DareDaddy

Privacy Policy

Last Update: August 29, 2025

1. Controller

Sparkules UG (haftungsbeschränkt)
Nordhauser Straße 28
10589 Berlin, Deutschland

Managing Directors: David Schultz, William Schneider
Handelsregister: Amtsgericht Berlin HRB 266121
UmSt.-ID: DE 362411349
E-Mail: info@daredaddy.app
Website: daredaddy.app

2. Data Protection Officers

David Schultz
William Schneider
Contact for data protection inquiries: info@daredaddy.app

3. General Principles of Data Processing

We process personal data in accordance with:

  • The EU General Data Protection Regulation (GDPR)
  • The UK GDPR
  • The German Federal Data Protection Act (BDSG)
  • The California Consumer Privacy Act (CCPA), where applicable
  • Other relevant data protection laws

Processing takes place only where necessary to provide our platform, fulfill contractual obligations, comply with legal duties, protect legitimate interests, or based on user consent.

4. Data Processing on the Platform

4.1. Registration & Account Creation

When registering an account, we process:

  • Name, username, email address, password
  • Age or date of birth (for age verification)
  • Consent form of guardians for minors (if applicable)
  • IP address, registration timestamp

Legal basis: Art. 6(1)(b) GDPR (contract performance)

4.2 Creator Registration & KYC

Creators additionally provide:

  • Payout information (IBAN, bank, SWIFT/BIC, payment provider)
  • Tax information (tax ID, VAT ID, country of tax residence)
  • Postal address (for invoicing and contracts)
  • Identity verification documents (ID, proof of address)
  • Confirmation of acceptance of the Creator Agreement
  • KYC checks via Stripe, Inc. (USA)

Legal basis:

  • Art. 6(1)(b) GDPR (contract performance)
  • Art. 6(1)(c) GDPR (legal obligations for AML/tax compliance)

4.3 Payment Processing

For the purchase of "Creds", we use Stripe, Inc. (USA). Stripe may process, among other things:

  • Name, email, payment details, IP address
  • Identity documents (for KYC verification if required)

Stripe may process data outside the EU. Transfers are safeguarded via EU Standard Contractual Clauses (SCC). Further information: https://stripe.com/de/privacy

4.4 Hosting & Databases

  • IONOS SE (EU): Webhosting, E-Mail
  • Supabase (EU): Database and authentication services (GDPR-compliant, EU servers only)

4.5 Third-Party Logins

You may log in via:

  1. Google Login (Google LLC, USA) – processes account data (name, email, profile image)
    Legal basis: Art. 6(1)(b) GDPR (contract performance). SCC safeguards apply.
  2. Twitch Login (Twitch Interactive, Inc., USA) – processes account data (username, email, profile image, followers if applicable).
    Legal basis: Art. 6(1)(b) GDPR. SCC safeguards apply.

4.6 Analytics

  • PostHog (EU): – user analytics to improve the platform. May involve processing outside the EU.
    Legal basis: Art. 6(1)(a) GDPR (consent).

4.7 Social Media & Communication

If you contact us via email, WhatsApp, Instagram, or similar, we process:

  • Contact details, content of communication

Legal bases:

  • Art. 6(1)(b) GDPR (contract performance)
  • Art. 6(1)(f) GDPR (legitimate interest in communication)

4.8 Newsletter & Marketing

  • Newsletter signup requires double opt-in.
  • Data: email address, optionally name.
  • Unsubscribe anytime via link in each email.

Legal basis: Art. 6(1)(a) GDPR (consent).

4.9 Community Content

  • User-generated content (e.g., Dares, votes, usernames, chat messages) is publicly visible within Sessions.
  • By participating, you consent to the display of your chosen username and content to other users.

Legal basis: Art. 6(1)(b) GDPR (performance of platform features).

5. Cookies

We use the following cookies:

  1. Necessary Cookies (e.g., Session, Authentication) – Art. 6(1)(b) GDPR
  2. Analytics Cookies (PostHog) – only with consent, Art. 6(1)(a) GDPR
  3. Marketing Cookies – only with consent, Art. 6(1)(a) GDPR

Consent is logged and can be withdrawn anytime via cookie settings.

6. Recipients of Personal Data

  • Payment provider (Stripe)
  • Hosting/database providers (IONOS, Supabase)
  • Analytics provider (PostHog)
  • Authentication providers (Google, Twitch)
  • Public authorities and courts if legally required

7. International Data Transfers

  • Transfers to third countries (esp. USA) are safeguarded via SCC and supplementary measures (e.g., encryption).
  • Users are informed where data may leave the EU/EEA.

8. Data Retention

We store personal data:

  • For the duration of the contractual relationship
  • According to statutory retention duties (6 years under German Commercial Code, 10 years under German Tax Code)
  • Until consent is revoked (for consent-based processing, e.g., newsletter, cookies)

9. Your Rights (EU/UK)

You have the right to:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction (Art. 18 GDPR)
  • Portability (Art. 20 GDPR)
  • Withdraw consent (Art. 7(3) GDPR)
  • Lodge a complaint with a supervisory authority (Art. 77 GDPR)

10. Your Rights (California, USA)

Under the CCPA, California residents may request:

  • Disclosure of collected personal data
  • Deletion of personal data
  • Opt-out from the sale of personal data (we do not sell data)

Requests can be made via: info@daredaddy.app

11. Security

We use technical and organizational measures (e.g., TLS encryption, access control) to protect data from loss, misuse, and unauthorized access.

12. Changes

We may amend this Privacy Policy at any time with effect for the future. The current version is always available at: daredaddy.app/privacy.

Sparkules UG (haftungsbeschränkt)2025