Privacy Policy

Last Modified: August 17, 2023
    1. The website at and the age verification universal login we offer (together or individually known as the "Platform") are owned and operated by Aylo Freesites Ltd ("APT", "we", "us" or "our"). We are registered in Cyprus and our registered office is at 195-197 Old Nicosia- Limassol Road, Block 1 Dali Industrial Zone, 2540, Cyprus. APT is the Controller of certain personal data processed through use of the Platform.
    2. We have appointed a Data Protection Officer, who is assisted by our privacy and security team. If you have any questions about this policy or would like to exercise any of your rights, please contact our Data Protection Officer(s) either by:
      1. Email at:; or
      2. Email at:
    1. This Privacy Policy (together with our Terms of Use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
    2. We respect your privacy and are committed to protecting it through our compliance with applicable privacy and data protection laws and regulations. Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not want your information to be processed as set out in this Privacy Policy, please do not provide any personal data to us and do not use the Platform.
    3. This Privacy Policy applies to information we collect:
      1. on the Platform; or
      2. in e-mail and other communications between you and APT.
    4. It does not apply to information collected by:
      1. any other website operated by us (or our affiliates and group companies); or
      2. any application or content (including advertising) that may link to or be accessible from or on the Platform.
    5. We strongly recommend that you review the privacy policies of any website on which you use our Universal Login to access before using them or providing them with any personal data.
    1. This Privacy Policy applies to anyone who visits or uses our Platform including our "Personal Users" (individuals who create an account with us so they are able to access age restricted content, once their age has been verified by a Service Provider).
    1. Certain jurisdictions require website operators to verify a person's age before allowing them access rights to certain websites and/or certain types of content shown on websites. We collect information from Personal Users in order to verify their age and provide them with login access to websites that contain age restricted content.
    2. If a Personal User would like to use our service, our third party age verification service providers ("Service Providers") will require certain personal data to process the verification. The Service Providers will then confirm to us whether the Personal User passes or fails the age verification process and therefore is at least 18 years old or the age required by the relevant jurisdiction for accessing the Aylo Websites (as this term is defined under the Terms of Use). Once a Personal User's eligibility to use our services has been confirmed, they will be granted a "Universal Login" which they will be able to use to access the Aylo Websites.
    3. We will explain the purposes and legal basis on which we process data in more detail at section 7 of this policy.
    1. We only collect a limited amount of "personal data" about Personal Users, meaning information relating to an identified or identifiable natural person.
    2. Personal Users. We collect, receive and process the following Personal Data about you:

    Personal data we collect

    How it is collected

    Login ID (including your email address and password)

    You will provide it directly to us when you create an account with us. Note that we hash such data when storing your Login ID, for increased privacy.

    Age Status (whether you pass or fail the age verification process and therefore are at least 18 years old or the age required by the relevant jurisdiction for accessing the Aylo Websites ).

    We will receive this information from a Service Provider when they have verified your age.

    Technical data (including your internet protocol address (IP address) and log in data.

    We may collect this information from your device or browser. Note that we may hash your IP address for increased privacy

    Cookie data

    If we or a third party have set cookies on your device or browser. Please see Section 6 for more information relating to the cookies we use.

    Jurisdiction data (the country in which you are located, but not your exact location)

    We receive information about your approximate location from your IP address.

    1. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. However, if you decline to accept cookies, some functionality on our Platform may be disabled (e.g. you may have to log in more frequently) and you may be unable to access certain parts of our Platform. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Platform.
    2. Cookies can be either session cookies or persistent cookies. A session cookie expires automatically when you close your browser. A persistent cookie will remain until it expires or you delete your cookies. Expiration dates are set in the cookies themselves; some may expire after a few minutes while others may expire after many years.
    3. We currently use the following types of cookies:




      APT cookie

      This cookie is used for Personal Users which are registered and logged in and assists in tracking this information. It does not store the email address or password of the Personal User.

      Persistent cookies

      Load Balancer cookie

      This cookie tells the device which server to connect to based on the load.

      Session cookie

      Google Analytics

      We use two Google Analytics cookies which contain information regarding their device if the Personal User has chosen to share it with Google Analytics.

      Google Analytics is a web analytics service provided by Google, Inc. which uses cookies to collect information about how visitors use our site. We use this information to compile reports and to help us improve our site. Google holds this information and provides us with access to it. Find out more about Google Analytics at:
      Read the Google Analytics privacy policy at:
      You can find out how to opt out of being tracked by Google Analytics by visiting

      Various lengths

    1. We use information that we collect about you or that you provide to us for following purposes:

      What's the purpose?

      Which types of data are processed?

      What's the lawful basis?

      Confirming a Personal User passes the age verification process and therefore is at least 18 years old or the age required by the relevant jurisdiction for accessing the Aylo Websites (via a Service Provider).

      Login ID and Age Status.

      It is necessary for the performance of a contract (or potential contract) with you.

      It is necessary for our legitimate interest of operating our business effectively.

      Communicating with you.

      (Note: we do not send direct marketing to Personal Users' email addresses and Login IDs are stored as hashed data. However Personal Users may provide their un-hashed personal data when communicating with us).

      Login ID.

      It is necessary for our legitimate interest of operating our business, resolving issues if they arise and assisting Personal Users to recover their accounts or re-set passwords.

      Provision of services

      Login ID, Age Status, Technical, Cookie and Jurisdiction data.

      It is necessary for the performance of a contract (or potential contract) with you.

      It is necessary for our legitimate interest of operating our business effectively and presenting our Platform and its contents to you in the most effective way.

      Providing you with support, resolving complaints and monitoring feedback.

      Login ID and Technical Data.

      It is necessary for our legitimate interests of running our business effectively.

      It is necessary for the performance of a contract with you (e.g. where it is offered as part of our Terms of Service).

      Administering and protecting our site (e.g. troubleshooting, testing, data analysis, system maintenance)

      Login ID, Technical and Jurisdiction data.

      It is necessary for our legitimate interests of operating our site well, protecting us from cyberattacks and preventing fraud etc.

      Managing our relationship with you (including managing your account, notices about your account, and notices about changes to our Platform or any services we offer or provide through it)

      Login ID and Technical data.

      It is necessary for the performance of a contract (or potential contract) with you.

      It is necessary for our legitimate interests of running our business effectively.

      To enforce our terms and conditions or contract with you, prevent fraud or any other processing required to comply with requirements imposed by law or a court order.

      Login ID, Age Status, Technical, Cookie and Jurisdiction data.

      It is necessary to comply with our legal obligations.

      It is necessary for the performance of a contract (or potential contract) with you.

      It is necessary for our legitimate interests of running our business effectively.

    2. Sometimes we process your personal data for more than one lawful basis depending on the particular purpose for which we are using your data. We may use your data in any other way we may describe when you provide the information; or for any other purpose with your consent provided separately from this Privacy Policy.
    3. Where we need to process your personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. This means that we may not be able to provide you with the information or services you required. We will let you know if this is the case at the time.
    1. We understand that your personal data is important and we therefore want you to understand the limited circumstances in which we may disclose it. We do not share your personal data with third parties or allow them to access it, except as indicated below:
      1. If you are a Personal User and we refer any dispute between us to the ODR Platform, and/or we agree to engage in any alternative dispute resolution (ADR) procedure with you through the Platform, then to the extent that your personal data is relevant to the dispute we may disclose it to the European Commission, as operator of the ODR Platform, and to any ADR provider appointed to deal with the dispute.
      2. To our third party suppliers (e.g. serving hosting supplier, customer services supplier, business support supplier).
      3. In response to a summons or similar investigative demand, a court order or other judicial or administrative order, or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; to comply with applicable law or cooperate with law enforcement, government or regulatory agencies; or to enforce our Platform terms and conditions or other agreements or policies; or as otherwise required by law (including responding to any government or regulatory request). In such cases, we may raise or waive any legal objection or right available to us, in our sole discretion.
      4. To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganisation, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by us about our Personal Users is among the assets transferred. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal data uses it in a manner that is consistent with this Privacy Policy.
      5. To the extent a disclosure is necessary in connection with efforts to investigate, prevent, report or take other action regarding illegal activity, suspected fraud or other wrong doing; to protect and defend the rights, property or safety of our company, our Personal Users, our employees, or others, to maintain and protect the security and integrity of our Platform or infrastructure.
      6. To the extent this is necessary to fulfil any other purpose not mentioned above for which you provided personal data and, if applicable, your consent separately from this Privacy Policy.
    2. Please note that you may be required to submit identification documents and other personal data to Service Providers, who collect this information from you and who will verify your age and confirm this to us. We do not conduct the verification ourselves and will not require copies of the identification documents or other personal information you submit to the third parties, aside from an approval or rejection from the age verification process.
    3. We may also disclose aggregated non-personal data (information that does not identify any individual) without restriction. In particular, we may transfer non-personal data and process it outside your country of residence, wherever the Platform, its affiliates and service providers operate. We may combine non-personal data we collect with additional non-personal data.
    1. By using the Platform you consent to the transfer of information that we collect about you, including personal information, to any country in which we, members of our corporate group (that is, entities that control, are controlled by, or are under common control with us) or our service providers (including the Service Providers) are located.
    2. If we do share your personal data with third parties that are based outside the European Economic Area (EEA) and other regions with comprehensive data protection laws, we ensure a similar degree of protection is afforded to it by ensuring that the information is transferred in accordance with this Privacy Policy and as permitted by the applicable laws on data protection, with at least one of the following safeguards is in place:
      1. That country has been deemed to provide an adequate level of protection for personal data by the European Commission;
      2. Using specific contracts approved by the European Commission that gives personal data the same protection it has in the EEA.
    3. Personal data relating to Personal Users is stored on Microsoft Azure Cloud infrastructure and on servers in Europe. If you would like more information regarding the appropriate safeguards we have put in place for transfer of personal data outside of the EEA, please contact our DPO using the details set out at the beginning of this policy.
    1. We do not routinely process Personal Users' financial information through the Website.
    1. We store your personal data for different periods of time depending upon the purposes for which we collected it and we do not store your personal data for longer than is necessary to fulfil these purposes.
    2. We take into consideration a number of factors when we determine the appropriate retention periods for your personal data, including what personal data we are processing, the risk of harm from any unauthorised disclosure, why we are processing your personal data and whether we can achieve this outcome by another means without having to process it.
    3. Please note that if you delete your Universal Login, or if your account is closed, deleted and/or terminated for any reason, we may retain your information to the extent this should be necessary to comply with legal, auditing or account obligations.
    4. We will automatically delete any Personal User account which has not logged on for 3 years. If you would like details of our Data Retention Policy or more information about the criteria we use to decide retention periods, please contact our DPO using our details at the beginning of this policy.
    1. People who are in the European Union (and in other jurisdictions offering some or all of the following rights) have the right to:
      1. ask that any inaccurate information we hold about them is corrected;
      2. ask that we stop using their personal data for certain purposes;
      3. ask that we delete personal data we hold about them (this applies only in certain circumstances);
      4. ask that we do not make decisions about them using completely automated means;
      5. ask us for details of the personal data we hold and process about them (this is usually called a subject access request);
      6. ask that we give them the personal data we hold about them, or (where technically feasible) that we give this personal data to a third party chosen by them, in a commonly-used machine-readable format;
      7. withdraw their consent; and
      8. complain to a Member States' supervisory authority for data protection issues. Before exercising this right, we encourage you to contact us first to resolve any complaint you may have, although this is not legally required.
    2. To exercise any of the rights above please contact us using the details at the beginning of this Privacy Policy. If you do so, please provide us with as much information as you can about the request you want to make to help us respond as soon as we can. You might need to provide us with proof of identity (for example a passport or driving licence) before we can fully respond, as we need to be sure we are giving the correct personal data to the correct individual.
    3. Please be aware that the above rights are not available to everyone all the time. Some are subject to exemptions, and so we may not always be able, or required, to comply with your request to exercise these rights.
    4. We usually respond to data protection requests within one month, but it can take longer if your request is particularly complex or if you have made a number of requests. You will not usually have to pay a fee to exercise the rights above, but we reserve the right to charge a fee if your request is clearly unfounded, repetitive or excessive; alternatively, we may refuse to comply with your request.
    5. Please note that we may need to process your personal data in order for us to respond to your request.
    1. As well as being able to exercise the above rights, we have outlined below some other examples of how you can exercise control and make choices regarding the personal data you provide to us.
    2. You can choose not to provide us with certain personal data, but that may result in you being unable to use certain features of our Platform because such information may be required in order for you to register as a Personal User, pass verification procedures, login via the Universal Login, access third-party websites, purchase or request our services, ask a question, or initiate other transactions on our Platform.
    3. You may delete your Universal Login at any time. If you do so, your personal data and any and all other account related information will no longer be accessible by you. After deleting your Universal Login, if you want to create a new account, you will have to sign up again as none of the information you previously provided will have been saved. Please note that Personal Users will have to pass the age verification procedures again in order to be granted a new Universal Login.
    1. We regularly review this Privacy Policy and our compliance with its terms. Please feel free to direct any questions or concerns regarding this Privacy Policy to our Data Protection Officer using the details set out at the top of this policy.
    2. When we receive a formal written complaint, it is our policy to contact the complaining party regarding their concerns. We will cooperate with the appropriate regulatory authorities, including relevant data protection authorities, to resolve any complaints regarding the collection, use and disclosure of personal data that cannot be resolved by an individual and us.
    3. You also have the right to complain to a Member States' supervisory authority for data protection issues, as set out in paragraph 12.1.8.
    1. This Privacy Policy does not create rights enforceable by third parties.
    1. Our Platform is not for use by persons under the age of 18 and we do not seek to collect personal data from children. If you become aware that your child has provided us with personal data, please contact us using the details set out at the beginning of this Privacy Policy.
    2. If we become aware that a child has provided us with personal data, we will take steps to delete such data and terminate that person's account.
    1. We may modify or revise our Privacy Policy from time to time. Although we may attempt to notify you when major changes are made to this Privacy Policy, you are expected to periodically review the most up-to-date version found at, so you are aware of any changes.
    2. All changes are effective immediately and apply to all access to and use of the Platform thereafter. The updated version of our Privacy Policy supersedes any prior versions immediately upon being posted.
    3. If we change anything in our Privacy Policy, the date of change will be reflected in the "last modified date" below. You agree that you will periodically review this Privacy Policy and refresh the page when doing so. You agree to note the date of the last revision to our Privacy Policy. If the "last modified" date is unchanged from the last time you reviewed our Privacy Policy, then it is unchanged. If the date has changed that means that there have been changes.