Privacy Policy

Effective Date: April 7, 2026 · Data controller: SYNR · Contact: support@bdsmtestsynr.com

1. Introduction

BDSM Test SYNR ("SYNR", "we", "us") is committed to protecting your privacy. This Privacy Policy explains what we collect, why we collect it, who we share it with, and the rights you have over your data when you use our website at bdsmtestsynr.com or our mobile applications for iOS and Android.

We comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and equivalent laws.

2. Information We Collect

We collect the minimum amount of data necessary to provide our services:

• Email address: collected only when you voluntarily submit it via the waitlist form, or via Google Sign-In (see section 5), to deliver your archetype results or launch notification.
• Approximate IP-derived location: we never request precise GPS. Our server reads your IP address during the request and uses an IP-to-city lookup solely for regional waitlist sequencing. The IP address itself is not stored beyond the request.
• Quiz responses: in the mobile apps, your 12 swipe answers and the calculated five-axis scores.
• Diagnostic logs: standard server logs (timestamps, request status, browser type) are kept for up to 14 days for debugging and abuse prevention.

We do not collect: phone numbers, real names, payment information, contact lists, photos, biometrics, precise location, or browsing history outside our domain.

3. Legal Basis (GDPR)

• Consent (Art. 6(1)(a)): for joining the waitlist and receiving the launch email.
• Legitimate interests (Art. 6(1)(f)): for security logging and abuse prevention.
• Performance of a contract (Art. 6(1)(b)): for delivering quiz results to a user who has requested them.

4. How We Use Your Information

• To calculate your archetype profile and deliver results via email.
• To notify you when SYNR launches in your region.
• To debug and secure the service.
• We do not use your data for advertising, profiling for marketing, automated decision-making with legal effect, or training of AI models.

5. Google Sign-In

If you choose to sign in with Google, the following applies:

• We use Google Identity Services to authenticate you. We request only your email address and Google account ID.
• We do not request access to your Google contacts, Drive, calendar, or any other Google service.
• Your interaction with the Google Sign-In button is governed by the Google Privacy Policy.
• Google may set a session cookie to keep you signed in. You can clear it at any time via your browser settings.

6. Third-Party Service Providers

We do not sell or rent your personal data. We use a small number of strictly operational sub-processors:

• Google Sheets / Apps Script (Google LLC, USA): stores your email and quiz responses. Data processed under Google's Data Processing Addendum and Standard Contractual Clauses.
• Brevo (Sendinblue SAS, France): sends transactional emails (your results, waitlist confirmation). Brevo is a GDPR-compliant EU provider.
• Surge.sh (Chloi Inc., USA): hosts the static marketing website.
• Cloudflare, Inc. (USA): CDN and DDoS protection for the website. May log IP addresses for security purposes for up to 24 hours.
• Google Identity Services (Google LLC, USA): only when you click Sign in with Google.

All transfers to providers outside the EEA rely on Standard Contractual Clauses or equivalent safeguards.

7. Cookies and Similar Technologies

The bdsmtestsynr.com website uses no tracking cookies, no advertising cookies, and no third-party analytics by default. The only storage we use:

• Strictly necessary local storage: a single key (synr_consent) to remember your cookie banner choice. No personal data, no tracking.
• Google Sign-In session cookie: set only if you actively click "Sign in with Google", governed by Google.

Because we do not run any non-essential cookies by default, the cookie banner on our site is informational rather than a consent gate. You may dismiss it without changing your privacy posture.

8. Data Retention

• Waitlist email: until you unsubscribe or until 24 months after the public launch (whichever is sooner).
• Quiz responses: indefinitely in anonymized form for the calibration sample. Linked to your email until you request deletion.
• Server logs: 14 days.
• Cloudflare security logs: ~24 hours (Cloudflare's policy).

9. Your Rights

Regardless of where you live, you have the right to:

• Access the data we hold about you.
• Rectify incorrect data.
• Delete your data ("right to be forgotten").
• Restrict or object to our processing.
• Port your data to another service.
• Withdraw consent at any time without affecting prior processing.
• Lodge a complaint with your local supervisory authority (e.g. your national data protection authority in the EU, the ICO in the UK, or the California Attorney General).

To exercise any of these rights, email support@bdsmtestsynr.com. We respond within 30 days.

10. Children

SYNR is intended for adults aged 18 and over. The age verification gate in the mobile apps enforces this. We do not knowingly collect data from anyone under 18. If you believe a minor has submitted data, contact us and we will delete it immediately.

11. Data Security

All data transmitted between your device and our servers travels over TLS (HTTPS). Data at rest in Google Sheets and Brevo is encrypted by those providers using AES-256. Access to the backend is restricted to the SYNR operations team and protected by 2FA.

12. International Users

SYNR is operated globally. By using SYNR you acknowledge that your data may be processed in the United States, the European Union, and other jurisdictions where our service providers operate, under the safeguards described in section 6.

13. Changes to This Policy

We may update this Privacy Policy. Material changes will be announced by updating the Effective Date at the top of this page. Continued use after a change constitutes acceptance.