I spoke with new escort directory on the block, Ur Little Secret, recently and they kindly agreed to answer my questions about their privacy policies.

I asked the same questions I sent out to all the other directories when I was researching for Privacy Policies of Sex Worker Directories.

Here are the responses from Ur Little Secret.

Do you require personally identifying information from sex workers for verification?

Yes.

We require one time age verification for all providers. This allows us to confirm that everyone using the platform is a legal adult and helps protect against impersonation and underage access.

This is a baseline requirement for operating responsibly across different legal environments.

Identity documents?

We ask for a government issued photo ID.

Verification is completed once and does not need to be repeated unless there is a genuine account safety concern.

Selfies?

Yes. Using both a selfie and ID allows us to confirm that an account is being created by a real person and that the ID belongs to them. At the moment, this is the most reliable way to prevent fake profiles and identity misuse.

Can these be partially obscured or redacted?

No.

For verification to be meaningful, identity documents need to be fully visible, unredacted, and clear. If parts of a document are hidden, we cannot reliably confirm that it is valid.

Do you sell our identities and/or personal details to third party advertisers?

No.

We do not sell or monetise identity documents, selfies, personal details, or profile data.

Do you take any steps to secure our identities from hackers or in case your servers were seized?

Yes. Data security is built into how the system works.

Identity documents are encrypted using AES 256, an industry standard used to protect highly sensitive data by banks and government institutions. If you want to understand the standard itself, you can read about it here:

Advanced_Encryption_Standard

We manage our own encryption keys. This means that even our hosting provider cannot access identity files. If servers were ever seized, the data would remain unreadable without those keys.

All uploads and access happen over encrypted HTTPS connections. Identity documents are used only for verification and to protect accounts from misuse. Access is limited, controlled, and logged so there is a clear record of when and why documents are accessed.

Are our identity documents and selfies deleted after verification?

Yes.

Government-issued ID is used once to confirm that the person creating the account is a legal adult and matches the submitted selfie. Once verification is completed, the ID document is permanently deleted.

The selfie is retained only so we can confirm that future photo uploads belong to the same person. This helps prevent impersonation and stolen images.

Stored offline?

They are stored in secured, encrypted systems that are not publicly accessible.

Encrypted?

Yes.

Documents are encrypted at rest and in transit. Unencrypted storage is not used.

If you were told you could protect yourself from prosecution by freely handing over the identities of sex workers to authorities, would you do so?

No.

We do not hand over identity data voluntarily. Any request must be backed by a valid, legally binding court order or subpoena and go through legal review. Informal requests or pressure are not enough.

Or would you put up a fight and demand that they get a subpoena?

Yes.

Where the law allows, we challenge requests that are not properly issued or that go beyond what is legally required. If data must be disclosed, it is limited strictly to what the law demands.

Do you honour deletion requests?

Yes.

Users can delete their account directly from their account settings.

In entirety?

Yes.

Deletion covers profile data, images, identity documents, and encrypted records linked to the account. Once the deletion process is complete, the data cannot be recovered.

How long does this take?

Account deactivation happens immediately. Fully removing encrypted data from distributed systems can take up to 30 days.

Some platforms describe deletion as instant. In practice, securely removing encrypted data across distributed systems takes time.

We believe privacy is a fundamental right, not a marketing feature.

Our approach focuses on clear boundaries, strong technical safeguards, resistance to overreach, and giving users control over their data. If you have questions or suggestions about how this can be improved, we are open to hearing them.