Privacy

Plain English. What we collect, why, and what we never collect. Effective 2026. We'll update this page when things change and date the update visibly.

What we collect

If you only read

Anonymous request logs (IP-truncated to a region) for 30 days, kept to defend against abuse and to debug. Aggregated, non-identifying page-view metrics. A single first-party preference cookie that remembers your theme choice. No third-party analytics. No advertising pixels.

If you sign up

The profile you create — name or pseudonym, age, location (granular to whatever level you choose), gender, orientation, pronouns, relationship structure, what you're looking for, photos you upload, messages you send. An email address, used for sign-in and account-critical notifications. A hashed password (we never see the plaintext). Login session metadata so we can keep you signed in.

If you become a member

When the membership tier launches: billing information handled by our payment processor (Stripe). We see the last four digits of your card and the billing country; we never see the full card number.

What we never collect

• Your reading history when you are not signed in.
• Your full address. The platform asks for your city or metro area; not a street, not a ZIP code.
• Your phone number (we don't do SMS).
• Your contacts list, your camera, your microphone, your location telemetry — unless you affirmatively grant a permission in your browser, in which case we use it for the feature you just enabled and discard it after.
• Anything from third-party trackers. We don't use Google Analytics, Facebook Pixel, or similar.

What we share

What other members see on your profile

Whatever you put on your profile, gated by your visibility settings. You control whether your profile is public, members-only, or visible only to people you've granted access. Photos can be set per-photo to public, members, or unlock-on-request.

What we share with vendors

Stripe (for payments, when applicable). Our hosting provider (for serving the site). Our email provider (for sign-in emails). That is the entire list. We do not share your profile, your messages, or your activity with anyone else, and we do not sell data — full stop.

What we share with law enforcement

We comply with valid legal process and refuse vague or overbroad requests. We notify affected users unless legally prohibited from doing so. We publish a transparency report annually.

Your rights

• Export all your data, including your messages, at any time.
• Delete your account and all attached data. Deletions are honored within 30 days.
• Correct or update any field on your profile yourself.
• EU/UK residents: GDPR rights to access, rectification, erasure, restriction, portability, and objection apply.
• California residents: CCPA rights to know, delete, and opt out apply.

Cookies

Strictly necessary: a session cookie when you sign in, a theme preference cookie, an anti-CSRF token cookie. We do not use advertising or tracking cookies at all.

Security

TLS everywhere. Passwords hashed with a memory-hard algorithm. Photos stored encrypted at rest. Database backups encrypted. We'll publish our security practices in more detail as the platform matures; see .well-known/security.txt for how to report a vulnerability.

Contact

Questions about this policy: our contact form. We respond within 5 working days.