Last Updated: 12/16/2025
GDPR Compliant (Articles 13 & 14)
Most users don't need to worry about their personal data!
Controller: StopCreepshots
Contact Email: contact@stopcreepshots.com
We are the data controller responsible for your personal data. This means we decide how and why your data is processed.
If you submit cases or identify locations, we do NOT collect any personal data about you. No email, no name, no IP address, no tracking cookies.
What we collect: Case images, descriptions, location guesses, and additional information you provide about cases—but nothing that identifies you as a person.
Personal data collected:
Source: Directly from you when you create an account
Personal data collected:
Source: Directly from you when you submit the contact form
Personal data collected:
Source: Directly from you when you submit the application form
Purpose: Platform operation, case review, and moderation
Legal basis: Legitimate interest (GDPR Article 6(1)(f))
We need trusted moderators and administrators to review submissions, ensure safety, and maintain platform integrity. This is essential for the platform to operate effectively and protect victims.
Purpose: Responding to your inquiries and requests
Legal basis: Consent (GDPR Article 6(1)(a))
By submitting the contact form, you voluntarily provide your information and consent to us processing it to respond to your message.
Purpose: Processing your application to become a moderator
Legal basis: Consent (GDPR Article 6(1)(a))
By submitting your application, you voluntarily provide your information and consent to us processing it to evaluate your application.
Purpose: Facilitate location identification and assist law enforcement
Legal basis: Not applicable (no personal data collected from anonymous submitters)
Case submissions and location identifications are completely anonymous. We keep this data to achieve the platform's mission of identifying locations and assisting law enforcement.
The following information becomes publicly visible after moderator approval:
Important: No personal data about submitters or location identifiers is ever made public.
Administrators only: Platform administrators have access to original (unblurred) images for platform operation and law enforcement coordination.
Store Owners: When a case location is identified, verified store owners may receive secure, time-limited access keys to view original images. This access:
Important: Moderators can NEVER access original (unblurred) images. They only work with blurred versions to protect victim privacy.
We may disclose case data to law enforcement agencies when required by law, in response to valid legal requests, or when necessary to protect public safety.
| Data Type | Retention Period | Reason |
|---|---|---|
| Case submissions & images | 7 years after case closure | Legal requirement for evidence preservation |
| Location identifications | 7 years after case closure | Legal requirement for evidence preservation |
| Moderator/Admin accounts | While account is active | Platform operation |
| Contact form messages | 2 years | Communication records |
| Moderator applications | 2 years | Application records |
| Admin action logs | 1 year | Security auditing |
| Store access keys | 1 year | Access audit trail |
If we have collected personal data from you (moderators, contact form users, or applicants), you have the following rights under GDPR:
You can request a copy of all personal data we hold about you.
You can ask us to correct any inaccurate personal data about you.
You can request deletion of your personal data in certain circumstances, such as when it's no longer necessary for the purposes for which it was collected.
You can request that we limit how we use your personal data in certain situations.
You can request your personal data in a structured, commonly used, and machine-readable format (e.g., JSON or CSV).
You can object to processing of your personal data based on legitimate interests.
Where processing is based on consent, you can withdraw your consent at any time. This does not affect the lawfulness of processing before withdrawal.
You have the right to lodge a complaint with your local data protection authority (supervisory authority) if you believe we have violated your data protection rights.
EU residents: Find your supervisory authority at https://edpb.europa.eu
To exercise any of these rights, please contact us at:
contact@stopcreepshots.com
We will respond to your request within 30 days as required by GDPR Article 12(3).
We do NOT use automated decision-making or profiling. All case reviews and moderation decisions are made by human moderators.
Your data may be transferred to and processed in countries outside the European Economic Area (EEA), specifically the United States, where our database and hosting infrastructure operates.
Safeguards in place:
We implement appropriate technical and organizational measures to protect your personal data:
Database access controlled at the row level
Secure, time-limited keys for authorized access
All data transmitted over HTTPS
All admin actions logged with timestamps
Data encrypted at rest by our database provider
Original images private, blurred images public
We may update this Privacy Policy from time to time. When we make material changes, we will:
Your continued use of the platform after changes constitutes acceptance of the updated policy.
| Category | Legal Basis | GDPR Article |
|---|---|---|
| Moderators/Admins | Legitimate interest | Article 6(1)(f) |
| Contact form users | Consent | Article 6(1)(a) |
| Moderator applicants | Consent | Article 6(1)(a) |
| Case submitters | N/A (anonymous, no personal data) | N/A |
| Location identifiers | N/A (anonymous, no personal data) | N/A |
If you have any questions about this Privacy Policy or want to exercise your data protection rights, please contact us:
Contact Form:
Submit an inquiry via our contact formWe aim to respond to all privacy-related inquiries within 30 days.
This Privacy Policy has been designed to comply with the General Data Protection Regulation (GDPR) EU 2016/679, specifically Articles 13 and 14 regarding information to be provided to data subjects. We are committed to protecting your privacy and handling your data transparently and lawfully.