Data and privacy
Privacy Policy
This Policy explains what stays on your device, when information goes to the cloud, and how the Secret-Keeping Bunny tries to collect as little as possible.
Translations are provided for convenience. If versions differ, the Traditional Chinese version controls.
1. Controller and scope
絵夢羽さ沂 is the Site’s service provider and data controller. This Policy applies to data processed by “XX’s Secret File.” Sites reached through external links apply their own privacy policies.
2. Data we process
Depending on the features you use, the Site may process:
- On-device data: language, display name, answers, notes, local secret files, cloud-share display history, analytics choice, and local upload-protection records.
- Cloud sharing content: the cloud file you actively upload to create a sharing link, which may include experience, interest, boundaries, and notes about BDSM interaction items.
- Necessary anti-abuse records: an anonymous app identifier, creation time, payload size, and keyed hashes derived from the source IP, browser fingerprint, and user-agent. The long-term record does not store the raw IP, raw fingerprint, or complete user-agent.
- Short-term rate-limit data: counts and timestamps used to limit abusive request volume, normally expiring after about 48 hours.
- Anonymous usage analytics: only after consent, general pages, language, and low-risk feature events. These exclude display names, answers, notes, file or sharing IDs, and query parameters.
3. Why we process data
We process data only as needed to provide and protect the Site, including to:
- Keep preferences and secret files on your device.
- Create and display a cloud sharing copy when you choose.
- Prevent abuse, maintain security, investigate anomalies, and protect the service.
- Improve the Site using aggregated or de-identified usage after consent.
- Answer questions, handle lawful rights requests, and meet legal obligations.
4. Data that stays on your device
Ordinary answers and secret files are stored in your browser’s local storage by default and are not sent to the cloud merely because you fill them in. Clearing browser data, changing devices, private browsing, or browser or device failure may erase them.
The file and necessary anti-abuse data are sent to the cloud only when you actively create a cloud sharing link.
5. Cloud sharing and visibility
Cloud shares use hard-to-guess link identifiers, but anyone with the complete link may read the cloud file. You may assess and choose the people, platforms, or spaces where you share it, while understanding that the link may be shared again. A cloud file is read-only and currently has no ordinary-user edit or delete control.
We do not sell your content or use secret files for personalized advertising or BDSM identity labels.
6. Anonymous analytics and your choice
Google Analytics is enabled only after you opt in. You can stop it at any time in Settings; no new events are sent afterward, though this does not retroactively delete previously and lawfully processed aggregate data. We do not enable advertising personalization signals.
Google Analytics may use first-party cookies and device, browser, and on-site activity information. An IP address may be processed in transit and to estimate a broad region, but Google states that Analytics does not log or store individual IP addresses.
7. Providers and international processing
The Site uses Google Firebase (hosting, database, cloud functions, and app protection), Google Analytics, and Google Fonts. Google and its service providers may process data on global infrastructure outside Taiwan, subject to their data-processing terms and safeguards.
Cloud functions and protection services may temporarily process IP addresses and device or app signals during a request to provide the service, assess request frequency, and prevent abuse.
8. Retention
On-device data remains until you delete it through a feature, clear browser storage, or the device environment removes it. Cloud files and private anti-abuse hash records are currently retained long-term to keep links available and address abuse, unless deletion is required by law, the service ends, or we announce another retention policy.
Short-term rate-limit data normally expires after about 48 hours. Google Analytics user- and event-level data is retained under our setting and Google’s controls for no more than 14 months; aggregate reports may not follow the same period. Support correspondence is kept as needed to resolve the matter and meet legal requirements.
9. Security
We use reasonable measures proportionate to the sensitivity of the data, including encryption in transit, access rules, app verification, rate limiting, minimal analytics events, and keyed hashing of source signals. No network or storage method can guarantee absolute security.
10. Your rights
Subject to applicable law, you may request access or review, a copy, supplementation or correction, an end to collection, processing or use, and deletion of your personal data. Using the Site does not waive these rights. We may ask for enough information to verify the request and its connection to the data.
To exercise a right or ask a privacy question, email the address on this page. If data must be kept by law, a particular cloud file cannot be reliably identified, or a request would affect another person’s rights, we will explain what can be done.
11. Minors and sensitive content
The Site is not directed specifically to minors and does not permit sexual or exploitative content involving minors. If you believe such content is present, contact us immediately; we will respond as required for safety and by law.
12. Updates
We may update this Policy as the service, providers, or legal requirements change. Material changes will be communicated appropriately and reflected in the date above. We will ask again first where renewed consent is required.