Privacy Policy

How SafeWordHub collects, uses, and protects your information.

Overview

SafeWordHub ("we," "our," or "us") refers to the SafeWordHub service and the team operating it. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our website and mobile application (collectively, the "Service"). SafeWordHub is an 18+ adult lifestyle platform designed for consenting partners to explore fantasies, manage tasks, and maintain personal wellness.

Last updated: 21 Apr 2026

1. Information We Collect

1.1 Account Registration Information

When you create an account, we collect:

  • Email address (used for account recovery, authentication, and platform communications)
  • Password (stored as an encrypted bcrypt hash; we never store plaintext passwords)
  • Display name (visible to your partner within the app)
  • Date of birth (to verify you are 18 years or older)
  • Role designation (Dom/Submissive)
  • User timezone (for proper scheduling of reminders and notifications)

1.2 Profile and Preference Data

You may optionally provide:

  • Kink and preference selections from our consent-based taxonomy
  • BDSM archetype compatibility assessments and results
  • Calendar preferences, notification settings, and timezone overrides
  • Subscription tier information and feature entitlements
  • Safety words and scene preferences shared with your partner
  • Communication history with your partner (chat messages and timestamps)

1.3 Task and Proof Data

When you submit tasks and proof-of-completion for verification, we collect:

  • Proof Submissions: Photos, videos, text responses, GPS coordinates, and live video captures submitted as task evidence
  • Video Metadata: Creation timestamps, device type, file duration, and codec information (extracted via ffprobe analysis) to validate authenticity
  • Live Video Proof: Capture payload, device identification, system time, and metadata to verify real-time recording (not pre-recorded)
  • GPS Data: Location coordinates and check-in/check-out records when GPS verification is required for a task
  • Task Records: Task title, description, difficulty rating, points, status, submission date, and Dom responses

1.4 Content You Create

We collect content you create and submit, including:

  • Fantasy profiles, descriptions, and content you share with your partner
  • Blog posts, chronicles (journals), and text-based content
  • Chat messages and attached media files
  • Task templates, achievements, and custom rules you define
  • Calendar events, scenes, and scheduled activities

1.5 Session and Technical Data

We automatically collect limited technical information for platform operation and security:

  • Session Tokens: 64-character bearer tokens used to authenticate API requests; tokens are hashed before storage and never transmitted in plaintext
  • Session Cookies: Browser cookies set with HttpOnly, Secure, and SameSite protections to maintain your login session
  • "Remember Me" tokens stored securely (30-day expiration) to avoid repeated login on trusted devices
  • Device Labels: Device type/name for session management (e.g., "Chrome on Windows," "Safari on iPhone")
  • Login Records: Failed login attempts, lockout timestamps, and successful login dates for abuse prevention
  • User Activity Logs: Timestamps of actions (task submissions, profile updates, chat activity) for audit and analytics
  • Browser User-Agent Strings: Device and browser identification used for rate limiting and security monitoring

1.6 Support and Communication Data

When you contact us for support or provide feedback, we collect:

  • Support ticket submissions, including subject, description, and any attachments
  • Email communications and replies
  • Support satisfaction (CSAT) survey responses
  • Bug reports, feature requests, and general feedback
  • Admin notes related to account issues or enforcement actions

1.7 Authentication Logs

For account security and compliance, we maintain:

  • Login attempt timestamps and outcomes (success/failure)
  • IP address associated with login attempts (for fraud detection)
  • Two-factor authentication setup and usage records
  • Age verification transaction records (timestamps and verification status)

2. How We Use Your Information

2.1 Platform Functionality

We use your information to:

  • Provide, maintain, and improve SafeWordHub features and services
  • Support Dom/Sub partnerships by facilitating task assignment, proof verification, and communication
  • Enable fantasy exploration, calendar scheduling, and kink compatibility assessment
  • Process and validate proof submissions with appropriate authenticity checks (video metadata, GPS verification, live capture validation)
  • Apply tier-based feature gating and subscription entitlements
  • Send transactional emails and notifications you have opted into (task reminders, proof feedback, calendar events)

2.2 Account Security and Abuse Prevention

We use your data to:

  • Authenticate your identity and protect your account from unauthorized access
  • Detect and prevent abuse, fraud, and unauthorized use (rate limiting, failed login tracking, suspicious activity monitoring)
  • Enforce 18+ age requirements and eligibility verification
  • Monitor for non-consensual activity, harassment, or violations of our Terms of Use
  • Block suspended or hard-locked accounts at the authentication layer
  • Apply clock-skew detection and device validation for live video proof to combat pre-recorded video submissions

2.3 Platform Analytics and Improvement

We use aggregated, non-identifying information to:

  • Analyze platform usage trends and feature adoption
  • Monitor system performance, uptime, and reliability
  • Debug technical issues and optimize user experience
  • Track storage usage and resource allocation by tier
  • Generate dashboard analytics for usage trends and forecasting

2.4 Legal and Compliance Obligations

We may use your information to:

  • Comply with applicable laws, regulations, and legal requests
  • Enforce our Terms of Use and other agreements
  • Protect the safety, rights, and property of SafeWordHub, our users, and the public
  • Respond to court orders, subpoenas, or law enforcement requests

2.5 What We Do NOT Do

  • We do not sell your personal data to third parties for marketing or commercial purposes
  • We do not share proof submissions (photos, videos, explicit content) with anyone outside the partnership
  • We do not use sensitive content for training AI models or machine learning without explicit consent
  • We do not track your location outside of explicit GPS task verification
  • We do not use third-party analytics services that would compromise your privacy

3. Data Sharing and Third Parties

3.1 Who We Share Data With

Your data is accessible only in these circumstances:

  • Your Partner: Your Dom or Sub partner can view their own connection data, shared tasks, proof submissions, communication history, and calendar events
  • Platform Administrators: members of the SafeWordHub team can access account data only for support, abuse investigation, or security purposes under strict access controls and confidentiality obligations
  • Essential Service Providers: We may share limited data with trusted service providers who assist us with:
    • Email delivery (SMTP provider for transactional and notification emails)
    • Age verification services (for 18+ eligibility checks, if applicable)
    • Hosting and infrastructure (database and server hosting providers)
    All service providers are contractually obligated to maintain confidentiality and use data only as necessary to provide services.
  • Legal Requirements: We may disclose personal information if required by law, court order, or government request. We will provide notice where legally permissible.

3.2 Data Retention During Active Partnership

While your account is active and your partnership is ongoing:

  • All task records, proof submissions, communication history, and calendar events are retained for full access by both partners
  • Read receipts and activity timestamps are maintained
  • Login history and session tokens are retained for security purposes

3.2 Data Retention After Account Deletion or Partnership Dissolution

When you delete your account or dissolve a partnership, we:

  • Immediate Deletion: Delete your password hash, bearer tokens, session cookies, and authentication credentials
  • Content Cleanup: Remove account-associated content (chat messages, note, calendar events, and blog posts) within 30 days
  • Proof Submission Handling: Delete submitted photos, videos, and GPS data within 30 days of account deletion
  • Legal Hold: Data may be retained longer if required by law, pending abuse investigation, or for security/backup purposes (maximum 90 days)
  • Backup Retention: Backup copies may persist in our disaster recovery systems for up to 30 days after deletion; these backups are not directly accessible
  • Aggregated Analytics: We may retain anonymized, aggregated usage statistics indefinitely (no personal data)
  • Do Not Track: We do not retain your personal information once you request deletion, except where legally required

4. Data Security

4.1 Security Measures

We implement multiple layers of security to protect your information:

  • Password Security: Passwords are hashed using bcrypt with a cost factor of 12, making them one-way encrypted and resistant to brute-force attacks
  • Session Protection: Session cookies are configured with HttpOnly (prevents JavaScript access), Secure flag (HTTPS-only), and SameSite protections (CSRF mitigation)
  • Bearer Tokens: API authentication uses 64-character cryptographically random tokens. Tokens are hashed with SHA-256 before storage; we never store plaintext tokens
  • Rate Limiting: We rate-limit login attempts (5 failed attempts per 15 minutes), password resets (3 per hour), and API endpoints to prevent brute-force and abuse
  • HTTPS Encryption: All data transmitted between your device and SafeWordHub is encrypted in transit using TLS 1.2 or higher
  • Database Security: Database credentials are loaded from secure environment variables, never hardcoded. We use prepared statements and parameterized queries to prevent SQL injection
  • Input Sanitization: All user input is sanitized with htmlspecialchars() and appropriate escaping to prevent XSS attacks
  • CSRF Protection: State-changing operations are protected with CSRF tokens using secure random bytes and timing-safe comparison
  • Age Verification Tokens: Age verification keys and secrets are managed via secure configuration and are not exposed in version control
  • Live Video Validation: Live video proof includes metadata validation (creation_time, file duration, device type) and clock-skew detection (±120 seconds tolerance) to prevent pre-recorded submissions
  • Device Integrity: Live video captures require device-specific validation; mobile-only enforcement reduces spoofing risk
  • Access Controls: Admin-only endpoints require authentication, partnerships require ownership verification, and profile access is restricted to active partners
  • Audit Trails: Critical actions (admin operations, account suspensions, data exports) are logged with timestamps and user identification

4.2 Data Breach Response

In the event of a data breach, we will:

  • Notify affected users without unreasonable delay (within 72 hours where legally required)
  • Describe the nature of the breach and data affected
  • Recommend protective steps users can take (password reset, account monitoring, etc.)
  • Provide information about contacting us for additional assistance

4.3 Limitations

While we implement robust security measures, no system is 100% secure. We cannot guarantee absolute protection against all attacks. However, by using industry best practices (bcrypt hashing, TLS encryption, rate limiting, CSRF protection), we work to minimize risk.

5. Your Privacy Rights and Choices

5.1 Access to Your Data

You have the right to request a copy of your personal data. To request access, contact us at the support address below with the subject "Data Access Request" and provide your full name and email address. We will respond within 30 days.

5.2 Correction and Deletion

You have the right to request correction or deletion of inaccurate or outdated personal data. You can:

  • Update your profile information directly in the app (email, display name, timezone, preferences)
  • Change your password anytime from the My Account section
  • Request deletion via the Support ticket system

When you request data deletion, we will remove identifiable personal data within 30 days, except where legally required to retain it or where technical backups necessitate a longer period.

5.3 Notification Preferences

You can configure notification preferences from your account settings:

  • Email notifications (task reminders, proof feedback, calendar events, platform announcements)
  • In-app notifications
  • Push notifications (PWA app)

Note: Critical security notifications (suspicious login, account suspension, password reset) cannot be disabled.

5.4 Data Portability

You have the right to export your data to another platform. You can request a data export (account information, task history, content summaries) by contacting support. We will provide your data in a structured, portable format within 30 days.

5.5 Opt-Out of Analytics and Tracking

We do not use third-party analytics or tracking cookies. We do not track your location except for explicit GPS task verification. In-app event tracking is limited to platform functionality and diagnostics.

5.6 Do Not Track (DNT)

We respect Do Not Track (DNT) browser signals to the extent technically feasible. However, because SafeWordHub is a web application (not a tracking network), DNT signals do not significantly impact our data practices beyond what is already described in this policy.

5.7 Revoking Consent

For any optional data collection (e.g., specific analytics, promotional emails), you can revoke consent by:

  • Updating your notification preferences in Settings
  • Clicking "Unsubscribe" in email notifications
  • Contacting support to opt out completely

5.8 Account Deactivation and Deletion

You can request account deactivation or permanent deletion via the Support system. Deactivation temporarily suspends your account; deletion is permanent and irreversible. Upon deletion, your account data will be removed as described in Section 3.2.

5.9 International Users and GDPR / CCPA Compliance

European Union (GDPR): If you are a resident of the EU, Iceland, Liechtenstein, or Norway, you have additional rights under GDPR, including the right to access, rectification, erasure ("right to be forgotten"), data portability, and objection to processing. To exercise these rights, contact us as specified in the Contact section below.

California Residents (CCPA): If you are a California resident, you have the right to know, delete, and opt-out of the "sale" or "sharing" of your personal information. As noted above, we do not sell personal data. However, you have the right to request deletion and access, which we will honor. Contact us for details.

Other Jurisdictions: We comply with applicable privacy laws in the regions where we operate. The protections outlined in this policy apply to all users.

6. Cookies and Similar Technologies

6.1 Cookies We Use

  • Session Cookies: Maintain your login session across page navigation (HttpOnly, Secure, SameSite=Lax)
  • Remember Me Cookies: Optional persistent cookie (30-day expiration) to avoid repeated login on trusted devices (contains selector:token format, securely stored)
  • Functional Cookies: Timezone and preference settings (non-sensitive data)

6.2 Cookies We Don't Use

  • We do not use third-party tracking cookies
  • We do not use Google Analytics or similar analytics tracking
  • We do not sell cookie data to advertisers

6.3 Local Storage (Browser and PWA)

The SafeWordHub PWA app uses IndexedDB (browser local storage) for offline functionality:

  • Offline action queue (task submissions, messages pending sync)
  • Local cache of recently viewed content
  • User session state for offline access to limited features

This data is stored only on your device and is synced to the server when you reconnect. You can clear local storage by clearing your browser cache or uninstalling the app.

6.4 Managing Cookies

Most browsers allow you to control cookies through settings. You can disable non-essential cookies, but doing so may affect platform functionality (e.g., you may be forced to re-login frequently). Session cookies are required for the service to function.

7. Children and Minors

SafeWordHub is strictly for users 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If we discover that we have collected data from a minor, we will delete that information promptly and, if legally required, notify the minor's parents or guardians. If you believe we have collected data from a minor, please contact us immediately.

8. Third-Party Links and Services

SafeWordHub may contain links to third-party websites and services (e.g., age verification providers, email services, payment processors). We are not responsible for their privacy practices. We encourage you to review their privacy policies before submitting personal information. This Privacy Policy applies only to SafeWordHub.

9. Policy Changes and Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:

  • Posting the updated policy on this page with a new "Last Updated" date
  • Sending you an email notification (if the change affects your rights)
  • Requiring your acknowledgment (for significant changes that require your consent)

Your continued use of SafeWordHub after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

10. Contact Us

If you have questions about this Privacy Policy, your data, or our privacy practices, please contact us:

Email: admin@safewordhub.com

Effective Date: 21 Apr 2026

Policy Version: 2.0

Applies To: All users of SafeWordHub.com and the SafeWordHub PWA app (users 18 years and older)