Privacy Policy

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Thomas Gnahm
Mainzer Str. 44
12053 Berlin
Germany
Email: contact@myleash.app

2. General Information on Data Processing

We only process personal data of our users insofar as this is necessary to provide a functional platform and our content and services. Processing generally only takes place with the user's consent, except where permitted by law.

3. Legal Bases for Processing

We process data based on: consent (Art. 6(1)(a) GDPR), contract performance (Art. 6(1)(b) GDPR), legal obligation (Art. 6(1)(c) GDPR), and legitimate interests (Art. 6(1)(f) GDPR).

4. Special Categories of Personal Data

LEASH is a platform for BDSM and fetish interactions. Data may be processed that allows conclusions about sex life or sexual orientation (Art. 9(1) GDPR). This processing takes place exclusively on the basis of your explicit consent pursuant to Art. 9(2)(a) GDPR. You may withdraw your consent at any time.

5. Data We Collect

Upon registration:

• Email address (for magic link authentication)
• Selected role, profile name, description, and pictures

During use:

• Messages and communication content between users
• Tasks, rules, and ratings within relationships
• Payment data and transaction history

Technical data:

• IP address, browser type, operating system
• Automatically deleted after 30 days

6. Purposes of Processing

• Provision and operation of the platform
• Authentication and account management
• Enabling communication between users
• Processing of payments and tributes
• Ensuring platform security
• Fulfillment of legal obligations

7. Recipients and Data Processors

We use Supabase (database, auth, storage — EU servers), Vercel (hosting), and Stripe (payments). Data processing agreements (Art. 28 GDPR) are in place with all providers. Where data is transferred to the USA, this is done on the basis of EU Standard Contractual Clauses.

8. Cookies and Local Storage

We use only technically necessary cookies for authentication. We do not use tracking cookies, marketing cookies, or analytics services.

9. Retention Period

• Account data: Duration of account usage, deleted within 30 days after deletion
• Messages: Anonymized or deleted upon account deletion
• Payment data: 10 years (§ 147 AO)
• Server logs: 30 days

10. Your Rights

Under the GDPR you have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and objection (Art. 21). Contact: contact@myleash.app

11. Withdrawal of Consent

You may withdraw your consent at any time with effect for the future via email to contact@myleash.app or via the account settings.

12. Supervisory Authority

Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219, 10969 Berlin
Email: mailbox@datenschutz-berlin.de