4. Payment data
managed by third-party providers (e.g. Stripe, PayPal) acting as independent controllers or processors.
5. Security and abuse prevention data
(system logs, anti-fraud and anti-abuse measures).
The Controller does not intentionally collect or retain sensitive identifying information unless strictly necessary for the performance of the Service and with the user’s explicit consent.
4. Purpose and Legal Basis for Processing
| Purpose of Processing | Legal Basis | Reference |
|---|---|---|
| a) Service provision and account management | Performance of a contract or pre-contractual measures | Art. 6(1)(b) GDPR |
| b) Compliance with accounting and tax obligations | Legal obligation | Art. 6(1)(c) GDPR |
| c) Processing of special categories of data (preferences, adult-related content) | Explicit consent of the data subject | Art. 9(2)(a) GDPR |
| d) Security, fraud prevention, and legal defense | Legitimate interest of the Controller | Art. 6(1)(f) GDPR |
| e) Statistical analysis and service improvement | Consent or legitimate interest if anonymized | Art. 6(1)(a)/(f) GDPR |
| f) Promotional and marketing activities | Consent | Art. 6(1)(a) GDPR |
5. Methods of Processing and Automated Logic
Processing is carried out electronically and in compliance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, integrity, and confidentiality.
The platform uses generative artificial intelligence systems for automated content creation.
Such systems operate based on algorithmic models trained on data sets that do not allow direct identification of users.
Interactions are processed in pseudonymized or anonymized form for analytical or operational purposes.
No automated decision-making producing legal or similarly significant effects occurs, within the meaning of Article 22 GDPR.
6. Nature of Data Provision and Consequences of Refusal
Providing mandatory data is necessary to access the Service.
Failure to provide such data may render it impossible to use certain features or complete transactions.
Optional data provided for marketing or personalization purposes are subject to freely given, explicit, and revocable consent.
7. Data Retention
Data will be retained in accordance with the following criteria:
• Contractual and billing data: up to 10 years, pursuant to civil and tax obligations;
• Browsing and technical logs: up to 12 months;
• Generated content and interaction data: up to 12 months after last activity or until consent withdrawal;
• Anonymized or aggregated data: indefinitely.
8. Data Disclosure and Recipients
Personal data may be disclosed to the following categories of recipients:
• entities acting as Data Processors (hosting, AI technology providers, payment processors, analytics, customer support);
• independent Data Controllers (e.g. payment gateways, financial institutions);
• public authorities and supervisory bodies, where required by law;
• legal, administrative, and IT consultants assisting the Controller.
The updated list of Processors is available upon request from the Controller.
9. International Data Transfers
Data transfers outside the European Economic Area (EEA) are carried out in compliance with Chapter V of the GDPR:
• to countries covered by an adequacy decision by the European Commission (Art. 45 GDPR);
• through Standard Contractual Clauses (SCCs) adopted under Art. 46(2)(c) GDPR, complemented by supplementary security measures;
• or, where applicable, with the explicit consent of the data subject (Art. 49(1)(a) GDPR).
The Controller continuously monitors the level of data protection ensured by non-EEA recipients.
10. Data Subjects’ Rights
Data subjects may exercise, at any time, the rights provided under Articles 15–22 GDPR, including:
• right of access to their data;
• right to rectification and erasure;
• right to restriction of processing;
• right to data portability;
• right to object to processing;
• right to withdraw consent.
Requests shall be sent to [dedicated privacy email address].
Data subjects have the right to lodge a complaint with the Data Protection Authority or the competent supervisory authority in their country of residence.
For non-EU residents, equivalent rights apply under:
• CCPA/CPRA (California),
• UK Data Protection Act 2018 / UK GDPR,
• PIPEDA (Canada),
• and other applicable local laws.
11. Data Security
The Controller adopts technical and organizational measures appropriate to the risk, including:
• encryption of data in transit and at rest;
• access control and strong authentication;
• pseudonymization of sensitive data;
• continuous system monitoring and audits;
• personnel training and confidentiality undertakings.
12. Age Restrictions
The Service is strictly reserved for adult users (18 years or the legal age of majority in the user’s country).
The Controller does not knowingly process personal data of minors.
If a minor’s data are inadvertently collected, such data will be promptly deleted.
13. Relationship with Artificial Intelligence Providers
The Controller may rely on third-party AI technology providers for content generation.
Such providers act as Data Processors, bound by written agreements ensuring GDPR and equivalent international compliance.
The AI systems used do not train on users’ identifiable personal data, and any such information is processed only in anonymized or pseudonymized form.
14. Updates to this Privacy Policy
This Privacy Policy may be amended to reflect legal or technological developments.
Any changes will be published on the website with the updated “Last Revised” date.
Continued use of the Service after such updates shall constitute acceptance of the revised Policy.
15. Contact Details
For any information, clarification, or to exercise data protection rights, please contact:
- [dedicated privacy email]
- Karma Corporation a.s. - Máchova 439/27, Vinohrady - 120 00 Praha - Czech Republic.
16. Legal Notice
This document constitutes a privacy notice pursuant to Article 13 of Regulation (EU) 2016/679 and corresponding international legislation.
References to “adult content” are understood solely as a description of services directed to an adult audience.
Last updated: October 2025
1. Controller and Scope
The Controller of these Terms of Sale is Karma Corporation a.s. , registered at Máchova 439/27, Vinohrady - 120 00 Praha - Czech Republic, email: [contact email].
These Terms govern the sale and access to digital content and AI-powered services offered on the website [website URL], intended exclusively for adult users (18+).
Accessing or purchasing services implies full acceptance of these Terms.
2. Age Requirements and Access
• Users must be at least 18 years old or of the legal age in their country of residence.
• The Controller reserves the right to verify the user’s age and suspend or cancel access in case of non-compliance.
3. Subject of the Contract
• The contract covers the provision of digital content (AI-generated images, interactive chat services, related digital services) upon payment.
• All content is digital and immediately accessible online; no physical delivery is provided.
4. Purchase and Payment Process
Account Registration: Users must create an account providing truthful information.
Product Selection: Users select the desired content or package.
Payment: Payments are made via secure third-party providers (e.g., Stripe, PayPal) using electronic methods.
Order Confirmation: Upon successful payment, users receive confirmation and access to the content.
4.1 Prices and Taxes
• All prices are indicated in local currency and include applicable taxes according to the user’s country (EU or non-EU).
• Any additional taxes will be calculated by the payment provider.
5. Availability and Access to Content
• Content is immediately accessible after payment.
• The Controller will make reasonable efforts to maintain service availability, except for scheduled maintenance or force majeure.
• Temporary interruptions do not entitle the user to refunds or compensation unless otherwise specified.
6. User Rights and Limitations
• Users acquire no ownership rights over the content; they receive a personal, non-transferable, non-commercial license.
• Redistribution, reproduction, or resale of content is prohibited.
• Users must comply with all applicable laws and these Terms.
7. Withdrawal and Refunds
7.1 EU Users
• According to EU consumer law (e.g., D.Lgs. 206/2005), the right of withdrawal does not apply to digital contentonce accessed immediately after payment, except in cases of malfunction or non-conformity that cannot be remedied.
7.2 Non-EU Users
• Non-EU users are subject to local laws (e.g., CCPA) regarding deletion or refund rights, in accordance with the digital nature of the products.
8. Controller Liability
• The Controller is not liable for:
o service interruptions due to maintenance or force majeure;
o device or network malfunctions of the user;
o misuse of content by the user.
• Direct liability of the Controller is limited to the amount paid by the user for the purchased content.
9. Data Security and Privacy
• Personal data are processed in accordance with the Privacy Policy and Cookie Policy published on the website.
• Payment data are handled exclusively by third-party providers compliant with international data protection laws.
10. International Data Transfers
• Personal data may be transferred outside the EU under GDPR Chapter V, Standard Contractual Clauses (SCC), or with the user’s consent.
• Users acknowledge and accept such transfers and associated security measures.
11. Amendments to the Terms
• The Controller may update these Terms by publishing the revised version on the website.
• Updates do not retroactively affect purchases already made unless otherwise agreed.
12. Governing Law and Jurisdiction
• For EU users, the contract is governed by EU law, with the Court of Czech Republic as the competent jurisdiction.
• For non-EU users, applicable local laws govern, without prejudice to non-derogable consumer rights.
13. Contact
For inquiries regarding purchases or digital content:
📧 [dedicated email]
Karma Corporation a.s. , Máchova 439/27, Vinohrady - 120 00 Praha - Czech Republic
Last updated: October 2025
1. Definition of Cookies
Cookies are small text files sent by websites to a user’s device and stored for later retrieval.
They can be used for navigation, security, preferences, statistical analysis, profiling, and marketing.
Similar technologies (pixels, local storage, SDKs) are collectively referred to as “cookies” in this Policy.
2. Types of Cookies
| Type | Description | Legal Basis | Duration |
|---|---|---|---|
| Technical / Necessary | Essential for site operation (login, cart, security) | Legitimate interest / Contract performance | Session or up to 12 months |
| Preferences | Store user settings (language, theme) | Consent | 12 months |
| Analytics / Statistics | Aggregate usage data | Consent if not anonymized | 14 months |
| Marketing / Profiling | Personalized advertising, retargeting | Consent | 12 months |
| Third-party cookies | External providers for payment, AI, analytics, social | Consent / Contract / Legitimate interest | Variable |
3. Consent Management
A cookie banner compliant with GDPR and IAB TCF 2.2 is shown at first access, allowing users to:
• accept all cookies;
• reject non-essential cookies;
• manage preferences by category.
Choices are stored for 12 months, modifiable at any time via the cookie settings panel.
4. International Data Transfers
Data may be transferred outside the EU ensuring:
• Adequacy decisions by the European Commission;
• Standard Contractual Clauses (SCC);
• Explicit consent where necessary;
• Additional security measures (encryption, pseudonymization).
5. Users’ Rights
Users can:
• access their data;
• request correction or deletion;
• limit processing;
• withdraw consent;
• object to processing;
• request data portability.
Contact: [dedicated privacy email].
Non-EU users may exercise equivalent rights (CCPA, UK GDPR, PIPEDA).
6. Updates to Cookie Policy
Updates will be published on this page with the last updated date.
If substantial changes occur, the consent banner will be displayed again.