Legal

Privacy Policy

As of June 2026 · Pre-launch draft

This text is a pre-launch draft and is pending final legal review. The website is live today; the app sections below describe how the ChastyME app will process data once it launches.

01 Controller

The controller within the meaning of the GDPR is the provider listed in the Imprint. Contact: info@chastyme.cool.

02 Scope

This privacy policy covers two services we operate: the public website at chastyme.cool, and the ChastyME app for iOS and Android. Where a section applies to only one of them, this is stated. We are committed to data minimisation: we collect only what a feature genuinely needs, and intimate details are never required to use the basics.

03 Website data

When you use this website, we process the following:

Beta e-mail address
To notify you when the closed beta opens. Collected with your explicit consent via a double opt-in confirmation. No advertising, no resale.
Registration timestamp
Date and time of your sign-up, used to manage the order of beta invitations.
Click statistics
We measure which sections of this page are clicked to improve its content — in aggregated form, without tracking cookies.
Server access logs
Like any web server, ours briefly records technical data needed to deliver and secure the page: IP address, browser type, language, and the date and time of access. These logs are kept only for a short period and are not used to profile you.
Spam protection (reCAPTCHA)
The sign-up form uses Google reCAPTCHA to block automated submissions; see "Recipients & processors" below.
Contact form
When you use our contact form we process your email address, your name (if provided), the subject and your message to handle your enquiry; if you tick the box we also send a copy to your address. Legal basis: Art. 6(1)(b) and (f) GDPR. The data is sent via our provider mailbox.org and stored in our database so we can process and follow up your request. We never use it for advertising or sell it; you can request deletion at any time.
Answered or closed contact requests, together with the stored replies, are deleted automatically 31 days after completion.
Reach measurement (web statistics)
We collect anonymised visit statistics without setting cookies. From your IP address we derive an irreversible hash using a secret salt; the IP address itself is not stored. This lets us count how many distinct people visit our pages. There is no cross-site tracking and no profiling. The hashes are deleted automatically after 14 months. The legal basis is our legitimate interest in privacy-friendly reach measurement (Art. 6(1)(f) GDPR).

04 App data

The ChastyME app processes the following categories of data. You decide what is shown to others; intimate details are never required.

Account & sign-in
You sign in via Firebase using a mobile number (SMS code), Google, or Apple. We store an account identifier and the access tokens that keep you signed in. We do not receive your social-login password.
Profile
Username, profile picture, optional gallery images and an optional "about me" text, plus the search-filter fields age, gender, alignment, role and country, and the self-set "Learner" and "Financial interest" markers. The filter fields are visible to other members and are needed for filtering in search; you can change them at any time, but you cannot hide or clear them.
Devices & usage
Your paired devices, their type, timers and game settings, and a rolling 31-day activity log (lock/unlock events, pairing changes, role changes) used for the in-app statistics.
Location
Optional and always opt-in. A coarse country indicator is derived from your connection to enrich your online status. A precise last location is stored only after you actively allow it, and is visible solely to your Keyholder and their deputy while you keep location sharing switched on.
Chat, posts & media
Messages in your one-to-one and group chats, public posts, and any photos or videos you send. Messages, posts and non-evidence media are automatically deleted after 31 days. Evidence media you submit at a Keyholder's request is deleted as soon as the related request is closed.
Sensitive data
By its nature, ChastyME concerns your intimate life. Such data is a special category under Art. 9 GDPR and is processed only on your explicit consent, which you can withdraw at any time.

We do not verify the accuracy of these details. We will introduce a separate age check (18+) at a later stage; its data does not have to match your visible profile details. This preserves discretion and a trustworthy handling of your information, without misleading other members.

Depending on the features you use, the app asks for these device permissions — each only for the stated purpose:

Bluetooth
To connect to and control your physical device. Pairing details (such as the device's Bluetooth identifier) are used only to operate it.
Camera
To take a profile or gallery picture, or capture evidence at a Keyholder's request.
Microphone
Only when you record a video or a voice message.
Photo library
To upload an image or video you select yourself.
Location
Only if you enable location sharing (see above).
Notifications
To deliver chat and device alerts via push. A push token is stored for this purpose.

05 Purpose & legal basis

Your beta e-mail address is processed solely to send the beta invitation. Legal basis: your freely given, specific, informed consent (Art. 6 (1)(a) GDPR), given via double opt-in.

Server access logs and click statistics are processed on the basis of our legitimate interest in operating, securing and improving the website (Art. 6 (1)(f) GDPR).

Account, profile, device and chat data are processed to provide the app features you ask for — that is, to perform our agreement with you (Art. 6 (1)(b) GDPR).

Intimate ("special category") data and the optional location are processed only on your explicit consent (Art. 9 (2)(a) and Art. 6 (1)(a) GDPR), which you can withdraw at any time.

06 Recipients & processors

We do not sell your data and do not pass it to advertisers. To run the service we rely on a small number of processors, each only for the purpose stated:

Firebase Authentication (Google)
Verifies your sign-in (mobile number, Google or Apple). Privacy policy: policies.google.com/privacy.
Firebase Cloud Messaging (Google)
Delivers push notifications for chat and device alerts.
Google Cloud Vision (Google)
Automatically checks uploaded images and videos for prohibited content before they are shown.
QIUI Open API (Foshan Qiui Technology Development Co., Ltd., China)
Generates the encrypted commands that lock, unlock and read the status of your QIUI device. This involves a transfer to China; it happens only when you operate a device, and is based on your consent and on appropriate safeguards. Privacy policy: qiuitoy.com.
Hosting & infrastructure
Our servers are operated at a hosting provider within the European Union.
Google reCAPTCHA (website)
Protects the website sign-up form from automated submissions.

Text moderation of public posts and profile texts runs on our own infrastructure and is not shared with any third party.

Some of the providers above (Google, QIUI) are based outside the European Economic Area. Such transfers are based on the EU Standard Contractual Clauses and, where applicable, on your explicit consent.

07 Storage duration

We keep data only as long as needed:

  • Beta e-mail address — until you withdraw consent or the beta programme ends, whichever comes first.
  • Server logs — a short technical retention period; click statistics — aggregated, up to 12 months.
  • Account, profile and device data — for as long as your account exists.
  • Chats, public posts and media (without evidence relation) — automatically deleted after 31 days.
  • Device activity log — a rolling 31 days; evidence media — until the related request is closed.
  • After you delete your account, your data is removed within 31 days (see next section).

08 Account & data deletion

You can delete your account at any time directly in the app, under Settings. There is no need to contact us.

When you delete your account, it is deactivated immediately and permanently erased after a 31-day grace period. The following are removed:

  • Profile, avatar, gallery and "about me" text;
  • All settings and preferences;
  • Device pairings — every device is deregistered;
  • Your chats — messages disappear from your side immediately.

09 Your rights

Under the GDPR, you have the right to:

  • request access to the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased — deleting your account, or unsubscribing from the beta list, removes the associated data;
  • withdraw your consent at any time, without this affecting the lawfulness of processing carried out before withdrawal;
  • object to processing or request restriction of processing;
  • receive your data in a structured, commonly used format (data portability).

You also have the right to lodge a complaint with the competent supervisory authority. The authority responsible for Hamburg, Germany is the Hamburgische Beauftragte für Datenschutz und Informationsfreiheit (HmbBfDI).

10 Ages & minors

ChastyME is strictly for adults (18+). We do not knowingly process the data of minors. If we learn that an account belongs to a minor, we will close it and delete the associated data.

11 Data security

Connections are encrypted in transit (TLS), and the commands exchanged with your device are additionally encrypted. Access to personal data is restricted on a need-to-know basis, and passwords and tokens are stored in protected form. No system on the internet is perfectly secure, but we take appropriate technical and organisational measures to protect your data.

12 Contact

For any questions or requests concerning your personal data, please write to: info@chastyme.cool. We will respond within 30 days.

13 Changes to this policy

We may update this privacy policy as the service evolves — in particular before the app launches. We will publish any changes here, and for significant changes we will notify you in good time.

Back to homepage