Last Updated: 8 February 2026
1. Controller
Sugar-Daddy.co.uk (“we”, “us”, “our”) is the controller of your personal data for the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.
Our contact details for data protection purposes are:
Email: [privacy@sugar-daddy.co.uk]
Postal Address: [Insert UK business address]
2. What personal data we collect
- Account Data: Your email address, date of birth, a hashed password, and username.
- Profile Data: Information you add to your profile, such as photos, gender, a biography, your interests, and lifestyle preferences. This forms your public profile.
- Communications Data: Messages and other content you send and receive through our internal messaging system.
- Technical Data: Your IP address, browser type, device information, pages you visit, and how you interact with our site. We collect this using cookies and similar technologies.
- Sensitive Data: On occasion, you may choose to provide information revealing your sexual orientation as part of your profile or communications. This is a special category of data under UK law. We only process this data where you have made it manifestly public by choosing to include it in your visible profile, or with your explicit consent for other purposes.
3. Purposes and legal bases for processing
We process your personal data lawfully under the UK GDPR. The table below explains why and our legal basis.
| Purpose of Processing | Categories of Data | Legal Basis (UK GDPR) |
|---|---|---|
| To register you, verify your age (18+), and provide our core introduction service. | Account Data, Profile Data | Contract: Necessary to perform our contract with you (Article 6(1)(b)). |
| To display your public profile to other registered users. | Profile Data | Contract & Legitimate Interests: Core function of the service. It is also in our legitimate interest to operate the platform effectively (Article 6(1)(f)). |
| To enable private messaging between users. | Communications Data | Contract: Necessary to provide the communication service (Article 6(1)(b)). |
| To ensure platform security, prevent fraud, and enforce our Terms & Conditions. | All data, particularly Technical Data | Legitimate Interests: To protect our business, users, and network security (Article 6(1)(f)). |
| To send you essential service communications (e.g., account updates). | Account Data | Contract & Legal Obligation: (Article 6(1)(b) & (c)). |
| To send marketing communications (e.g., newsletters). | Account Data | Consent: We will only do this with your prior opt-in consent (Article 6(1)(a)). |
| To process special category data (sexual orientation) you make public. | Sensitive Data | Substantial Public Interest: Processing is necessary for reasons of substantial public interest, specifically preventing and detecting unlawful acts (facilitating a safe community) under Schedule 1, Part 2, para. 10 of the DPA 2018. For non-public processing, we rely on Explicit Consent (Article 9(2)(a)). |
4. Who we share your data with
- Other Users: Your public profile information is visible to other users as a fundamental part of the service.
- Service Providers (Processors): We use trusted UK and international companies for hosting, IT support, security, and analytics. They act on our strict instructions under data processing agreements.
- Legal & Regulatory Authorities: We may disclose data if required by UK law, such as to law enforcement or regulatory bodies with a lawful request.
5. International transfers
Your data is stored in the UK and the European Economic Area (EEA). If we transfer data outside the UK/EEA (e.g., to a US-based cloud provider), we will ensure an adequacy regulation applies or use approved safeguards like UK International Data Transfer Agreements.
6. Data retention
We retain your data only as long as necessary:
- Active Account: For the duration of your account.
- After Account Closure: We delete or anonymise profile and message data promptly. We may retain some data (e.g., transaction logs) for a limited period to fulfil legal obligations (e.g., financial reporting – 6 years) or for legitimate interests like fraud prevention.
- Technical Logs: Up to 12 months for security purposes.
7. Your rights
Under UK data protection law, you have rights including:
- Right of access: To request a copy of your data.
- Right to rectification: To correct inaccurate data.
- Right to erasure (“right to be forgotten”): To request deletion in certain circumstances.
- Right to restrict processing and right to object to processing.
- Right to data portability.
- Rights related to automated decision-making.
- Right to withdraw consent at any time (where processing is based on consent).
To exercise these rights, contact us using the details in Section 1. You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner’s Office (ICO).
8. Data security
We implement appropriate technical (e.g., encryption) and organisational measures to protect your data against unauthorised access or disclosure.
9. Cookies
We use necessary cookies for site functionality. For analytics or advertising cookies, we request your prior consent via our cookie banner. See our Cookie Policy for details.
10. Changes to this policy
We may update this policy. We will notify you of significant changes by email or a site notice. The current version is always available on this page.