← Back to Home

Privacy Policy

Last Updated: January 8, 2026

1. Introduction

Welcome to the Sub Management System. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and safeguard your data.

Privacy First: We believe your data belongs to you. We only collect what's necessary and give you complete control over your information.

2. Information We Collect

2.1 Information You Provide

  • Email Address: For admin accounts and user access
  • User Name: Optional, for personalization
  • Survey Responses: Your answers to questionnaires and assessments
  • Custom Content: Any content you create or upload (tasks, scenes, preferences)
  • Profile Information: Preferences, boundaries, and settings

2.2 Automatically Collected Information

  • Access Logs: Login times, IP addresses (for security)
  • Usage Data: Pages visited, features used (for improvements)
  • Device Information: Browser type, device type (for compatibility)

3. How We Use Your Information

We use your information exclusively for:

  • Providing personalized experiences and recommendations
  • Securing your account and preventing unauthorized access
  • Improving our services and adding new features
  • Communicating important updates (with your permission)
  • Allowing admin-controlled access to your data (you choose your admin)

We Never: Sell your data, share it with third parties for marketing, or use it for purposes you haven't consented to.

4. Data Security

We take security seriously and implement multiple layers of protection:

  • Encryption at Rest: All data files are encrypted using AES-256 encryption
  • Encryption in Transit: HTTPS/SSL for all connections
  • Access Code Hashing: Passwords hashed with bcrypt (not reversible)
  • Rate Limiting: Protection against brute force attacks
  • Audit Logging: All admin actions tracked for accountability
  • IP Whitelisting: Optional restriction of access by IP address
  • CSRF Protection: Protection against cross-site request forgery
  • Content Security Policy: Protection against XSS attacks

5. Data Access and Control

5.1 Admin Access

The Sub Management System uses an admin-based model. When you create a user account, you're assigned to an admin who manages your experience. Your admin can:

  • View your survey responses and profile information
  • Create custom content for you (tasks, scenes, etc.)
  • Track your progress and completion status

Important: Choose your admin carefully. Only work with admins you trust, as they will have access to your personal information.

5.2 Your Rights

You have the right to:

  • Access: Request a copy of all your data
  • Export: Download your data in encrypted format
  • Deletion: Request complete account deletion
  • Correction: Update or correct your information
  • Portability: Transfer your data to another service

6. Data Retention

We retain your data only as long as necessary:

  • Active Accounts: Data retained while account is active
  • Archived Users: Data retained but marked as archived
  • Deleted Accounts: Data permanently deleted (with optional encrypted export)
  • Audit Logs: Retained for security purposes (configurable retention period)
  • Backups: Encrypted backups retained for disaster recovery

7. Third-Party Services

We may integrate with the following third-party services:

7.1 Patreon (Optional)

If you connect via Patreon OAuth, we receive your Patreon email address and membership tier. This is used solely for account creation and verification.

7.2 Email Services (Optional)

If email notifications are enabled, we use secure SMTP services to send account-related emails. Your email address is shared only for delivery purposes.

7.3 Hosting Services

Our application may be hosted on Azure or other cloud providers. These providers have access to encrypted server data but cannot decrypt your information.

8. Cookies and Tracking

We use minimal cookies for essential functionality:

  • Session Cookies: To keep you logged in (required)
  • CSRF Tokens: For security (required)
  • Preferences: To remember your settings (optional)

We do not use tracking cookies, analytics cookies, or advertising cookies.

9. Age Restrictions

Our service is intended for adults only (18+ years of age). We do not knowingly collect information from individuals under 18 years of age. If we become aware that a user is under 18, we will immediately delete their account and data.

10. International Users

Our service may be accessed from anywhere in the world. By using our service, you consent to your data being processed in the location where our servers are hosted (typically US or EU).

For EU users, we comply with GDPR requirements:

  • Lawful basis for processing (consent)
  • Right to access, rectification, erasure
  • Right to data portability
  • Right to withdraw consent

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Significant changes will be communicated via email (if you've opted in to communications).

12. Data Breach Notification

In the unlikely event of a data breach, we will:

  • Immediately investigate and contain the breach
  • Notify affected users within 72 hours
  • Take steps to prevent future breaches
  • Provide detailed information about what was compromised

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

  • Contact Page: Contact Us
  • Admin Portal: Use the support features in your admin dashboard

Your Privacy Matters: We're committed to transparency and protecting your data. If you have any concerns, please don't hesitate to reach out.

Back to Home