Privacy Policy

Status: March 2026
The following policy explains how we handle your personal data when you use our website spicycomic.com.

1. An Overview of Data Protection

General Information

The following information will provide you with an easy-to-navigate overview of what will happen with your personal data when you visit this website. The term “personal data” comprises all data that can be used to personally identify you.

Data Recording on this Website

Who is the responsible party for the recording of data on this website (the “Controller”)?
The data processing on this website is carried out by the operator of the website:
EP STUDIOS UG (haftungsbeschränkt)
Friedrichstr. 155, 10117 Berlin, Germany
Phone: +49 15511 4830773
Email: info@spicycomic.com

How do we record your data?
We collect data as a result of your sharing of your data with us. This may, for instance, be information you enter into our checkout form or data associated with your customer account.

Other data shall be recorded by our IT systems automatically or after you consent to its recording during your website visit. This data comprises primarily technical information (e.g., standard web server logs, IP address for geo-blocking, timestamp). This information is recorded automatically when you access this website.

What are the purposes we use your data for?
The data is collected to ensure the error-free provision of the website and to fulfill our contract with you. Key purposes include:

  • Processing “Spicycoin” purchases and managing your virtual account balance.
  • Enforcing Geo-Blocking technical measures to comply with international distribution laws.
  • Age verification to protect minors.

2. Hosting and Content Delivery Networks (CDN)

We host the content of our website with the following provider:

Abelohost

The provider is Abelohost B.V., Daalwijkdreef 47, 1103AD Amsterdam, The Netherlands. When you visit our website, Abelohost collects various log files including your IP addresses.

Furthermore, we use Content Delivery Networks (CDN) and streaming infrastructure (e.g., Bunny.net) to deliver video content efficiently. Technically necessary connection data (such as your IP address) is transmitted to these servers to enable the streaming of purchased content.

The use of these services is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable depiction and delivery of our website. We have concluded a Data Processing Agreement (DPA) with our providers.

3. General Information and Mandatory Information

Data Protection

The operators of this website and its pages take the protection of your personal data very seriously. We treat your personal data as confidential and in compliance with the statutory data protection regulations and this Data Protection Declaration.

SSL and/or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program.

4. Data Collection on this Website

Cookies & Local Storage

Our website uses “cookies” and local storage technologies. These are small text files stored on your device. We use them for technical necessities:

  • To keep you logged in.
  • To store your shopping cart contents.
  • To confirm your age verification status (so you don’t see the popup every time).

Technical cookies are stored on the basis of Art. 6(1)(f) GDPR (legitimate interest in the simplified use of the website).

Server Log Files

The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. This includes Browser type/version, Operating system used, Referrer URL, Hostname of the accessing computer, Time of the server inquiry, and IP address (for security and geo-blocking).

Account & Virtual Currency Data

If you register for an account to purchase our virtual currency (“Spicycoins”), we store the data you provide (Username, Email, Password hash) as well as your current transaction history and coin balance. This processing is based on Art. 6(1)(b) GDPR (Performance of a Contract) to ensure you can access the content you paid for.

5. Payment Service Providers

We use CCBill LLC (3402 E. University Dr. STE 420, Phoenix, AZ 85034, USA) as our payment service provider to process credit card transactions. When you make a purchase (e.g., buying a Coin Pack), we transfer your payment data (e.g., transaction amount, currency, order ID) to CCBill for processing.

Important Note on Credit Card Data: We do not store or process your full credit card number or CVC code on our own servers. This data is handled directly and securely by CCBill, which is PCI-DSS compliant. For more information, please refer to CCBill’s Privacy Policy.

The legal basis for this data transfer is Art. 6(1)(b) GDPR (contract processing) and Art. 6(1)(f) GDPR (legitimate interest in offering secure payment methods). The transfer of data to the USA is covered by CCBill’s compliance with applicable data protection standards.

5a. Age Verification (Facial Age Estimation)

For visitors accessing our website from certain regulated jurisdictions (including but not limited to Germany, France, the United Kingdom, and Italy), we use a third-party age verification service to comply with local youth protection laws.

Service Provider: Yoti Ltd., 6th Floor, 107 Leadenhall Street, London, EC3A 4AF, United Kingdom.

How it works: When age verification is required, your device camera captures a facial image. Yoti’s AI estimates your age based on this image and performs a liveness check to confirm a real person is present. The result (estimated age, pass/fail) is returned to our website.

Data minimisation: Yoti does not store, share, or reuse the facial image. It is permanently deleted immediately after the age estimation is completed. No identity documents are required, no personal data is retained by Yoti, and no user account with Yoti is created. Yoti cannot personally identify you through this process.

Legal basis: Art. 6(1)(c) GDPR (compliance with a legal obligation under the German Jugendmedienschutz-Staatsvertrag, the French SREN Act, the UK Online Safety Act, and the Italian AGCOM Resolution 96/25/CONS, respectively). For more information, please refer to Yoti’s Privacy Policy.

6. 18 U.S.C. § 2257 Exemption (Fictional Characters)

We do not collect or store personal data of “performers” because all content on this website constitutes 100% fictional, animated artwork. No actual human beings are depicted in sexual conduct.

7. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR): You have the right to receive information about the origin, recipient, and purpose of your archived personal data at any time without having to pay a fee.
  • Right to rectification (Art. 16 GDPR): You have the right to demand the rectification of inaccurate personal data.
  • Right to erasure (Art. 17 GDPR): You have the right to demand the deletion of your personal data, provided there is no legal obligation to retain it.
  • Right to restriction of processing (Art. 18 GDPR): You have the right to demand the restriction of the processing of your personal data under certain circumstances.
  • Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21 GDPR): You have the right to object to the processing of your personal data based on legitimate interests at any time.
  • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. The competent authority for our company is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin, Germany.

To exercise any of these rights, please contact us at info@spicycomic.com.