Privacy Policy
Global Compliance: EU GDPR, UK GDPR, EEA & EFTA regulations; U.S. State Privacy Laws – CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA, ICPA, FL-DBR, TN-TIPA, OR-OPA, DE-DPA; Canada PIPEDA; Brazil LGPD; Australia Privacy Act; Singapore PDPA; Switzerland nFADP
Effective Date: 10 July 2025
Last updated: 07 July 2025
This Privacy Policy explains how your personal data are collected, processed, shared, and protected when you use the Views4You platform (“Platform”). By accessing the Platform, you acknowledge that you have read and accepted this Policy. If you do not agree, please refrain from using the Platform.
1. Who We Are
| Controller | Registered Address | EU/UK Representative (GDPR Art. 27) |
DPO / Privacy Contact |
|---|---|---|---|
| Extlikes UK Marketing Limited | Technique Building, 140 Goswell Road, London EC1V 7DY, United Kingdom | EU Rep: GDPRLocal Ltd., 12 Rue de Luxembourg, 7503 Ath, Belgium | privacy@views4you.com |
| Novence LTD | Cs 48756, 58 Rue de Monceau, 75008 Paris, France | UK Rep: Compliance-Works Ltd., 71-75 Shelton St, London WC2H 9JQ, UK | privacy@views4you.com |
Throughout this document, “Views4You,” “we” or “the Company” refers to the entities above.
2. Scope of this Policy
This Policy applies to:
- Paid digital-promotion services (followers, views, likes, etc.)
- Free utilities (YouTube Thumbnail Downloader, Rank Tracker, IG Story Viewer, etc.)
- Limited daily Free Trial promotions
- The website
views4you.com, all sub-domains, APIs, and the mobile web version
Key Jurisdictions & Safeguards
| Region / Country | Core Legislation | Safeguards Implemented |
|---|---|---|
| EU / EEA | GDPR | Lawful bases, Data-Subject Rights, SCC/DPA, EU Rep |
| United Kingdom | UK GDPR, DPA 2018 | UK Rep, IDTA-equivalent safeguards |
| United States (federal) | FTC Act, COPPA | Children’s data exclusion, UDAAP safeguards |
| United States (state) | CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA, ICPA, FL-DBR, TN-TIPA, OR-OPA, DE-DPA | “Sell/Share” definition, notices, GPC signals, sensitive-data limits |
| Canada | PIPEDA | Reasonable-purpose test, express consent, access/correction |
| Brazil | LGPD | Rights, legal bases, cross-border transfers |
| Australia | Privacy Act 1988 & APPs | Notice, overseas-transfer controls |
| Switzerland | nFADP 2023 | Transparency, export controls |
| Singapore | PDPA | Purpose limitation, accountability |
3. Categories of Data We Collect
| Category | Examples | Source |
|---|---|---|
| Identity Data | First/last name, username, country | You |
| Contact Data | E-mail, telephone, postal address, social handle | You |
| Financial Transaction Data | Order ID, payment amount, crypto wallet address | Payment processors |
| Content Data | URLs & media titles supplied for promotion | You |
| Technical & Usage Data | IP, device fingerprint, browser type, clickstream, heat-maps | Automated |
| Cookie Data | Session ID, preferences, GPC signals | Cookies / trackers |
| Marketing Preferences | Newsletter opt-in status, consents | You |
We do not collect special-category data (e.g., health, biometrics) and we do not knowingly process data of children under 18 years (COPPA, GDPR Art. 8).
4. Purposes & Lawful Bases
| Purpose | Lawful Basis (GDPR Art. 6) | U.S. Processing Category |
|---|---|---|
| Service provision & order fulfilment | Contract performance | “Necessary to perform” |
| Payment collection & invoicing | Legal obligation (tax) | — |
| Fraud prevention & security | Legitimate interest | “Security processing” |
| Product improvement & analytics | Legitimate interest / Consent | Not targeted advertising (data anonymised) |
| Marketing communications | Consent (opt-in) | Opt-out if considered “Sell/Share” |
| Non-essential cookies | Consent (ePrivacy) | — |
5. Payment Processing
- All payments are processed by Checkout.com, Payabl, or CoinPayments (PCI-DSS v4.0 compliant).
- We never store full card numbers.
- For crypto payments we store only the wallet address and transaction hash.
6. Cookies & Tracking Technologies
| Type | Purpose | Retention |
|---|---|---|
| Essential session cookies | Login, cart, CSRF | Deleted on browser close |
| Analytics cookies | Site performance (Google Analytics 4) | 14 months |
| Preference cookies | Language, theme | 12 months |
| Marketing cookies ( opt-in ) | Retargeting | 90 days |
User choices
- Manage preferences via the cookie banner (“Reject All / Accept All / Customise”).
- GPC signals are honoured and trigger automatic opt-out in CA, CO, CT.
7. Data Sharing
| Recipient | Purpose | Location / Safeguard |
|---|---|---|
| Group Companies (Extlikes UK, Novence) | Operations | UK / FR |
| Service Providers (hosting, CDN, analytics) | Infrastructure | EEA or SCC/IDTA |
| Payment Processors | Billing | US / EEA (SCC) |
| Authorities | Tax, legal, anti-fraud | Relevant jurisdiction |
International transfers rely on the Standard Contractual Clauses (SCC), UK IDTA, encryption at rest, zero-trust ACLs, and documented risk assessments.
8. Retention Periods
| Data Type | Duration | Rationale |
|---|---|---|
| Order / Invoice records | 6 years | Tax & accounting statutes |
| Account identity & contact | Active account + 2 years | Potential claims, defence |
| Marketing-consent logs | As long as active | Proof of consent |
| Cookie data | Up to 14 months | Analytics limit |
| Back-ups after deletion request | 30-90 days | Forensic back-up window |
9. Data-Subject Rights
Your rights depend on your jurisdiction. They may include:
- GDPR / UK GDPR: Access, Rectification, Erasure, Restriction, Portability, Objection, Automated-decision objection
- CCPA/CPRA: Know, Delete, Correct, Opt-out of “Sale/Share”, Limit sensitive data, Non-discrimination
- Other U.S. States: Similar access / delete / correct rights; opt-out of targeted ads
- PIPEDA: Access, Correct, Complain
- LGPD: Withdraw consent, Restrict processing, Portability
- APAC: Access, Correct, Complain (OAIC, PDPC)
Submit requests to privacy@views4you.com (specify region & request). Identity verification is required. California residents may also use the “Do Not Sell or Share My Personal Information” link.
10. Security Measures
- TLS 1.3 encryption in transit
- AES-256 encryption at rest
- Zero-day monitoring, IDS/IPS, WAF
- Role-based access control (least-privilege)
- Annual penetration tests & planned SOC 2 Type II certification (target 2026)
11. Children’s Privacy
The Platform is not directed to persons under 18. If we discover under-age data, we will erase it promptly (COPPA, GDPR Art. 8).
12. Third-Party Sites
The Platform may contain links to third-party sites (YouTube, Instagram, etc.). We are not responsible for their privacy practices; please review their policies separately.
13. Policy Amendments
Material changes will be announced on-site and, where feasible, via e-mail to registered users. The “Effective Date” will be updated accordingly. Continued use of the Platform constitutes acceptance of the revised Policy.
14. Contact & Complaints
| Channel | Details |
|---|---|
| General E-mail | privacy@views4you.com |
| U.S. Privacy E-mail | us-privacy@views4you.com |
| EU DPO E-mail | dpo-eu@views4you.com |
| Postal Address | Extlikes UK Marketing Limited, Technique Building, 140 Goswell Road, London EC1V 7DY, UK |
| Supervisory Authorities | UK ICO, CNIL (FR), any EDPB authority, California Privacy Protection Agency (CPPA) |
Important Notes
- Opt-Out Signals: If a GPC or
Sec-GPCheader is detected, U.S. marketing cookies are automatically disabled. - Sensitive Data (CPRA § 1798.121): We do not process sensitive personal data; if processing becomes necessary, users will be offered a limitation option.
- Do Not Track (DNT): Legacy DNT signals are no longer recognised, but GPC signals are fully respected.
This comprehensive Privacy Policy is globally compliant as of 2025. It will be updated to reflect future regional amendments (e.g., India DPDP 2025 once enacted).