Privacy Policy
Last updated: July 2026
1. Data Controller
The party responsible for data processing on this website is:
Kavala Online · Marcus Jacobi
Posidonos 28, 65302 Kavala, Greece
E-Mail: info@kavala-online.com
Data Protection Officer (internal): Marcus Jacobi. For any questions regarding data protection or the exercise of your rights, please contact us by e-mail.
2. Overview
This website is a directory for independent escorts in Northern Greece. This service is intended exclusively for adults (18+). We collect only the personal data necessary to provide our services. We do not sell your data. We do not use advertising or tracking cookies. All data processing is based on the EU General Data Protection Regulation (GDPR).
3. Special note on sensitive data (Art. 9 GDPR)
If you create an escort profile, the information you publish (photos, services offered, contact details) may reveal data concerning your sex life within the meaning of Art. 9 (1) GDPR. We process and publish this data only with your explicit consent (Art. 9 (2) lit. a GDPR), which you give during registration and can withdraw at any time by deleting your profile or contacting us. Withdrawal does not affect the lawfulness of processing before the withdrawal.
You decide yourself which information and photos appear in your profile. Profiles are excluded from search engine indexing (noindex).
4. Data We Collect
4.1 Visitors (public directory)
When you browse the directory, no personal data is stored by us. Standard server logs (IP address, browser type, page visited, timestamp) are processed by our hosting provider Firebase App Hosting (Google LLC) for security and operational purposes and are automatically deleted after a short retention period.
To protect the platform against abuse, the IP address of certain requests (e.g. login, checkout) is processed for rate limiting via Upstash (see section 6). IP data used for rate limiting is stored only briefly.
4.2 Advertisers (escort profiles)
If you register an account to publish a profile, we process:
- E-mail address and password (authentication)
- Profile data you enter: working name, age, city, languages, physical characteristics, services, prices, contact details (phone/messenger)
- Photos you upload
- Verification data you submit (see Verification & Safety page)
- Subscription and payment status
Legal basis: contract performance (Art. 6 (1) lit. b GDPR) and — for the published profile content — your explicit consent (Art. 9 (2) lit. a GDPR).
Photos: By uploading photos you confirm that you are the person depicted or hold the depicted person's consent to publication.
4.3 Payments
Card and subscription payments are processed by Stripe — we never see or store your full card details. If you pay with cryptocurrency, we process the transaction reference you submit in order to confirm the payment manually. Payment records are retained as required by tax law.
4.4 Contact & e-mails
When you contact us, we process your name, e-mail address and message to handle your request. Transactional e-mails (registration, payment confirmations, reminders) are delivered via Resend.
5. Cookies & Storage
We use only technically necessary cookies — no tracking, no analytics, no advertising cookies.
- Session cookie (Supabase Auth) — keeps advertisers logged in. Deleted on logout or session expiry.
- Locale cookie — stores your language preference. No personal data.
- Age confirmation — stores that you confirmed being 18+. No personal data.
6. Third-Party Service Providers
We work with the following processors, each bound by a Data Processing Agreement (DPA):
- Firebase App Hosting (Google LLC, USA) — hosts and serves this website. Standard Contractual Clauses (SCCs) in place. Privacy info
- Supabase (Supabase Inc., USA) — database, authentication and photo storage. Data is stored in EU data centers. Privacy info
- Stripe (Stripe Inc., USA) — payment processing. SCCs in place. We never receive full card details. Privacy info
- Resend (Resend Inc., USA) — transactional e-mail delivery. Privacy info
- Upstash (Upstash Inc., USA) — rate limiting to protect against abuse; processes IP addresses briefly. Privacy info
- flagcdn.com — delivers small flag images for language selection; your IP address is transmitted when these images load.
7. Data Retention
Account and profile data are retained while your account is active. You may delete your profile or request deletion at any time — profile data and photos are then removed. Billing records are retained for 7 years as required by tax law. Rate-limiting data is retained only for minutes to hours.
8. Your Rights (GDPR Art. 15–22)
You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection to processing based on legitimate interest (Art. 21), and to withdraw any consent at any time without affecting prior processing.
To exercise these rights, contact: info@kavala-online.com
You also have the right to lodge a complaint with a supervisory authority. In Greece, the competent authority is the Hellenic Data Protection Authority (HDPA), www.dpa.gr.
9. Security
All data in transit is encrypted (HTTPS). Passwords are never stored in plain text — authentication is handled by Supabase Auth. Access to personal data is restricted to the site operator.
10. Changes to This Policy
We may update this privacy policy from time to time. The current version is always available at this URL. For material changes, we will notify registered advertisers by e-mail.