Safety & Privacy
The data you store with us
is intimate. We know that.
Safety isn't a feature we added. It's the reason we built every other feature the way we did.
Encryption
We can't read your content.
That's by design.
Every message you send, every diary entry you write, every rule, every task, every limit classification — it's all encrypted in the database with a key that belongs to your dynamic. Not to us. To you.
Every file you upload — photos, videos, receipts, documents — is encrypted with AES-256 before it reaches storage. Our storage provider only ever holds encrypted data. Even we can't open your files.
Your key is generated the moment your dynamic is created and stored in a separate, isolated vault. Even if someone broke into our systems, they'd find scrambled text and unreadable files.
Our own engineers can't read your content or view your files. There is no admin panel that shows your diary. There is no support tool that displays your messages or photos. The architecture makes it impossible, not just against policy.
When your dynamic ends and the last person leaves, the encryption key is destroyed. The data becomes permanently unreadable. Not deleted and recoverable. Mathematically inaccessible.
Consent
Limits are built in, not bolted on.
Every person in a dynamic classifies activities independently — hard limit, soft limit, curious, or neutral. You can see each other's limits, but you can only edit your own.
If anything changes, the other person knows immediately. It's negotiation as a living document, not a conversation that gets forgotten.
Clean exits
When it's over, everything goes.
When the last person leaves a dynamic, the encryption key is destroyed first. Then all data is permanently deleted — diary entries, rules, tasks, budgets, limits, timeline, and every uploaded file. Nothing retained. Nothing recoverable. Not even by us.
Delete your account and the same thing happens. Profile, memberships, files, authentication record. No soft deletes. No hidden backups. Gone.
What's encrypted
Everything that matters.
Messages
Every word in your chat. Encrypted before it's stored.
Diary entries
Your reflections, your Dom(me)'s comments. All of it.
Rules & tasks
Titles, descriptions, instructions, lines content. Everything that describes what you do.
Limit classifications
What you marked as hard, soft, or curious — encrypted so nobody can see what you think about any activity.
Evidence & files
Every uploaded photo, video, receipt, and document is encrypted with AES-256 before storage. Even filenames are replaced with opaque identifiers. Evidence auto-deletes after 14 or 60 days.
Budget & wishlist
Spending descriptions, wishlist items, notes. Your financial dynamic is private too.
How we protect you
Privacy as architecture, not policy.
No real names required
We never ask for your real name. Your display name can be anything — a scene name, a title, an initial. Partners find you through a random code or email invite, not personal details.
Email stays hidden
Your email is never visible to other users — even if they invited you by email. Inside the app, connections are identified by display names you choose.
No passwords to steal
Every login uses a magic link sent to your email — single-use and expires quickly. There's no password database to breach.
Your data, isolated
You can only ever see data from dynamics you're in. This isn't an application rule — it's enforced at the database level. There's no admin backdoor.
On your phone
Two extra layers.
Biometric lock. Face ID or Touch ID before the app opens. Nobody gets in without your face or fingerprint.
Panic button. One tap and the screen becomes a boring spreadsheet. Tap again to come back. For when someone glances at your screen unexpectedly.
Our infrastructure.
Built on Supabase (SOC 2 Type 2 compliant, independently audited). Files stored on Cloudflare R2, encrypted with AES-256 before storage — Cloudflare only ever holds ciphertext. Payments handled by Stripe (PCI Level 1). Per-dynamic encryption keys stored in an isolated vault, separate from the data they protect. All uploads scanned for illegal content before encryption. We regularly review our security practices and welcome responsible disclosure.
Your privacy is the foundation.
Structure your dynamic on a platform that takes your safety as seriously as you do.
Not ready yet? Get D/s insights and product updates in your inbox.