Back to Sinnora

Draft – not ready for publication

Privacy notice

This working draft documents data flows in the current system. The controller, contact details, concrete retention periods and legal bases require legal completion before publication.

Last updated: 12 July 2026

1. Data we process

Sinnora processes account and profile data, voluntary identity, body, interest and boundary details, discovery and visibility settings, interactions, messages, media, moderation signals, verification evidence, security events and, where used, wallet, gift and payout data.

2. Purposes

Data supports account and age verification, reciprocal discovery, matching and contact, private media grants, abuse prevention, moderation, support, legal obligations and features you explicitly choose.

3. Sensitive information

Sexuality, preferences, boundaries and verification data are particularly sensitive. Private Chemistry reveals only mutual overlaps; one-sided choices stay hidden. Precise locations are never shown to other users, only coarse distance bands.

4. Media and automated review

Every upload is reviewed server-side. Images are not displayed while pending and withheld content stays hidden. NSFW classification controls warnings and blur. Sharp rendering requires consent and an approved NSFW contribution of your own.

5. Recipients and infrastructure

The application uses self-hosted Supabase/Postgres infrastructure and separate services for media review and livestream transport. Payment information is processed only after a suitable provider is integrated. Specific subprocessors and transfer locations must be added before publication.

6. Retention

Data is kept only as long as needed for its purpose, safety, billing or legal duties. Specific periods for each data category remain a legal launch blocker.

7. Your rights

Settings provide data export, deletion requests, reactivation during any grace period, media-grant revocation and block management. Statutory rights to access, correction, erasure, restriction, portability, objection and complaint remain unaffected.

8. Security

Row-level access controls, short-lived signed media URLs, server-side visibility rules and separated verification evidence protect access. No system can guarantee absolute security.