xPAND□RAx Logo

Privacy Policy

Last updated: February 8, 2026

1. Introduction

XpandoraX ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at xpandorax.com (the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

  • Email address
  • Username
  • Password (securely hashed using PBKDF2 with SHA-256 — we never store plaintext passwords)
  • Profile picture (if uploaded)

2.2 Usage & Interaction Data

When you use our Service, we collect data about your interactions including:

  • Content likes, dislikes, and reactions
  • Comments you post
  • Bookmarks and saved content
  • Watch history (video ID, duration watched, completion status, last playback position)
  • Content view tracking (content type, timestamp)
  • Model and producer follow actions

2.3 Automatically Collected Information

When you visit our website, we automatically collect:

  • IP address (hashed for anonymization in view tracking)
  • Browser type and version
  • Device information
  • Pages visited and time spent
  • Referring website
  • Web performance metrics (LCP, FID, CLS, TTFB, INP) for service improvement

2.4 Payment Information

When you subscribe to our VIP service, payment is processed through NOWPayments (a third-party cryptocurrency payment processor). We store transaction references — including payment IDs, subscription status, and tier information — but we do not directly store or process your cryptocurrency wallet addresses or private keys.

2.5 Partner/Creator Data

If you apply to become a content partner, we additionally collect:

  • Application details (reason, experience, portfolio links, social media links)
  • Payout wallet address and preferred cryptocurrency network
  • Earnings and payout history
  • All content you upload (videos, cuts, pictures, and associated metadata)

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Authenticate your identity and manage your account
  • Process VIP subscriptions and partner payouts
  • Personalize your experience (e.g., watch history, bookmarks, recommendations)
  • Display relevant content and features
  • Send administrative communications (account changes, security alerts)
  • Detect, prevent, and address fraud, abuse, and security issues
  • Enforce our Terms of Service and community guidelines
  • Monitor and analyze usage patterns and web performance for service optimization
  • Comply with legal obligations

4. Cookies and Tracking Technologies

We use the following cookies and local storage mechanisms:

  • Session cookie (xpandorax_session): Required for authentication and login persistence. Secure, SameSite=Lax.
  • Age verification (localStorage): Stores your age confirmation to prevent repeated prompts. No personal data is stored.
  • Theme preference (localStorage): Stores your dark/light mode preference.

Third-party advertising partners (see Section 5) may also set their own cookies to deliver targeted advertisements.

5. Third-Party Services

We use the following third-party services that may collect or process your data:

  • Cloudflare: Website hosting, content delivery network (CDN), DDoS protection, and performance optimization. Cloudflare may process your IP address and request headers.
  • Backblaze B2: Cloud storage for media files. Accessed through Cloudflare CDN — your browser does not communicate directly with B2.
  • NOWPayments: Cryptocurrency payment processing for VIP subscriptions. Subject to NOWPayments Privacy Policy.
  • ExoClick: Advertising network that serves banner ads to non-premium users. Subject to ExoClick Privacy Policy.
  • JuicyAds: Advertising network for pop-under ads (non-premium users only). Subject to JuicyAds Privacy Policy.
  • Chaturbate: Affiliate integration for live cam content. If you visit external Chaturbate links, their privacy policy applies.

VIP/premium users are not shown third-party advertisements, reducing third-party data collection.

6. Data Security

We implement robust security measures to protect your personal information:

  • Passwords are hashed using PBKDF2 with SHA-256 (100,000 iterations) with unique salts
  • All data transmission is encrypted via HTTPS/TLS (enforced via HSTS)
  • Security headers are applied to all responses (X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, Strict-Transport-Security)
  • Account lockout protection against brute-force attacks
  • Session-based authentication with secure, HTTP-only cookies
  • IP addresses are hashed for anonymization in analytics
  • Webhook endpoints use HMAC-SHA256 signature verification

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information as follows:

  • Account data: Retained while your account is active. Deleted upon account deletion request.
  • Watch history and interactions: Retained while your account is active. You can clear watch history at any time.
  • View tracking (anonymized): Retained for aggregate analytics purposes.
  • Payment records: Retained as required by applicable financial regulations.
  • Session data: Automatically expires after 7 days of inactivity.

8. Your Rights

You have the following rights regarding your personal data:

  • Access: View your data through your account dashboard
  • Correction: Update your email, username, and profile information in account settings
  • Deletion: Permanently delete your account and all associated data through account settings
  • Data portability: Request an export of your data by contacting us
  • Withdraw consent: You may stop using our Service at any time
  • Object to processing: Contact us to object to specific data processing activities

When you delete your account, we permanently remove: your profile, comments, bookmarks, watch history, view history, likes, follows, reactions, votes, and session data. This action is irreversible.

To exercise these rights, please contact us at privacy@xpandorax.com

9. Children's Privacy

Our Service is strictly intended for adults aged 18 years and older (or the age of majority in your jurisdiction, whichever is greater). We implement an age verification gate that requires users to confirm their age before accessing content. We do not knowingly collect personal information from minors. If you are a parent or guardian and believe your child has accessed our Service or provided us with personal information, please contact us immediately and we will take steps to remove such information.

10. International Data Transfers

Your information may be processed on servers located outside your country of residence. Our infrastructure uses Cloudflare's global edge network (which operates in many countries) and Backblaze B2 storage (US-based). By using our Service, you consent to this transfer of your information. We take steps to ensure that your data is treated securely and in accordance with this Privacy Policy.

11. Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the revised Privacy Policy on this page with an updated "Last updated" date. We encourage you to review this Privacy Policy periodically. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at privacy@xpandorax.com