Privacy Policy

Last updated: 4 April 2026

1. Who We Are

Grand Prix Boys ("we", "us", "our") operates the website grandprixboys.com and all associated services including the Model Chat Lounge, Community Chat, photo gallery, and photo submission service. We are a UK-based online entertainment and motorsport community platform.

For the purposes of data protection legislation, we are the Data Controller. If you have any questions about how we handle your data, you can contact us at:

• Email: privacy@grandprixboys.com
• Website: grandprixboys.com

2. What Personal Data We Collect

We collect different types of personal data depending on how you interact with our website and services. We are committed to collecting only the minimum amount of data necessary to provide our services to you.

2.1 Account Registration Data

When you create an account for our Community Chat or Model Chat Lounge, we collect:

• Username — your chosen public display name
• Email address — used for account verification, password recovery, and essential service communications
• Password — stored in an irreversibly encrypted (hashed) format using industry-standard bcrypt encryption with 12 rounds of salting. We can never see or recover your actual password.

2.2 Photo Submission Data

When you submit photographs to our gallery, we collect:

• Your name — to credit you as the photographer
• Email address — so we can contact you about your submission
• Phone number (optional) — only if you choose to provide it
• The photograph you upload
• Payment reference — the PayPal transaction ID for the display fee

2.3 Payment Data

When you purchase chat credits or pay the photo display fee, payments are processed entirely by PayPal. We do not collect, store, or have access to your credit card numbers, bank account details, or any financial information. PayPal handles all payment processing under their own privacy policy. The only payment information we store is the PayPal transaction reference ID, which allows us to match payments to your account.

2.4 Chat and Conversation Data

When you use our services, we store:

• Community Chat messages — your public messages in the community chat room
• Model Chat Lounge conversations — your private conversations with AI model characters. These conversations are between you and our AI system only. No other users can see your private conversations. Our administrators may review conversations solely for the purpose of ensuring compliance with our terms of service and community safety.

2.5 Automatically Collected Data

Like most websites, our servers automatically record certain technical information when you visit:

• IP address — for security, fraud prevention, and abuse protection
• Browser type and version
• Pages visited and time spent
• Referring website — how you found us

We do not use this data to personally identify you. It is used in aggregate form to understand how our website is used and to improve our services.

2.6 Cookies

We use a minimal number of cookies:

• Authentication tokens — stored in your browser's localStorage to keep you logged in. These are not traditional cookies but function similarly.
• Cookie consent preference — to remember that you have accepted our cookie notice
• PayPal cookies — PayPal sets its own cookies during the payment process, governed by PayPal's privacy policy

We do not use any tracking cookies, advertising cookies, or third-party analytics cookies. We do not use Google Analytics or any similar tracking service.

3. How We Use Your Data

We use your personal data only for the following specific purposes:

• To provide our services — creating your account, processing your photo submissions, enabling chat functionality, and delivering purchased chat credits
• To verify your identity — sending email verification links when you register
• To process payments — matching PayPal transactions to your account
• To protect our community — moderating content, preventing abuse, enforcing our community rules, and banning accounts that violate our terms
• To improve our services — understanding how our website is used in aggregate to make it better
• To communicate with you — responding to your enquiries, notifying you about your submissions, and sending essential service updates

We will never use your data for unsolicited marketing emails, sell your data to advertisers, share your data with data brokers, or profile you for targeted advertising.

4. Legal Basis for Processing

Under UK and EU data protection law, we must have a lawful basis for processing your personal data. Our legal bases are:

• Contract — processing necessary to provide the services you have signed up for (account creation, chat services, photo submissions)
• Consent — where you have given us clear consent to process your data for a specific purpose (e.g., submitting a photo)
• Legitimate Interest — processing necessary for our legitimate business interests, such as website security, fraud prevention, and service improvement, where these interests do not override your fundamental rights and freedoms
• Legal Obligation — where we are required by law to process or retain certain data

5. How We Protect Your Data

We take the security of your personal data extremely seriously. We employ multiple layers of protection:

• Encryption at rest — all passwords are encrypted using bcrypt with 12 rounds of salting, making them computationally infeasible to reverse
• Encryption in transit — all data transmitted between your browser and our servers is encrypted using TLS/SSL (HTTPS). Our SSL certificates are automatically renewed and regularly verified.
• Secure servers — our servers are hosted in enterprise-grade data centres with physical security, redundant power, and 24/7 monitoring
• Firewall protection — our servers are protected by firewalls with strict access controls. SSH access is restricted to non-standard ports with key-based authentication only.
• fail2ban intrusion prevention — automated systems detect and block brute-force attacks and suspicious activity
• Regular security audits — our servers undergo regular security scans using ClamAV antivirus, rkhunter rootkit detection, and Lynis security auditing
• Daily automated security scans — every server is scanned automatically every day at 3am for malware and security vulnerabilities
• Access controls — administrative access to our systems is protected by two-factor authentication (2FA/TOTP)
• Regular backups — your data is backed up regularly to ensure it can be recovered in the event of hardware failure or data loss
• Country blocking — we block traffic from countries known for high volumes of cyber attacks (Russia, North Korea, Iran, Belarus) to reduce the attack surface on our infrastructure

6. Who We Share Your Data With

We share your data only with the following third parties, and only to the minimum extent necessary:

• PayPal — to process your payments. PayPal is an independent data controller and processes your payment data under their own privacy policy.
• Anthropic (Claude AI) — when you chat with models in our Chat Lounge, your messages are sent to Anthropic's Claude AI service to generate responses. Anthropic processes this data under their own privacy policy. We do not send your email address, real name, or payment details to Anthropic — only the text of your chat messages and the conversation history.
• ElevenLabs — if you use voice chat, the text of model responses is sent to ElevenLabs for text-to-speech conversion. No personal data is shared with ElevenLabs.
• Law enforcement — we may disclose your data if required by law, court order, or regulatory request

We do not share your data with any advertising networks, data brokers, social media platforms, or any other third parties not listed above.

7. How Long We Keep Your Data

We retain your personal data only for as long as necessary to provide our services and fulfil the purposes described in this policy:

• Account data — retained for as long as your account is active. If you request account deletion, we will delete your data within 30 days.
• Chat messages — community chat messages are retained for the lifetime of the service. Model Chat Lounge conversations are retained for as long as your account is active.
• Payment records — retained for 7 years as required by UK tax and accounting regulations
• Server logs — automatically deleted after 90 days
• Photo submissions — retained for as long as they are published in our gallery, or until you request their removal

8. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal data:

• Right of access — you can request a copy of all personal data we hold about you
• Right to rectification — you can ask us to correct any inaccurate data
• Right to erasure ("right to be forgotten") — you can ask us to delete your data and account
• Right to restrict processing — you can ask us to limit how we use your data
• Right to data portability — you can request your data in a machine-readable format
• Right to object — you can object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please email us at privacy@grandprixboys.com. We will respond to your request within 30 days, as required by law.

9. International Data Transfers

Our primary servers are located in Europe. However, some of our service providers (PayPal, Anthropic, ElevenLabs) may process data outside the UK/EEA. Where this occurs, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses and adequacy decisions, to protect your data to the same standard as UK GDPR requires.

10. Children's Privacy

Our website and services are intended for users aged 18 and over only. We do not knowingly collect personal data from anyone under the age of 18. If we discover that we have collected data from a minor, we will delete it immediately. If you believe a minor has provided us with personal data, please contact us immediately.

11. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make significant changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

12. How to Contact Us

If you have any questions, concerns, or complaints about this privacy policy or how we handle your personal data, please contact us:

• Email: privacy@grandprixboys.com
• Website: grandprixboys.com

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent authority set up to uphold information rights:

• Website: ico.org.uk
• Telephone: 0303 123 1113