Privacy Policy

Last updated: February 17, 2026

      Early Access Notice

      Obey.fit is currently in invite-only early access.
      Data may be reset during this phase.
      This privacy policy reflects our current data practices.
    

Who We Are

Obey.fit is a relationship management platform for consensual dominant/submissive dynamics. The service is operated by an individual developer. For questions, contact: privacy@obey.fit

What Data We Collect

Account data: Email address and display name (required for login)
Profile data: Gender, pronouns, role, preferences you set
Activity data: Tasks completed, streaks, progress, rituals
Content you create: Journal entries, photos you voluntarily upload, messages
Usage data: Pages visited, features used, session duration (for improving the service)
Technical data: IP address (for security), browser type, device type

What We Do NOT Collect

Payment information
Government ID or real name (display name only)
Location data beyond approximate country (from IP)
Data from other websites or services

How We Use Your Data

To operate the platform and provide its features
To generate AI responses personalized to your progress
To improve the service based on usage patterns
To contact you about important service changes (email only)
To ensure security (rate limiting, fraud prevention)

Who We Share Data With

We do not sell your data. We do not share your personal data with third parties except:

Users in your relationship: Your Dominant or submissive partner can see shared activity data
Hosting provider (Render.com): Servers where data is stored
Anthropic (Claude AI): Task content and progress context is sent to generate AI responses. Anthropic's privacy policy applies to this processing.
Law enforcement: Only when required by law

Data Storage & Security

Data stored on encrypted servers
Passwords are hashed (bcrypt) — we never store plain text passwords
Photos stored with randomized filenames and served through authenticated endpoints
HTTPS enforced for all connections
CSRF protection on all API requests
Rate limiting and account lockout after failed login attempts

Adult Content Notice

Obey.fit contains adult content related to consensual dominant/submissive dynamics. You must be 18 years or older to use this service. By registering, you confirm you are 18+.

Your Rights (GDPR)

As an EU resident, you have the right to:

Access: Request a copy of your data
Deletion: Delete your account and all associated data
Correction: Update inaccurate data
Objection: Object to certain processing
Portability: Export your data in a readable format

To exercise these rights, email privacy@obey.fit or use the data export and account deletion options in your account settings. We will respond within 30 days.

Cookies & Local Storage

We use browser localStorage to keep you logged in (session token) and remember your preferences. We use a CSRF cookie for security. We do not use third-party tracking cookies or advertising cookies.

Data Retention

Active accounts: Data retained while account is active
Deleted accounts: All data permanently deleted within 30 days
Early access: All data may be reset with 7 days notice via email

Changes to This Policy

We may update this policy as the service evolves. Significant changes will be communicated by email. Continued use after changes constitutes acceptance.

Contact & Complaints

For privacy-related questions or data requests:
Email: privacy@obey.fit
Response time: Within 30 days

To file a complaint: Hungarian National Authority for Data Protection and Freedom of Information (NAIH)