Privacy Policy
Effective Date: January 13, 2025 | Last Updated: January 13, 2025
At Toxic Confessions, your privacy isn't just a priorityβit's the foundation of everything we do. This Privacy Policy explains how we collect, use, protect, and respect your personal information and your right to anonymity.
Quick Navigation
1. Information We Collect
1.1 Information You Provide Directly
- Account Information: Email address (optional), username, password (hashed and encrypted)
- Profile Data: Display name, bio, preferences (all optional and anonymous by default)
- Confessions: Text, video, and audio content you choose to share (processed with AI privacy protection)
- Interactions: Likes, comments, saves, and engagement with confessions
- Communications: Messages to support, feedback, and inquiries
- Payment Information: Processed through Apple App Store or Google Play Store (we never see your payment details)
1.2 Information Automatically Collected
- Device Information: Device model, operating system version, unique device identifiers, mobile network information
- Usage Data: Features used, pages viewed, time spent, navigation patterns, crash reports
- Technical Data: IP address (masked after 24 hours), app version, browser type, timezone, language preferences
- Location Data: Approximate location (city/region level only) based on IP address when consent is provided
- Advertising IDs: IDFA (iOS) or AAID (Android) for personalized advertising (with your consent, can be disabled)
π What We NEVER Collect
- β Unprocessed videos or audio recordings
- β Facial recognition data or biometric identifiers
- β Voice prints or vocal biometric data
- β Your real name or identity (unless voluntarily provided)
- β Precise GPS location data
- β Contact lists or address books
- β Social media account information
- β Sensitive personal characteristics (race, religion, sexual orientation, health data)
2. How We Use Your Information
Legal Basis for Processing (GDPR Compliance)
We process your personal data based on:
- Contract Performance: To provide the services you requested
- Legitimate Interest: To improve our services, prevent fraud, and ensure security
- Consent: For optional features like personalized ads and analytics
- Legal Obligation: To comply with applicable laws and regulations
π‘οΈ Core Service Delivery
- Enable anonymous posting and content sharing
- Apply AI-powered face blur and voice modulation
- Maintain your account and preferences
- Process your interactions and engagement
π― Personalization & Improvement
- Customize your content feed
- Recommend relevant confessions
- Improve app performance and features
- Develop new privacy protection technologies
π Safety & Moderation
- Detect and prevent abuse, spam, and violations
- Moderate content for community guidelines compliance
- Investigate security incidents
- Enforce our Terms of Service
π¬ Communication & Support
- Respond to your inquiries and support requests
- Send important service announcements
- Notify you of policy changes (with your consent)
- Provide customer assistance
π Analytics & Research
- Analyze usage patterns and trends
- Measure feature effectiveness
- Conduct privacy-preserving research
- Generate aggregated statistics (fully anonymized)
π° Advertising & Monetization
- Show relevant advertisements (with consent)
- Measure ad performance
- Manage premium subscriptions
- Process in-app purchases
3. Privacy Protection Features
π Anonymous by Design
Every feature is built with privacy-first principles. Your anonymity is protected through multiple layers of technical safeguards.
3.1 AI-Powered Face Blur
How it works:
- Advanced computer vision algorithms detect faces in real-time on your device
- Blur is applied immediately before any upload or storage
- Original, unblurred frames are never transmitted or saved
- Processing happens locally using on-device AI models
- No facial recognition or identity matching is performed
- Blur intensity is adjustable to your privacy needs
Technical Note: We use ML Kit and Vision Camera with custom blur algorithms optimized for privacy.
3.2 Voice Modulation Technology
How it works:
- Real-time pitch shifting and timbre modification on your device
- Original audio is immediately discarded after modulation
- Voice characteristics are altered to prevent voice matching
- No voice prints or biometric voice data is collected
- Multiple modulation modes available for different privacy levels
3.3 Metadata Stripping
We automatically remove identifying metadata from all content:
- EXIF data from photos and videos (GPS, device model, timestamps)
- Audio metadata (recording device, software used)
- File system attributes that could reveal device information
3.4 Anonymous Posting
- No personal information is attached to your confessions
- Internal IDs are cryptographically hashed and rotated
- Post history is not publicly linkable to your account
- You can delete confessions permanently at any time
4. Data Sharing & Third Parties
4.1 Service Providers We Use
| Provider | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Supabase | Backend infrastructure, database, authentication | Account data, encrypted confessions, usage data | View Policy |
| Google AdMob | Advertising services (with consent) | Device ID, usage data, ad interactions | View Policy |
| RevenueCat | Subscription management | Purchase data, subscription status | View Policy |
| Anthropic Claude | AI chat assistance (optional feature) | Chat messages (not linked to identity) | View Policy |
| Expo Application Services | App distribution and updates | Device type, app version, crash reports | View Policy |
4.2 When We Disclose Data
- Legal Compliance: When required by law, court order, or government request
- Safety & Security: To prevent fraud, abuse, or threats to safety
- Business Transfers: In case of merger, acquisition, or asset sale (with notice)
- With Your Consent: When you explicitly authorize sharing
β Our Commitment
We NEVER sell your personal data. We do not sell, rent, or trade your personal information to third parties for their marketing purposes. Period.
5. Your Privacy Rights
π Right to Access
Request a copy of all personal data we have about you in a portable format (JSON/CSV).
βοΈ Right to Correction
Update or correct inaccurate information in your account settings or by contacting support.
ποΈ Right to Deletion
Permanently delete your account and associated data. Processed within 30 days of request.
π¦ Right to Portability
Export your data in machine-readable formats to transfer to another service.
π« Right to Opt-Out
Disable personalized advertising, analytics tracking, and marketing communications.
β Right to Restrict
Limit how we process your data while we verify accuracy or investigate concerns.
β Right to Object
Object to processing based on legitimate interests, including profiling and direct marketing.
π Right to Withdraw Consent
Change your privacy preferences anytime in Settings without affecting prior processing.
How to Exercise Your Rights
- In-App Settings: Most controls available in Privacy Settings
- Email Request: Contact privacy@toxicconfessions.app
- Response Time: We respond within 30 days (may extend to 60 days for complex requests)
- Verification: We may verify your identity before processing requests
- No Discrimination: Exercising rights won't affect your service access
California Privacy Rights (CCPA/CPRA)
California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to know what categories of personal information are collected, used, shared, or sold
- Right to opt-out of the "sale" or "sharing" of personal information
- Right to limit use of sensitive personal information
- Right to correct inaccurate personal information
- Right to non-discrimination for exercising CCPA rights
- Right to designate an authorized agent to make requests on your behalf
Note: We do not sell personal information as defined by the CCPA. We may share data for advertising purposes, which you can opt-out of.
GDPR Rights (European Users)
For users in the European Economic Area (EEA), UK, and Switzerland, we comply with GDPR requirements:
- Data Protection Officer available for privacy inquiries
- Lawful basis documented for all processing activities
- Right to lodge a complaint with your local supervisory authority
- Data protection impact assessments for high-risk processing
- Prompt breach notification (within 72 hours when required)
EU Representative: [Company Name] serves as our EU representative for GDPR matters. Contact: gdpr@toxicconfessions.app
6. Data Security
Technical Safeguards
π Encryption
- TLS 1.3 for data in transit
- AES-256 encryption for sensitive data at rest
- End-to-end encryption for private messages
- Encrypted backups with separate key management
π‘οΈ Access Controls
- Multi-factor authentication for admin access
- Role-based access control (RBAC)
- Least privilege principle for all systems
- Regular access reviews and audits
π Monitoring & Detection
- 24/7 security monitoring and alerting
- Intrusion detection systems
- Anomaly detection for unusual activity
- Regular vulnerability scanning
β Testing & Compliance
- Annual third-party security audits
- Penetration testing every 6 months
- Code security reviews
- Incident response plan and drills
Organizational Measures
- Employee security training and background checks
- Confidentiality agreements with all staff and contractors
- Privacy by design and default in all development
- Data minimization and retention policies
- Secure development lifecycle (SDLC) practices
Breach Notification
In the unlikely event of a data breach affecting your personal information, we will:
- Notify affected users within 72 hours of discovery
- Report to relevant authorities as required by law
- Provide detailed information about the breach and mitigation steps
- Offer identity protection services if warranted
7. AI & Automated Processing
7.1 AI Face Blur & Voice Modulation
Purpose: Protect your identity in video and audio confessions
Processing Location: On your device (local processing)
Data Retention: Original content immediately deleted after processing
Accuracy: 99.2% face detection accuracy; you can manually adjust blur if needed
7.2 Content Moderation AI
Purpose: Detect violations of community guidelines
What it detects: Hate speech, explicit content, violence, spam
Human Review: All AI flags are reviewed by human moderators
Appeals: You can appeal any moderation decision
7.3 Recommendation Algorithm
Purpose: Personalize your content feed
Factors Considered: Your interactions, community trends, content recency
Transparency: You can see why content was recommended
Control: Adjust recommendation preferences in Settings
7.4 AI Chat Assistant (Optional)
Provider: Anthropic Claude
Purpose: Provide support and conversation
Privacy: Chats are not linked to your account or confessions
Retention: Chat logs deleted after 30 days
No Training: Your chats are NOT used to train AI models
βοΈ Your Rights Regarding Automated Decisions
Under GDPR, you have the right not to be subject to decisions based solely on automated processing that significantly affect you. You can:
- Request human review of any automated decision
- Contest decisions made by our algorithms
- Opt-out of profiling for personalization
- Receive explanation of how AI decisions are made
8. International Data Transfers
Toxic Confessions is based in the United States, and your data may be transferred to and processed in the US and other countries where our service providers operate. These countries may have different data protection laws than your country.
Safeguards for International Transfers
- EU Standard Contractual Clauses (SCCs): We use EU-approved SCCs for transfers from EEA
- UK International Data Transfer Agreement (IDTA): For transfers from the UK
- Swiss Federal Act on Data Protection (FADP) compliance: For transfers from Switzerland
- Adequacy Decisions: We prioritize transfers to countries with EU adequacy decisions
- Additional Safeguards: Encryption, access controls, and contractual protections
Your Rights Regarding Transfers
You have the right to request information about the safeguards we use for international transfers. Contact privacy@toxicconfessions.app for details.
9. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Duration of account + 30 days after deletion | Service provision, legal compliance |
| Confessions (Active) | Until you delete them | User control |
| Confessions (Deleted by You) | Immediately removed from public view; permanently deleted within 7 days | Backup systems cleanup |
| Usage Analytics | 90 days, then aggregated and anonymized | Service improvement |
| IP Addresses | 24 hours (masked), then fully deleted | Security, fraud prevention |
| Support Tickets | 3 years | Customer service, legal compliance |
| Payment Records | 7 years (as required by tax law) | Legal compliance, accounting |
| Crash Reports | 90 days | Bug fixing, stability improvement |
| Moderation Logs | 1 year | Safety, appeals, pattern detection |
Exceptions: We may retain data longer if required by law, court order, or to resolve disputes.
10. Children's Privacy
Toxic Confessions is NOT intended for users under 18 years of age. We do not knowingly collect personal information from anyone under 18.
If We Learn We Have Collected Data from a Child
- We will immediately delete the account and all associated data
- We will take steps to prevent future access
- We will notify parents/guardians if contact information is available
Parents/Guardians
If you believe your child has created an account, please contact us immediately at privacy@toxicconfessions.app with proof of guardianship, and we will delete the account.
Age Verification
We use age gates and verification to prevent underage access. Users must confirm they are 18+ during signup.
11. Cookies & Tracking
Types of Technologies We Use
Essential Cookies (Cannot be Disabled)
- Authentication and session management
- Security and fraud prevention
- Load balancing and performance
Analytics Cookies (Opt-Out Available)
- App usage statistics
- Feature performance measurement
- Crash reporting and error tracking
Advertising Cookies (Opt-Out Available)
- Personalized ad delivery
- Ad effectiveness measurement
- Frequency capping
How to Control Cookies
- In-App: Settings β Privacy β Disable Analytics/Advertising
- Device Level (iOS): Settings β Privacy β Tracking β Disable "Allow Apps to Request to Track"
- Device Level (Android): Settings β Google β Ads β Opt out of Ads Personalization
- Ad Industry Opt-Out: NAI Opt-Out, Your Online Choices (EU)
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
How We Notify You of Changes
- Material Changes: In-app notification + email (if provided)
- Minor Changes: Updated "Last Updated" date at top of policy
- Advance Notice: 30 days for changes requiring new consent
Version History
- v3.0 - January 13, 2025 - Comprehensive 2025 update with AI transparency, enhanced CCPA/GDPR compliance
- v2.0 - [Previous Date] - Added subscription terms, AI chat features
- v1.0 - [Launch Date] - Initial privacy policy
Your continued use of the app after changes constitutes acceptance. If you don't agree with changes, please stop using the app and delete your account.
13. Contact Us
Privacy Inquiries
For questions, concerns, or requests regarding this Privacy Policy or our data practices:
π Data Rights Requests
Include: Your account email, request type, verification info
Mailing Address
Toxic Confessions
Privacy Department
[Your Mailing Address]
[City, State ZIP]
United States
Supervisory Authority (EU/UK)
If you're in the EU or UK and believe we haven't adequately addressed your privacy concerns, you have the right to lodge a complaint with your local Data Protection Authority: