Privacy Policy

The data controller for your personal information is Diamond Companionship Ltd, operating at meetdiamond.co.uk.

For all data protection enquiries, contact our privacy team at privacy@meetdiamond.co.uk.

We collect the following categories of personal data:

Under UK GDPR, we process your personal data on the following lawful bases:

• Contract performance — processing necessary to provide you with the Diamond platform and fulfil our obligations to you as a user.
• Legitimate interests — platform safety, fraud prevention, improving our service, and communicating relevant product updates.
• Legal obligation — retaining records required by applicable UK law.
• Consent — where you have explicitly opted in to marketing communications. You may withdraw consent at any time.

• To create and manage your Diamond account
• To display companion profiles to prospective clients
• To facilitate and record bookings between clients and companions
• To enable in-app messaging between confirmed booking parties
• To calculate and record Diamond's 25% platform commission on bookings
• To display reviews and ratings on companion profiles
• To verify user ages and enforce our 18+ policy
• To detect and prevent fraud, abuse, and prohibited conduct
• To send transactional emails (booking confirmations, account notifications)
• To improve the platform through aggregated, anonymised analytics
• To comply with legal obligations and respond to lawful requests from authorities

We do not use your data to make automated decisions that have a legal or similarly significant effect on you without human review.

Diamond does not sell your personal data. We share data only in the following limited circumstances:

• Supabase (database & authentication): Our infrastructure provider, storing data on servers within the EU/UK. Supabase is GDPR-compliant and we have a Data Processing Agreement in place.
• Vercel (hosting): Our hosting provider. Content delivery may use edge nodes globally; personal data is processed in accordance with Vercel's DPA.
• Between users (limited): When a booking is confirmed, a client's first name/username is visible to the companion and vice versa, to enable coordinating the date.
• Law enforcement: Where required by UK law or a valid court order.

All third-party processors are contractually bound to process data only as instructed and maintain appropriate security measures.

We retain your personal data for as long as your account is active, plus:

Under UK GDPR you have the following rights regarding your personal data:

• Right of access — request a copy of the data we hold about you
• Right to rectification — ask us to correct inaccurate data
• Right to erasure — request deletion of your data (subject to legal retention requirements)
• Right to restrict processing — ask us to pause processing in certain circumstances
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — withdraw any consent you have given at any time

To exercise any of these rights, email privacy@meetdiamond.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have handled your data unlawfully.

Diamond uses the following cookies:

We do not use advertising or tracking cookies. Essential cookies required for authentication cannot be disabled without preventing you from using the platform.

Diamond implements appropriate technical and organisational measures to protect your personal data, including:

• TLS encryption for all data in transit
• Encrypted storage for all data at rest via Supabase
• Row-level security policies restricting data access to authorised users only
• Passwords hashed using bcrypt and never stored in plain text
• Regular security reviews and dependency updates

In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify the ICO within 72 hours and affected users without undue delay, as required by UK GDPR.

Diamond is strictly for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we become aware that a user is under 18, we will immediately suspend and delete their account and all associated data.

If you believe a minor has registered on Diamond, please contact us immediately at privacy@meetdiamond.co.uk.

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top and notify registered users by email for material changes. Continued use of Diamond after changes are posted constitutes acceptance of the revised policy.

For any privacy-related queries or to exercise your rights: