Privacy Policy

Last updated: 2026-05-12

What we collect

  • Account info — username, optional display name and email, hashed password, email verification status, anonymous / admin flags, and timestamps (created, last login).
  • Content you submit — control boards, spin4sin wheels (titles, slices, theme, sounds), rental dossiers, handmade kink listings, fetish reviews, commission inquiries.
  • Usage signals — which apps your account has opened and how many items you own per app (powers the "your apps" dashboard cards).
  • Technical logs — server access logs (IP, path, status) kept on our host for up to 90 days for debugging and abuse prevention.

What we do not collect

We do not sell your data, run third-party ad networks on the site, fingerprint your device, or share your content with anyone who is not part of operating the service.

How we use it

To run the site, associate the content you create with your account, help you recover access, send transactional email (verification and password reset), and prevent abuse.

Service providers

We use a small set of processors that operate the service on our behalf:

  • SendGrid — delivers verification and password-reset email. Receives your email address only when one of those mails is sent.
  • DigitalOcean — hosts the database and application servers.
  • GitHub — hosts the container images we deploy.

Cookies and local storage

We set a single session cookie (kif_session) after you sign in. It is HTTP-only, scoped to .kinkisfun.com so a single sign-in works across the subdomain apps, and expires after 30 days of inactivity.

We also use localStorage in your browser for offline / anonymous use of the apps:

  • spin4sin: locally-saved wheels, mirror-mode preference per wheel, first-visit sample seed flag.
  • controlboard: locally-created boards before sign-in, welcome-banner dismissal.
  • fetish-reviews: which reviews you have already rated from this browser.

On sign-in we offer to import any local content you created into your account. Anything you choose to keep local stays in this browser and is not sent to our servers.

Data retention

Account and content data persist until you delete your account or the content. Server request logs roll off after 90 days.

Your rights

You can request deletion of your account or export of your content by contacting us. We aim to respond within a reasonable time.

Children

The site is not directed to anyone under the age of majority in their jurisdiction. If we learn we have collected data from a minor we will delete it.

Changes

We may update this policy. Material changes will be reflected in the "last updated" date above.