Privacy Policy

1. Information We Collect

1.1 Information you provide directly

Category	Examples
Account information	Username, email address, password (stored as a bcrypt hash — we never store your plain-text password)
Profile information	Display name, biography, state, city, physical measurements (height, bust, waist, hips, weight), hair colour, eye colour, gender presentation, day rate
Portfolio content	Photos and images you upload to your profile
Communications	Messages you send to other users through the on-Platform messaging system
Support requests	Emails or messages you send to us

1.2 Information collected automatically

Category	Details
Log data	IP address, browser type, operating system, referring URL, pages visited, timestamps
Session data	A secure session cookie that keeps you logged in during your visit
Preference data	UI preferences such as light/dark theme (stored in `localStorage` in your browser)
Upload metadata	File dimensions, file size, and MIME type of images you upload

1.3 Information we do not collect

We do not collect or store payment card details. The Platform currently has no paid features; if that changes, payment processing will be handled by a certified third-party provider and card data will never pass through our servers.

2. How We Use Your Information

We use collected information to:

Operate the Platform — create and manage your account, display your profile to other users, and enable messaging;
Content moderation — review uploaded photos to ensure they meet our content standards before making them publicly visible;
Security & fraud prevention — detect and prevent unauthorised access, abuse, and violations of our Terms of Service;
Communication — send transactional emails (account verification, password reset, new message notifications). We do not send marketing emails without your explicit opt-in;
Analytics & improvement — understand how the Platform is used in aggregate so we can improve features;
Legal compliance — meet applicable legal obligations or respond to lawful requests from authorities.

We process your information on the following legal bases: contract performance (to provide the service you signed up for), legitimate interests (security, fraud prevention, product improvement), and legal obligation.

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We share information only in the following circumstances:

With other users (public profile data). When your account is active, your display name, profile photo, bio, location, measurements, and portfolio photos are visible to all Platform users and, unless you request otherwise, to the general public. Your email address and messages are never publicly visible.
Service providers. We use third-party vendors to host the Platform (shared hosting / cPanel server). These providers act as data processors on our behalf and are contractually prohibited from using your data for any other purpose.
Legal requirements. We may disclose information when required by law, court order, or governmental authority, or to protect the rights, property, or safety of our users or the public.
Business transfers. If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

4. Cookies & Local Storage

We use the following technologies to store small amounts of data on your device:

Name / type	Purpose	Duration
`mm_session` (cookie)	Keeps you authenticated between page loads	Session (deleted when you close the browser, or after 2 hours of inactivity)
`mm_theme` (localStorage)	Remembers your light/dark mode preference	Persistent, stored locally in your browser — never sent to our servers
Server logs	IP address and request metadata for security and diagnostics	Rotated after 30 days

We do not use advertising cookies, tracking pixels, or any third-party analytics scripts (such as Google Analytics). The only external resources loaded on our pages are Google Fonts (for typography). Please refer to Google's Privacy Policy for how they handle font requests.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the service. When you delete your account:

Your public profile and portfolio photos are removed within 30 days;
Messages are deleted from our active database;
Basic account identifiers may be retained in anonymised form for up to 12 months for fraud-prevention and legal purposes;
We may retain server logs for up to 30 days after account deletion.

6. Data Security

We implement reasonable technical and organisational measures to protect your information against unauthorised access, loss, or disclosure:

Passwords are hashed with bcrypt (cost factor 12) — even we cannot read your password;
Session tokens are generated cryptographically and stored server-side;
All forms are protected with CSRF tokens;
HTTPS / TLS encryption for all data in transit;
File uploads are stored outside the web root with server-generated filenames to prevent directory traversal;
Rate limiting on login and registration endpoints to slow brute-force attacks.

No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal information:

Access. Request a copy of the personal data we hold about you.
Correction. Update inaccurate or incomplete information via your account settings or by contacting us.
Deletion. Request deletion of your account and personal data. We will honour such requests subject to any legal retention obligations.
Portability. Request your profile data in a machine-readable format.
Objection / restriction. Object to or request restriction of processing where we rely on legitimate interests.
Withdraw consent. Where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, contact us at [email protected] . We will respond within 30 days. We may need to verify your identity before actioning your request.

If you are in the European Economic Area you also have the right to lodge a complaint with your local data protection authority.

8. Children's Privacy

The Platform is intended for adults aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe a minor has created an account, please contact us immediately and we will delete the account and all associated data without delay.

9. Third-Party Links

User profiles may include links to external websites (Instagram profiles, personal websites, etc.). We have no control over those sites and are not responsible for their privacy practices. We encourage you to review the privacy policy of any external site you visit.

10. International Data Transfers

The Platform is operated from the United States. If you access it from outside the US, your information will be transferred to, stored, and processed in the US. By using the Platform you acknowledge this transfer. Where required, we apply appropriate safeguards (such as standard contractual clauses) to protect international transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do we will revise the "Effective date" at the top of this page. For significant changes we will provide notice by email or by displaying a prominent notice on the Platform. Your continued use of the Platform after any change constitutes your acceptance of the updated Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy team:

MedellinModeling.com — Privacy
Email: [email protected]
Response time: within 30 days