Privacy Policy
Last updated: April 30, 2026
Introduction
Wonderland Media Ltd. (the "Company," "We," or "Controller") respects your privacy and is committed to protecting your personal data. This Privacy Policy describes how we collect, use, store, and disclose your personal data when you visit or use our website (the "Website") or our services (the "Services"). It applies to all personal data we process, regardless of your location.
This Policy is an integral part of our Terms of Service, which include provisions on arbitration and class action waiver. By using the Website, you consent to the practices described here. We may update this Policy; changes will be posted here with the updated date. Continued use constitutes acceptance.
If you have questions, contact us at support@squad-inside.com
Data Controller
The Company is the data controller responsible for your personal data under GDPR and applicable laws.
Types of Data We Collect
We collect the following categories of data:
- Personal Data: Information that identifies you, such as name, email address, billing address, payment details (processed by third-party providers), date of birth (inferred via billing for age verification), IP address, username, and device information.
- Non-Personal Data: Aggregated or anonymized data, such as usage statistics, that does not identify you.
- Technical Data: Browser type, operating system, access times, and interaction details.
- Age Verification Data: We verify user age using billing transaction data and third-party age verification providers (such as AgeVerif).
These providers may process identity or verification data independently.
We do not store or retain identity documents. Any such data is handled directly by the verification provider in accordance with their privacy policies.
We do not collect sensitive data beyond what is necessary for Services, and we do not knowingly collect data from individuals under 18.
How We Collect Your Data
- Directly from You: When you register, subscribe, make payments, contact us, or interact (e.g., comments).
- Automatically: Via cookies, logs, and tracking technologies (see our Cookie Policy for details). For age verification, we use billing data and strictly necessary session cookies to store verification status (e.g., "verified >18").
- From Third Parties: Payment processors (e.g., CCBILL), analytics providers (e.g., Google Analytics), or business partners.
Purposes and Legal Basis for Processing
We process data for the following purposes (GDPR Art. 6 bases):
| Category | Purpose | Legal Basis | Required? |
|---|---|---|---|
| Personal Data (name, email, billing) | Account creation, subscription management, and providing Services. | Art. 6(1)(b) GDPR (Contract performance). | Yes (to use Services). |
| Billing/Payment Data | Process payments and verify age (AVS via successful billing transaction). Access to 18+ content only after payment. | Art. 6(1)(b) & (c) GDPR (Contract + Legal obligation, e.g., age laws). | Yes. |
| Contact Data (email) | Service communications, updates, and marketing (if not opted out). | Art. 6(1)(f) GDPR (Legitimate interest). | No (opt-out available). |
| Technical/Cookie Data | Website functionality, security, analytics, and age verification storage (strictly necessary session cookies). | Art. 6(1)(f) GDPR (Legitimate interest) for essential; consent for non-essential (see Cookie Policy). | Essential: Yes; Others: Voluntary. |
| Aggregated Data | Statistics and improvements. | Art. 6(1)(f) GDPR (Legitimate interest). | N/A (anonymized). |
No automated decision-making or profiling occurs.
Use of Your Data
We use your data to:
- Provide and personalize Services.
- Verify age via billing (successful payment confirms 18+; stored in session cookie).
- Send updates/marketing (opt-out via email link or account).
- Improve Website (analytics).
- Comply with laws (e.g., tax, age restrictions).
- Prevent fraud/security issues.
We do not sell your data without consent.
Disclosure of Your Data
We may share data with:
- Affiliates/subsidiaries.
- Service providers (e.g., CCBILL for payments, Google for analytics) bound by confidentiality.
- Authorities if required by law.
- In mergers/acquisitions.
No sharing for marketing without consent.
Law Enforcement Policy and Procedures
We cooperate with law enforcement authorities and regulatory bodies and comply with valid legal requests in accordance with applicable laws.
Requests must be submitted to: privacy@blackmyholes.com
Requests should include sufficient information to allow us to verify the legitimacy of the request, including the identity of the requesting authority, legal basis for the request, relevant case details, and the specific data requested.
All requests are reviewed to ensure legal validity, proper jurisdiction, and compliance with applicable data protection laws. We may request additional information before processing a request.
We may disclose user data where required by law, including in connection with:
-
criminal investigations
-
fraud prevention
-
protection of users or other individuals
-
human trafficking, exploitation, or other serious unlawful activity
In emergency situations involving imminent risk of serious harm, we may expedite the review and disclosure process where legally permissible.
All disclosures are limited to what is strictly necessary and are processed in accordance with applicable laws, including GDPR where applicable.
International Transfers
Data may be transferred outside EU/EEA (e.g., to US providers). We use Standard Contractual Clauses (SCC) or other safeguards. Contact us for details.
Data Security
We use technical/organizational measures: firewalls, encryption (SSL for payments), limited access. However, no internet transmission is 100% secure. You are responsible for password security.
Your Rights
GDPR/EU/UK Rights
- Access, rectify, erase, restrict, or port data.
- Object to processing (e.g., marketing).
- Withdraw consent (does not affect prior processing).
- Complain to DPA (e.g., Cyprus Commissioner for Personal Data Protection).
Exercise via privacy@squad-inside.com. We respond within 1 month (extendable).
CCPA/US State Rights (CA, CO, etc.)
- Confirm/access/delete/correct data.
- Opt-out of sale/targeting/profiling.
- Limit sensitive data processing.
- Appeal decisions.
Email privacy@squad-inside.com. No fee unless excessive. Respond within 45 days (extendable). Nevada: Opt-out via email (we do not sell data triggering requirements).
Data Retention
| Category | Retention Period |
|---|---|
| Account/Billing Data (incl. AVS via billing) | 3 years after contract end (Services termination). |
| Payment Data (tax/accounting) | 10 years after contract end. |
| Marketing Emails | 1 year after opt-out or contract end. |
| Cookies/Technical | Session (AVS) or as in Cookie Policy. |
| Complaints | 6 months–3 years after resolution. |
Data is deleted/anonymized when no longer needed.
Changes to This Policy
Changes posted here. Material changes notified via email/Website. Continued use = acceptance.
Contact Us
Email: privacy@squad-inside.com
This Policy complies with GDPR, CCPA, and Cyprus laws. Disputes governed by Terms of Service (NAM arbitration).