Privacy Policy

Last updated: April 2026

Article 1 - Introduction

This Privacy Policy aims to inform users of the Desirely platform (hereinafter the "Platform") about how their personal data is collected, processed, stored, and protected, in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data ("GDPR"), French Act No. 78-17 of 6 January 1978 on information technology, data files, and civil liberties ("Data Protection Act"), and Regulation (EU) 2024/1689 of 13 June 2024 laying down harmonized rules on artificial intelligence ("AI Act").

By using the Platform, the User acknowledges that they have read this Privacy Policy and accepts its terms.

Article 2 - Identity of the data controller

Data controller: Desirely
Legal form: simplified joint-stock company (SAS)
Share capital: €1,000.00
Company registration number: 102 631 108 R.C.S. Paris
Registered office: 59 rue de Ponthieu, Bureau 326, 75008 Paris
Represented by: Mr. Romuald Pouget, President
Email: contact@desirely.co
Phone: 06 25 29 26 14

Article 2 bis - Data protection contact point

Desirely has not appointed a Data Protection Officer (DPO) within the meaning of Article 37 of the GDPR. Given the nature of the processing carried out, the volume of data processed as of the date this Policy was drafted, and the company's workforce, Desirely considers that appointing a DPO is not required under Article 37.1 of the GDPR.

Desirely regularly reassesses this position based on changes in its business, processing volumes, and CNIL recommendations. If applicable, a DPO will be appointed and the appointment will be published in this Policy.

In the meantime, all requests relating to the protection of personal data must be sent to: contact@desirely.co

Any request is processed under the direct supervision of the President, in his capacity as legal representative of the data controller.

Article 3 - Personal data collected

Within the scope of using the Platform and providing the services, Desirely collects the following categories of personal data:

3.1 - Identification and account data

Data collected: agency or creator name, email address, password (encrypted), login credentials for third-party platforms (authentication tokens). When collected: account creation and connection to third-party platforms.

3.2 - Technical data

Data collected: IP address, browser type and version, session and login data. When collected: connection to the Platform.

3.3 - Usage data

Data collected: connected models and AI configuration settings, history of conversations processed by the AI, Platform usage statistics, configured alerts and notifications. When collected: use of the services.

3.4 - Billing data

Data collected: billing and commission-related information, transaction history. When collected: subscription and use of paid services.

Article 4 - Processing of sensitive personal data

4.1 - Nature of the data processed by the AI

As part of providing the services, Desirely's artificial intelligence system processes conversations exchanged between the Models (content creators) and their subscribers (fans) on adult content platforms.

These conversations may contain data relating to sex life or sexual orientation, falling within Article 9 of the GDPR (special categories of personal data).

4.2 - Legal basis for processing

Desirely acts as a processor on behalf of the User (data controller), as specified in Article 4.3.

The processing carried out by Desirely is based on performance of the contract between Desirely and the User (Article 6.1.b GDPR), with conversation processing being strictly necessary to provide the conversational automation services ordered by the User.

With regard to data falling within Article 9 of the GDPR (special categories), it is the User's responsibility, as data controller, to ensure that they have a valid legal basis under Article 9.2 of the GDPR with respect to the data subjects (fans), in accordance with the obligations set out in Article 4.3 below and Appendix 1 of the Terms and Conditions (DPA).

4.3 - Processing responsibility

Desirely acts as a processor within the meaning of Article 28 of the GDPR for the processing of fan data and conversations. The User (agency or creator) remains the data controller for the fans' personal data that they collect and have processed through the Platform.

As such, the User is solely responsible for compliance with the GDPR and the fans' rights in connection with the processing of their data, for obtaining, where applicable, fans' consent to the processing of their data, and for informing fans about the use of an artificial intelligence system in exchanges, in accordance with Article 50 of Regulation (EU) 2024/1689 (AI Act).

Article 5 - Purposes and legal bases for processing

Providing the services: account management, AI operation, message processing, reply personalization. Legal basis: performance of the contract (Art. 6.1.b GDPR).

Billing and commissions: subscription management, commission calculation and collection, invoicing. Legal basis: performance of the contract (Art. 6.1.b GDPR).

Minor detection: automated analysis of conversations to detect the potential presence of minors and disable the AI. Legal basis: legitimate interest (Art. 6.1.f GDPR) - protection of minors.

Moderation and security: content filtering, detection of risky behavior, fraud protection. Legal basis: legitimate interest (Art. 6.1.f GDPR).

Product communication: sending product updates and service notifications. Legal basis: performance of the contract (Art. 6.1.b GDPR).

Service improvement: anonymized statistical analysis of Platform usage. Legal basis: legitimate interest (Art. 6.1.f GDPR).

Legal obligations: compliance with tax, accounting, and regulatory obligations. Legal basis: legal obligation (Art. 6.1.c GDPR).

Judicial cooperation: disclosure of data to authorities in the event of a court order. Legal basis: legal obligation (Art. 6.1.c GDPR).

Important note: Desirely never uses Users' or fans' conversation data to train, improve, or develop its artificial intelligence models or those of third parties.

Article 6 - Data recipients

The personal data collected is accessible to the company Desirely, as data controller, represented by its President Mr. Romuald Pouget and its General Manager Mr. Célestin Cordos, as well as by the technical processors listed in Article 7 below, only to the extent strictly necessary to carry out their tasks.

Desirely undertakes not to sell, rent, or transfer the personal data of its Users or fans to third parties for commercial, advertising, or profiling purposes.

In the event of a court order, Desirely reserves the right to transmit any data to the competent authorities (police, courts, CNIL) in the context of a judicial investigation, a legal order, or a legal obligation, in accordance with applicable law.

Article 7 - Processors

Desirely uses the following processors in connection with the provision of its services:

OpenAI, L.L.C. - AI model provider (response generation) - United States - Safeguards: EU-US Data Privacy Framework (DPF).

Stripe Payments Europe Limited - Payment processing and subscription management - Ireland (EU) - GDPR applies directly. Data may be transferred to Stripe Inc. (United States) as part of intra-group transfers, with the safeguards of the EU-US Data Privacy Framework (DPF).

Google LLC (Gemini) - AI model provider (response generation) - United States - Safeguards: EU-US Data Privacy Framework (DPF).

Vercel Inc. - Web application hosting - United States - Safeguards: EU-US Data Privacy Framework (DPF).

Clerk Inc. - User authentication service - United States - Safeguards: EU-US Data Privacy Framework (DPF).

Framer B.V. - Marketing site hosting - Netherlands (EU) - GDPR applies directly.

Agilitation SAS (Axeptio) - Cookie consent management - France (EU) - GDPR applies directly.

Google LLC (Analytics) - Marketing site audience measurement - United States - Safeguards: EU-US Data Privacy Framework (DPF).

Microsoft Corporation (Clarity) - Behavioral analysis of the marketing site - United States - Safeguards: EU-US Data Privacy Framework (DPF).

Desirely ensures that each processor provides sufficient guarantees regarding personal data protection and contractually undertakes to comply with GDPR obligations.

Article 8 - Data transfers outside the European Union

As part of providing the services, personal data is transferred to the United States, notably through the processors listed in Article 7.

These transfers are governed by the following safeguards, in accordance with Chapter V of the GDPR: the EU-US Data Privacy Framework (DPF) for certified entities, standard contractual clauses (SCCs) approved by the European Commission where applicable, and additional technical measures (encryption, pseudonymization) in line with the recommendations of the European Data Protection Board (EDPB).

The User may obtain more information about the safeguards in place by contacting Desirely at contact@desirely.co.

Article 9 - Data retention periods

Account data (email, name, login credentials): subscription term + 3 years after account deletion.

Billing and commission data: 10 years (accounting and tax obligation - Art. L.123-22 of the French Commercial Code).

Technical data (IP address): 1 year from collection.

AI-processed conversation data: subscription term - deleted within 30 days after termination or account deletion.

Third-party platform authentication tokens: subscription term - deleted immediately upon termination.

AI configuration and model settings: subscription term - deleted within 30 days after termination.

Analytics cookie data: maximum 13 months (CNIL recommendation).

At the end of these periods, the data is deleted or irreversibly anonymized.

Article 10 - Fate of data upon termination

10.1 - Transition period

In the event of subscription termination or account deletion, the User benefits from a thirty (30) calendar day period starting from the effective termination date to request export of their data (AI configuration, model settings, usage statistics).

10.2 - Data deletion

At the end of this 30-day period, conversation data, AI configurations, model settings, and authentication tokens are permanently deleted. Billing data is retained in accordance with accounting obligations (10 years). Account data (email, name) is retained for 3 years for potential dispute management purposes.

10.3 - Export request

The User may send their export request by email to contact@desirely.co. Desirely undertakes to provide the data in a structured, commonly used, and machine-readable format within fifteen (15) business days.

Article 11 - Cookies and trackers

11.1 - Technical cookies

The Site uses strictly necessary session and browsing technical cookies for the proper functioning of the Platform. These cookies do not require the User's prior consent.

11.2 - Analytics cookies (subject to consent)

Subject to the User's consent, the site uses the following cookies:

Google Analytics 4 (Google LLC): audience measurement. Data is anonymized and transmitted to Google's servers. Learn more: https://policies.google.com/privacy

Microsoft Clarity (Microsoft Corporation): behavioral analysis through session recordings and heatmaps. Learn more: https://clarity.microsoft.com/terms

11.3 - Consent management

During their first visit, the User is invited to make their choices through a consent banner managed by Axeptio (Agilitation SAS). The User may change their preferences at any time via the Axeptio widget accessible from the Site.

No non-essential cookie is placed before consent is obtained, in line with CNIL recommendations and the GDPR.

11.4 - Cookie retention period

Analytics cookies are retained for a maximum of 13 months. User consent is retained for 6 months.

Article 12 - Data processed by artificial intelligence

12.1 - Nature of processing

Desirely's artificial intelligence system processes the conversation data of the Models and their fans for the exclusive purpose of generating automated replies in accordance with the settings defined by the User.

12.2 - Safeguards

Conversation data is processed solely for the purpose of providing the services. Desirely does not use conversation data to train, fine-tune, or improve its AI models or those of third parties. Conversation data is not shared with AI providers (OpenAI, Google) beyond what is strictly necessary to process each real-time request. Desirely implements automatic detection mechanisms aimed at identifying risky situations, including the potential presence of minors in conversations. The User retains the ability at all times to supervise, correct, or disable the AI's operation.

12.3 - Transparency obligation (AI Act)

In accordance with Article 50 of Regulation (EU) 2024/1689 (AI Act), persons interacting with an artificial intelligence system must be informed of it. The User is solely responsible for informing fans about the use of an AI system in exchanges, in accordance with applicable regulations.

Desirely provides the User with the information necessary to comply with this obligation, but cannot be held responsible for the User's failure to comply with this obligation.

Article 13 - Desirely Chrome Extension

13.1 - Purpose of the extension

The sole purpose of the Desirely Chrome extension is to facilitate the secure link between the User's creator profile on third-party platforms (currently Reveal.me, and in the future OnlyFans and MYM) and their Desirely space.

13.2 - Data collected by the extension

The extension collects and processes only the following data: authentication tokens required to connect to the Clerk service (clerk.desirely.co), stored locally in the browser via chrome.storage and cookies, as well as the creator model identifiers present on the pages of third-party platforms visited by the User, transmitted to the Desirely server when the User makes an explicit request.

The extension does not collect any browsing data, any history, or any personal data beyond the elements mentioned above.

13.3 - Token security

The authentication tokens retrieved by the extension are transmitted securely (HTTPS/TLS protocol) and are used only in connection with the provision of Desirely services. Desirely undertakes not to use these tokens to access data or features beyond what is strictly necessary to provide its automated messaging services.

13.4 - Accessible domains

The extension communicates exclusively with clerk.desirely.co (authentication) and Desirely's backend servers (transmission of identifiers). The content script runs only on pages of compatible third-party platforms.

13.5 - Data sharing

No data collected by the extension is sold, rented, or shared with third parties.

13.6 - Data deletion

Uninstalling the extension results in the deletion of all locally stored data. Data transmitted to the Desirely server is subject to the retention periods set out in Article 9.

Article 14 - User rights

In accordance with the GDPR and the French Data Protection Act, the User has the following rights:

Right of access: obtain confirmation that their data is being processed and receive a copy.

Right to rectification: request correction of inaccurate or incomplete data.

Right to erasure: request deletion of their data (Art. 17 GDPR).

Right to restriction: request restriction of processing (Art. 18 GDPR).

Right to data portability: receive their data in a structured, commonly used, and machine-readable format.

Right to object: object to the processing of their data on legitimate grounds.

Right to withdraw consent: where processing is based on consent (notably for analytics cookies), the User may withdraw consent at any time, without affecting the lawfulness of prior processing.

Post-mortem directives: define directives concerning the fate of their data after death.

To exercise these rights: contact@desirely.co

Desirely undertakes to respond within one (1) month. This period may be extended by two (2) months in the event of complexity.

Complaint to the CNIL: Site: https://www.cnil.fr - Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07

Article 15 - Data security

Desirely implements appropriate technical and organizational measures to protect personal data, in accordance with Article 32 of the GDPR:

Encryption of data in transit (HTTPS/TLS protocol). Encryption of authentication tokens at rest. Restricted access to data to authorized persons only. Regular backup procedures. Ongoing monitoring and regular updates of security systems. Logging of access to sensitive data.

In the event of a personal data breach likely to result in a high risk to the rights and freedoms of data subjects, Desirely will notify the CNIL within 72 hours and inform the affected Users as soon as possible, in accordance with Articles 33 and 34 of the GDPR.

Article 16 - Changes

Desirely reserves the right to amend this Privacy Policy at any time. Any material change will be communicated to Users by email or notification on the Platform.

The date of the last update is shown at the top of the document. Continued use of the Platform after the publication of changes constitutes acknowledgment of the revised Privacy Policy.

Article 17 - Contact

Email: contact@desirely.co
Phone: 06 25 29 26 14
Form: https://www.desirely.co/contact