Draft – not ready for publication
Privacy notice
This working draft documents data flows in the current system. The controller, contact details, concrete retention periods and legal bases require legal completion before publication.
Last updated: 12 July 2026
1. Data we process
Sinnora processes account and profile data, voluntary identity, body, interest and boundary details, discovery and visibility settings, interactions, messages, media, moderation signals, verification evidence, security events and, where used, wallet, gift and payout data.
2. Purposes
Data supports account and age verification, reciprocal discovery, matching and contact, private media grants, abuse prevention, moderation, support, legal obligations and features you explicitly choose.
3. Sensitive information
Sexuality, preferences, boundaries and verification data are particularly sensitive. Private Chemistry reveals only mutual overlaps; one-sided choices stay hidden. Precise locations are never shown to other users, only coarse distance bands.
4. Media and automated review
Every upload is reviewed server-side. Images are not displayed while pending and withheld content stays hidden. NSFW classification controls warnings and blur. Sharp rendering requires consent and an approved NSFW contribution of your own.
5. Recipients and infrastructure
The application uses self-hosted Supabase/Postgres infrastructure and separate services for media review and livestream transport. Payment information is processed only after a suitable provider is integrated. Specific subprocessors and transfer locations must be added before publication.
6. Retention
Data is kept only as long as needed for its purpose, safety, billing or legal duties. Specific periods for each data category remain a legal launch blocker.
7. Your rights
Settings provide data export, deletion requests, reactivation during any grace period, media-grant revocation and block management. Statutory rights to access, correction, erasure, restriction, portability, objection and complaint remain unaffected.
8. Security
Row-level access controls, short-lived signed media URLs, server-side visibility rules and separated verification evidence protect access. No system can guarantee absolute security.