Celebut LogoContact

Privacy Policy

Last updated: January 2026

1. Jurisdiction Covered

European Union (GDPR), United Kingdom (DPA 2018 C UK GDPR), United States (state privacy laws including CCPA/CPRA), Nigeria (NDPR), Kenya (Data Protection Act 2019), Ghana (Data Protection Act 2012), South Africa (POPIA), Uganda (Data Protection and Privacy Act 2019), Canada (PIPEDA).

2. Data Privacy Policy

Celebut Limited processes personal data in accordance with global privacy standards. This includes compliance with GDPR, UK GDPR, CCPA/CPRA, NDPR, POPIA, PIPEDA, and respective national laws. The policy covers data categories collected, purposes of processing, legal bases, rights, security measures, international transfers, and retention timelines.

3. Jurisdiction-Specific Compliance Framework

  • EU (GDPR)
    Celebut complies with GDPR principles including lawfulness, fairness, transparency, purpose limitation, minimization, accuracy, storage limitation, integrity, confidentiality, and accountability.
  • UK (UK GDPR DPA 2018)
    Celebut aligns with UK GDPR and the Data Protection Act 2018, ensuring lawful processing, user rights, DPIAs, and ICO-aligned compliance.
  • USA (CCPA/CPRA + State Laws)
    Celebut implements privacy rights including Do Not Sell/Share My Info, access rights, deletion rights, and transparency obligations under CCPA/CPRA and other state privacy laws.
  • Nigeria (NDPR)
    Celebut complies with NDPR requirements for consent, data minimization, data subject rights, audit filing obligations, and security safeguards.
  • Kenya (DPA 2019)
    Celebut ensures compliance with Kenya Data Protection Act provisions on lawful processing, data subject rights, DPIAs, and registration obligations where required.
  • Ghana (DPA 2012)
    Celebut follows Ghana DPA 2012 requirements including registration, consent- based processing, and data protection principles.
  • South Africa (POPIA)
    Celebut complies with POPIA principles regarding processing limitations, security safeguards, data subject participation, and breach notifications.
  • Uganda (DPPA 2019)
    Celebut adheres to Uganda’s Data Protection and Privacy Act ensuring lawful, transparent, and secure data processing.
  • Canada (PIPEDA)
    Celebut meets PIPEDA’s fair information principles including accountability, identifying purposes, consent, limiting collection, accuracy, safeguards, openness, and access.

4. Data We Collect

We collect the following categories of data:

(a) Personal Identification Information

  • Full name
  • Email address
  • Phone number
  • Date of birth
  • Gender (optional)
  • Home/Delivery Address

(b) Account Profile Information

  • Username, profile photo, biography, handle
  • User-generated content (posts, images, videos, comments, likes, tags)

(c) Financial Information

  • Payment instrument details (masked/hashed where possible)
  • Transaction history
  • Platform balance
  • Identity verification documents (for KYC):
    • Government-issued ID
    • Selfie/biometric verification
    • Proof of address
  • AML/CFT screening results (PEP, sanctions, adverse media)

(d) Device Technical Information

  • IP address
  • Device ID, device model, operating system
  • Browser type
  • Geolocation (with explicit consent)
  • Cookies and tracking data

(e) Behavioral Engagement Data

  • Interaction patterns
  • Follow/subscription behaviour
  • In-app activity logs
  • Advertising engagement metrics

5. How We Use Data

  • Provide platform services
  • Prevent fraud
  • Comply with legal obligations

6. User Rights

Your Rights

Users may:

  • Access data
  • Correct data
  • Delete account/data (except as required by AML/CFT rules)
  • Withdraw consent
  • Restrict processing
  • Request portability
  • Object to automated decision-making

You may request access, correction, or deletion of your data.

Contact: privacy@celebut.com