I spoke with new escort directory on the block, Ur Little Secret, recently and they kindly agreed to answer my questions about their privacy policies.
I asked the same questions I sent out to all the other directories when I was researching for Privacy Policies of Sex Worker Directories.
Here are the responses from Ur Little Secret.
Yes.
We require one time age verification for all providers. This allows us to confirm that everyone using the platform is a legal adult and helps protect against impersonation and underage access.
This is a baseline requirement for operating responsibly across different legal environments.
We ask for a government issued photo ID.
Verification is completed once and does not need to be repeated unless there is a genuine account safety concern.
Yes. Using both a selfie and ID allows us to confirm that an account is being created by a real person and that the ID belongs to them. At the moment, this is the most reliable way to prevent fake profiles and identity misuse.
No.
For verification to be meaningful, identity documents need to be fully visible, unredacted, and clear. If parts of a document are hidden, we cannot reliably confirm that it is valid.
No.
We do not sell or monetise identity documents, selfies, personal details, or profile data.
Yes. Data security is built into how the system works.
Identity documents are encrypted using AES 256, an industry standard used to protect highly sensitive data by banks and government institutions. If you want to understand the standard itself, you can read about it here:
We manage our own encryption keys. This means that even our hosting provider cannot access identity files. If servers were ever seized, the data would remain unreadable without those keys.
All uploads and access happen over encrypted HTTPS connections. Identity documents are used only for verification and to protect accounts from misuse. Access is limited, controlled, and logged so there is a clear record of when and why documents are accessed.
Yes.
Government-issued ID is used once to confirm that the person creating the account is a legal adult and matches the submitted selfie. Once verification is completed, the ID document is permanently deleted.
The selfie is retained only so we can confirm that future photo uploads belong to the same person. This helps prevent impersonation and stolen images.
They are stored in secured, encrypted systems that are not publicly accessible.
Yes.
Documents are encrypted at rest and in transit. Unencrypted storage is not used.
No.
We do not hand over identity data voluntarily. Any request must be backed by a valid, legally binding court order or subpoena and go through legal review. Informal requests or pressure are not enough.
Yes.
Where the law allows, we challenge requests that are not properly issued or that go beyond what is legally required. If data must be disclosed, it is limited strictly to what the law demands.
Yes.
Users can delete their account directly from their account settings.
Yes.
Deletion covers profile data, images, identity documents, and encrypted records linked to the account. Once the deletion process is complete, the data cannot be recovered.
Account deactivation happens immediately. Fully removing encrypted data from distributed systems can take up to 30 days.
Some platforms describe deletion as instant. In practice, securely removing encrypted data across distributed systems takes time.
We believe privacy is a fundamental right, not a marketing feature.
Our approach focuses on clear boundaries, strong technical safeguards, resistance to overreach, and giving users control over their data. If you have questions or suggestions about how this can be improved, we are open to hearing them.