Working Draft — For use during soft launch only. These documents have not been reviewed by a licensed attorney. Replace with attorney-reviewed documents before scaling beyond soft launch.
This Privacy Policy explains how KinkWeb (“we,” “us,” “our”) collects, uses, stores, and protects information about you when you use the Service. We take privacy seriously. This platform exists for a community that depends on it.
KinkWeb is operated from servers in Nuremberg, Germany and is subject to the General Data Protection Regulation (GDPR). If you are located in the European Economic Area, you have specific legal rights regarding your personal data described in this policy.
1. Who We Are
KinkWeb is an adult social platform. Our servers are operated through Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. For data protection inquiries, contact us at privacy@kinkweb.social.
2. What Data We Collect
2.1 Information you provide directly
Display name (not required to be your legal name)
Email address
Date of birth (used for age verification only)
Password (stored as a cryptographic hash — we cannot read your password)
Profile information including bio, photos, and identity tags you choose to share
Questionnaire responses that build your Kink Web radar chart
Posts, messages, and other content you create on the Service
2.2 Information collected automatically
IP address at the time of login (retained for 30 days for security purposes)
Browser type and operating system (used for technical compatibility)
Pages visited and features used within the Service (used to improve the product)
Timestamps of account activity
2.3 Information we do not collect
We do not collect your legal name unless you voluntarily provide it
We do not collect payment information — all payments are processed by CCBill
We do not use third-party advertising trackers or analytics services
We do not use cookies for advertising purposes
3. Legal Basis for Processing (GDPR)
We process your personal data on the following legal bases:
Contract performance: Processing necessary to provide the Service you have signed up for, including account management, matching, messaging, and content delivery
Legitimate interests: Processing necessary for fraud prevention, security, abuse detection, and improving the Service
Legal obligation: Processing required to comply with applicable law including age verification requirements
Consent: Processing of sensitive data including sexual orientation and lifestyle preferences that you voluntarily provide through your profile and questionnaire responses. You may withdraw consent at any time by deleting this information from your profile.
4. How We Use Your Data
4.1 To operate the Service
Authenticating your account and maintaining your session
Displaying your profile to other users according to your visibility settings
Computing your Kink Web radar chart from your questionnaire responses
Calculating compatibility scores with other users using cosine similarity on axis vectors
Delivering messages between users
Displaying community content in your feed
4.2 To improve the Service
Analyzing aggregated, anonymized usage patterns to understand how features are used
Identifying and fixing technical issues
Developing new features based on community needs
4.3 To keep the Service safe
Detecting and preventing fraud, abuse, and violations of our Terms of Service
Responding to user reports and enforcing community standards
Protecting users from harassment and harmful content
4.4 To communicate with you
Sending transactional emails including account verification, password resets, and billing receipts
Notifying you of changes to our Terms or Privacy Policy
Sending platform notifications such as new matches or messages (these can be disabled in settings)
5. Photo Privacy and Blur Controls
KinkWeb provides granular photo blur controls because we understand that identity privacy is a serious concern for this community. Specifically:
You can set explicit photos to be blurred by default for all viewers or for non-connections only
You can set identity photos (showing your face) to be blurred independently of explicit content
Viewers can click to reveal blurred photos at their discretion
Blur settings are enforced server-side, not just client-side
Blur controls do not prevent moderators from viewing reported content. Moderation review always occurs on unblurred originals.
6. Data Sharing
6.1 We do not sell your data
We do not sell, rent, or trade your personal information to any third party for any purpose.
6.2 Service providers
We share limited data with the following categories of service providers who assist in operating the Service:
Hetzner Online GmbH: Server infrastructure in Germany. Subject to German data protection law and GDPR.
CCBill: Payment processing. CCBill processes payment information directly and we do not receive or store your payment card details.
6.3 Legal requirements
We may disclose your information if required to do so by applicable law, court order, or governmental authority. We will notify you of such requests where legally permitted to do so.
6.4 Safety
We may disclose information where we have a good faith belief that disclosure is necessary to prevent imminent harm to any person.
7. Data Retention
Account data is retained while your account is active and for 30 days after account deletion, after which it is permanently deleted
IP address logs are retained for 30 days then automatically deleted
Questionnaire responses and axis scores are deleted immediately upon account deletion
Messages are retained until either party deletes them or their account is deleted
Content you have posted may remain visible briefly after account deletion while deletion propagates through our systems
We may retain anonymized, aggregated data that cannot identify you for research and product improvement purposes indefinitely
8. Your Rights Under GDPR
If you are located in the European Economic Area, you have the following rights regarding your personal data:
Right of access: You may request a copy of the personal data we hold about you
Right to rectification: You may request correction of inaccurate data
Right to erasure: You may request deletion of your personal data, subject to certain exceptions
Right to restrict processing: You may request that we limit how we use your data
Right to data portability: You may request your data in a machine-readable format
Right to object: You may object to processing based on legitimate interests
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, contact us at privacy@kinkweb.social. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
9. Security
We implement appropriate technical and organizational measures to protect your personal data:
Passwords are stored using bcrypt hashing and are never stored in plaintext
All data in transit is encrypted using TLS
Database access is restricted to application processes only
Our servers are located in a GDPR-compliant data center in Germany
We conduct regular security reviews and apply security patches promptly
No security measure is perfect. In the event of a data breach affecting your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.
10. Sensitive Data
Information about sexual orientation, sexual preferences, relationship structures, and intimate practices is considered sensitive personal data under GDPR. You provide this information voluntarily through your profile and questionnaire responses. We process this data only:
To provide the compatibility matching and community features you have signed up for
To display your profile to other users according to your visibility settings
In aggregated, anonymized form for research and product improvement
You can delete any sensitive information from your profile at any time through your account settings. Deleting your account permanently removes all sensitive data we hold about you.
11. Age Verification
We collect your date of birth at registration to verify that you meet the minimum age requirement of 18 years. We retain your date of birth as part of your account record. We do not share your date of birth with other users and it is not displayed on your profile.
If we have reason to believe an account belongs to a minor, we will suspend the account and delete associated data.
12. Cookies
We use only essential cookies necessary to operate the Service:
Session cookies that keep you logged in during your visit
Security cookies that help prevent cross-site request forgery
We do not use advertising cookies, tracking pixels, or third-party analytics cookies. You can configure your browser to refuse cookies, but this will prevent you from logging in to the Service.
13. International Transfers
Your data is stored on servers in Germany within the European Economic Area. If you access the Service from outside the EEA, your data may be transferred to and processed in Germany. By using the Service, you consent to this transfer.
14. Children
The Service is not directed to persons under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us at legal@kinkweb.social and we will delete it.
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes by email at least 14 days before they take effect. The date at the top of this policy indicates when it was last updated.