KinkSim

Privacy Policy

Last updated: February 16, 2026

This Privacy Policy explains how Aphryl Labs OÜ (registry code: 17372970) ("we", "us", "our"), a company registered in the Republic of Estonia, collects, uses, and protects your personal data when you use our platform KinkSim at kinksim.com ("Platform"). We are committed to protecting your privacy and handling your data in compliance with the General Data Protection Regulation (GDPR) and applicable Estonian and EU law.

1. Data We Collect

1.1 Account Data

  • Email address — used for authentication (passwordless login via one-time code) and essential notifications.
  • We do not collect your name, phone number, or physical address unless you voluntarily provide it.

1.2 Character & Content Data

  • Characters — names, bios, personality settings, profile images, and tags you create.
  • Messages — text messages exchanged in conversations, including AI-generated responses.
  • Media — images and videos generated through the Platform.

1.3 Financial Data

  • Transaction records — Kinkoin purchases, media unlocks, and creator earnings. We store transaction amounts and timestamps.
  • Payment details — handled entirely by our third-party payment processor. We do not store credit card numbers or banking details.

1.4 Technical Data

  • Authentication cookies — session tokens required for login functionality.
  • Local storage — used for preferences, character caching, and age verification status.
  • Device and browser information — collected automatically for error monitoring and performance.
  • Push notification tokens — if you opt in to browser push notifications.

1.5 Analytics Data

We use Vercel Analytics, which collects anonymous, aggregated usage data without cookies or personal identifiers. No individual user tracking is performed through our analytics.

2. How We Use Your Data

We use your personal data for the following purposes:

  • Providing the service — authenticating your account, enabling conversations, generating AI content, processing transactions.
  • AI processing — your messages and character data are sent to AI providers to generate responses and media. See Section 4 for details.
  • Safety & moderation — detecting and preventing abuse, enforcing our Terms of Service.
  • Error monitoring — diagnosing and fixing technical issues (via Sentry).
  • Notifications — sending essential service notifications and, if opted in, push notifications about your content.

We do not sell your personal data to third parties. We do not use your data for advertising.

3. Legal Basis for Processing (GDPR)

Under the GDPR, we process your data based on:

  • Contract performance (Article 6(1)(b)) — processing necessary to provide the KinkSim service you signed up for, including AI conversations, media generation, and transactions.
  • Legitimate interest (Article 6(1)(f)) — error monitoring, security, and fraud prevention.
  • Consent (Article 6(1)(a)) — push notifications (opt-in). You may withdraw consent at any time.

4. Third-Party Services

We use the following third-party services to operate the Platform. Your data may be processed by these services:

ServicePurposeData SharedLocation
SupabaseDatabase, authentication, file storageAll account and content dataUS (AWS)
OpenRouterAI chat responsesMessages, character contextUS
RunwareImage and video generationAI prompts, reference imagesEU/US
VercelHosting, analyticsTechnical data, anonymous analyticsUS
SentryError monitoringError data, device info, session replays (10% of sessions)US

For services based outside the EU/EEA, data transfers are protected by Standard Contractual Clauses (SCCs) or equivalent safeguards as required by GDPR Chapter V.

5. Data Retention

  • Account data — retained while your account is active. Deleted upon account deletion request.
  • Messages and media — retained while your account is active. Messages sent to other users may persist after account deletion (as they are part of the recipient's conversation history).
  • Transaction records — retained for up to 7 years after your last transaction, as required by Estonian accounting law.
  • Error logs — automatically deleted after 90 days.

6. Your Rights (GDPR)

As an EU resident, you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure ("right to be forgotten") — request deletion of your personal data, subject to legal retention requirements.
  • Portability — receive your data in a structured, machine-readable format.
  • Restriction — request that we limit processing of your data in certain circumstances.
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@kinksim.com. We will respond within 30 days as required by GDPR.

7. Cookies & Local Storage

KinkSim uses minimal browser storage:

  • Authentication cookies — strictly necessary for keeping you logged in. No consent required under GDPR.
  • Local storage — used for preferences (age verification, character cache, UI state). Strictly necessary for Platform functionality.
  • Session storage — temporary data cleared when you close the browser tab.

We do not use advertising cookies, tracking pixels, or third-party marketing cookies.

8. Children's Privacy

KinkSim is strictly for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we discover that a user is underage, their account will be immediately terminated and all associated data deleted.

9. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encrypted data transmission (HTTPS/TLS).
  • Row-level security policies on our database.
  • Passwordless authentication (eliminating password-related vulnerabilities).
  • Regular security reviews of our infrastructure and code.

No system is 100% secure. If you discover a security vulnerability, please report it to security@kinksim.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the Platform or via email. The "Last updated" date at the top reflects the most recent revision.

11. Contact & Data Protection

For any privacy-related questions or to exercise your GDPR rights:

Email: privacy@kinksim.com

You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at www.aki.ee or with the supervisory authority in your country of residence.