Privacy Policy

Dernière mise à jour : 2026-05-19

Last updated: 2026-05-19

1. Who we are

BlueTeamDev, established at Private, is the data controller for personal data processed via Naughty Compass. Contact: info@naughtycompass.com. ****.

2. What we collect

| Category | Examples | Purpose | Legal basis | |---|---|---|---| | Technical | IP address (hashed), user agent, language, referrer | Spam protection, analytics | Legitimate interest | | Click events | Outbound click ID, target site, timestamp, country (from IP) | Affiliate reconciliation, fraud prevention | Legitimate interest | | Preferences | Theme, locale, age-gate cookie | UX persistence | Consent / strict necessity | | Admin accounts | Email, password hash | Authentication | Contract | | Postback data | Affiliate event payloads (no personal identifiers) | Revenue tracking | Legitimate interest |

We do not collect names, addresses, payment information, or government IDs from visitors.

3. Cookies

  • age_ok — confirms age-gate acceptance (30 days)
  • theme — preferred theme (1 year)
  • locale — preferred language (1 year)
  • NCSESSID — admin session (admin area only)

We do not currently set third-party advertising cookies on first-party pages. Outbound clicks may result in cookies being set by destination sites, which are outside our control.

4. Retention

  • Click and impression logs: 90 days
  • Postback records: 24 months
  • Admin audit log: 24 months
  • Hashed IPs are stored as SHA-256 hashes; the plain IP is never written to disk.

5. Sharing

We share data only with: hosting infrastructure providers (under processor agreements), affiliate networks (only the click_id and event details — no personal data), and competent authorities where legally required.

6. Your rights (AVG/GDPR)

You have the right to: access, rectification, erasure, restriction, portability, and to object. To exercise these rights, email privacy@naughtycompass.com. We respond within 30 days. You may also lodge a complaint with the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

7. International transfers

Where data is transferred outside the EEA, we rely on Standard Contractual Clauses or equivalent safeguards.

8. Security

We use HTTPS, hashed passwords (Argon2 / bcrypt), CSRF protection, and least-privilege access controls. No system is perfectly secure; if you believe an account has been compromised, contact us immediately.

9. Changes

Material changes to this policy will be announced on the site at least 14 days before they take effect.