🔒ExposedRush

Privacy Policy

Last updated: 2026-05-12

This Privacy Policy describes how ExposedRush ("we", "us") collects, uses, and discloses information when you access the ExposedRush website and services (the "Service").

1. Information We Collect

1.1 Account & profile data

  • Email address (for email-registered accounts) or a generated "usercode" for anonymous accounts.
  • Hashed password and authentication tokens.
  • Optional profile fields you provide: nickname, avatar, about-me text, "looking for" preferences, optional location for the Nearby map feature.

1.2 User Content

  • Photos, videos, comments, direct messages, votes, reposts, and any metadata you choose to attach (titles, descriptions, watermark choice, expiration / extension settings).

1.3 Service data

  • In-product events such as votes, image views, follow/unfollow, DM activity, payments and credit spend, Dom/Sub bindings, lock state and chastity-integration callbacks.

1.4 Technical data

  • IP address, approximate geolocation derived from IP, user-agent string, device identifiers stored in a first-party cookie (e.g. visit_did) and other localStorage values used to remember your session and consent.
  • Server logs (request paths, status codes, timestamps, error traces) used for security and debugging.

1.5 Cookies & local storage

We use first-party cookies and browser localStorage to keep you signed in, remember your age-confirmation acceptance (exposedrush_age_consent_v1), cache feed responses, and record analytics IDs. You can clear these at any time through your browser; doing so will sign you out and re-trigger the age-confirmation prompt.

1.6 Information we do not knowingly collect

We do not knowingly collect information from anyone under 18. If you believe we have collected such information, contact privacy@chastidrill.app and we will delete it.

2. How We Use Information

  • To operate the Service: authenticate you, deliver media, run the feed and recommendation algorithm, process Virtual Items, send direct messages, and run chastity / Dom-Sub integrations you opt into.
  • To keep the Service safe: detect abuse, enforce these Terms, investigate reports of illegal or non-consensual content, and meet legal obligations.
  • To communicate with you about your account, service notices, and (only where you opt in) marketing.
  • To analyze and improve the Service through aggregated metrics and A/B testing.

3. Legal Bases (EEA / UK Users)

We rely on the following legal bases under the GDPR / UK GDPR:

  • Contract — to provide the Service you sign up for.
  • Legitimate interests — keeping the Service secure, preventing abuse, and improving features, provided these are not overridden by your rights.
  • Consent — for optional features such as location broadcasting, marketing communications, and non-essential analytics cookies, where required.
  • Legal obligation — to respond to lawful requests, retain records mandated by law, and report CSAM to authorities.

4. Sharing

We share information only as described below. We do not sell personal data.

  • Service providers we use to operate the Service. As of the date above this includes Supabase (database, auth, realtime), Cloudflare R2 / compatible object storage (media), and self-hosted analytics. The exact list of sub-processors may change as the Service evolves.
  • Other users see content you publish (your gallery, public photos, public comments, your nickname). Direct messages are visible only to the conversation participants and to staff for abuse investigations.
  • Chastity / third-party integrations you opt into (e.g. Chaster, ChastiDrill). When you link an external account we exchange the minimum data required for the integration to function (session IDs, lock-action callbacks).
  • Legal and safety disclosures — to comply with valid legal process, enforce our Terms, protect rights and safety, or report illegal content (including CSAM reports to NCMEC).
  • Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.

5. Retention

We retain account data for as long as your account exists and for a reasonable period afterward to resolve disputes, prevent abuse, and meet legal obligations. Expired or deleted images remain in operational backups for a limited period before being permanently removed. Server and security logs are kept for a short rolling window (typically up to 90 days) unless a longer period is required by law or an active investigation.

6. Security

We use TLS in transit, encryption-at-rest at our cloud providers, hashed passwords, scoped service-role credentials, and rate limiting. No system is perfectly secure; you upload content at your own risk and must keep your credentials confidential.

7. Your Rights

Depending on where you live you may have rights to access, correct, delete, port, restrict, or object to processing of your personal data, and to withdraw consent at any time. EEA/UK users may also lodge a complaint with a supervisory authority. California residents have rights under the CCPA/CPRA, including the right to know, delete, correct, and limit use of sensitive personal information; we do not sell or "share" personal information for cross-context behavioural advertising.

Submit requests to privacy@chastidrill.app. We will verify your identity before acting and may decline requests that are unfounded, excessive, or that would infringe the rights of other users.

8. International Transfers

The Service is operated from, and processed through providers located in, jurisdictions that may be outside your country of residence. Where required, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses for transfers out of the EEA / UK.

9. Minors

The Service is strictly for adults aged 18+. We do not knowingly process data of anyone under 18. Parents or guardians who believe a minor has registered should contact abuse@chastidrill.app for immediate removal.

10. Changes

We may update this Privacy Policy. Material changes will be reflected by updating the "Last updated" date above and, where appropriate, by re-prompting consent. Continued use of the Service after changes take effect constitutes your acceptance.

11. Contact

Privacy questions and requests: privacy@chastidrill.app. General support: support@chastidrill.app.