Privacy Policy

This Privacy Policy explains how AvatarShot collects, uses, stores, transfers, and protects personal data in connection with the platform services.

Last updated: July 8, 2026

Who We Are

AvatarShot ("we", "our", "us") operates avatarshot.com, a social and marketplace platform for Second Life residents. AvatarShot is operated from Italy and processes personal data under applicable EU data protection law, including GDPR.

AvatarShot is not affiliated with Linden Research, Inc. or Second Life™.

Information We Collect

Information You Provide

  • Account Information: Second Life™ avatar name, display name, email address (optional), password (optional).
  • Profile Information: Bio, location, social media links, avatar image, cover image.
  • Content: Images, videos, posts, comments, portfolio content, blog posts, product listings you create and upload.
  • Communications: Support tickets, messages, and any correspondence with us.
  • Payment Information: Transaction records for L$ payments. We do not store credit card or banking information.

Information Collected Automatically

  • Usage Data: Pages visited, features used, timestamps, referring URLs.
  • Device Information: Browser type, operating system, screen resolution.
  • IP Address: Collected for security purposes (rate limiting, abuse prevention, fraud detection). Stored in hashed or minimized form for analytics use cases where applicable.
  • Cookies: Session cookies for authentication, preference cookies for settings. See Cookie Policy.

Information from Third Parties

  • Second Life™ Verification: We may verify your avatar identity through in-world OTP delivery via the w-hat.com name2key service (avatar name to UUID resolution).
  • SL Marketplace Import: If you use the import feature, we fetch publicly available product information from the Second Life Marketplace.

How We Use Your Information

  • To provide, maintain, and improve our services
  • To create and manage your account
  • To display your content on the platform (feed, portfolios, profiles, marketplace)
  • To process marketplace transactions and deliver products
  • To send notifications about activity on your account (likes, comments, follows, orders)
  • To operate content ranking and relevance features based on platform context and user settings
  • To enforce our Terms of Service and Community Standards
  • To prevent fraud, abuse, and security threats
  • To respond to support requests and communications
  • To generate anonymized analytics to improve the platform

Data Storage and Security

We take the security of your data seriously and implement appropriate technical and organizational measures:

  • Images and Media: Stored on Amazon Web Services (AWS) S3 in the EU (Ireland) region, delivered via CloudFront CDN with HTTPS encryption.
  • Database: Stored on controlled infrastructure with encrypted transport, restricted access, and backup procedures.
  • Passwords: Hashed using bcrypt. We never store passwords in plain text.
  • OTP Codes: Temporary, expire after 10 minutes, and are invalidated after use.
  • HTTPS: Data in transit is protected through TLS/SSL encryption.
  • Security Headers: We implement CSP, HSTS, X-Frame-Options, and other security headers.

Data Sharing

We do not sell, rent, or trade your personal data to third parties. We may share data with:

  • Amazon Web Services (AWS): Infrastructure provider for hosting, storage, and content delivery (EU region).
  • Second Life™ (via LSL bot): Your avatar UUID is used to deliver OTP codes in-world. No other data is shared with Linden Lab.
  • Law Enforcement or Authorities: Where required by law, lawful request, or to protect users and platform integrity.
  • Other Users: Your public profile information, posts, and marketplace listings are visible to other users as per your privacy settings.

We do not use any third-party analytics services (Google Analytics, Facebook Pixel, etc.) that would track you across websites.

Cookies and Tracking

We use a limited set of cookies required for secure operation and user preferences:

  • Session Cookie: Required for authentication and CSRF protection. Expires after session timeout.
  • Remember Me Cookie: Optional, keeps you logged in for 30 days.
  • Locale Cookie: Stores your language preference.
  • Cookie Consent: Stores your cookie preference choice.

We do not use tracking cookies, advertising cookies, or any third-party cookies. For more details, see our Cookie Policy.

Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), if you are in the EU/EEA, you have the following rights:

  • Right of Access: Request a copy of all personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data. You can delete your account from Settings, which removes all data within 30 days.
  • Right to Data Portability: Request your data in a structured, machine-readable format.
  • Right to Restrict Processing: Request that we limit how we use your data.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise these rights, contact privacy@avatarshot.com. We respond within the legally required timeframes.

If you believe your rights have been violated, you have the right to lodge a complaint with your local Data Protection Authority.

Data Retention

  • Active Accounts: Data is retained for as long as your account is active.
  • Deleted Accounts: Personal data and user content are deleted within 30 days, subject to legal retention obligations.
  • OTP Codes: Automatically deleted after 10 minutes.
  • Session Data: Cleared after session expiry or logout.
  • Server Logs: Retained for security and audit purposes, then purged according to retention policy.
  • Support Tickets: Retained for 1 year after resolution, then anonymized.

Children's Privacy

AvatarShot is not intended for users under 18 years of age, consistent with Second Life™'s Terms of Service. We do not knowingly collect personal information from anyone under 18. If we discover that a user is under 18, their account will be immediately terminated and all data deleted.

International Data Transfers

Your data is primarily stored and processed within the European Union (Ireland for AWS, Italy for our server). If data is transferred outside the EU, it is done so under appropriate safeguards such as Standard Contractual Clauses (SCCs) as required by GDPR.

Changes to This Policy

We may update this Privacy Policy to reflect legal, operational, or product changes. Material updates are communicated through the platform. The "Last updated" date indicates the latest revision.

Contact

For privacy-related inquiries or to exercise your GDPR rights: