Privacy Policy
This document is the legal version of the Privacy & Security page. Both cover the website and the mobile app; this is the form-of-words our lawyers asked us to use.
1. Who is the controller
against. (“we”, “us”) is the data controller for any personal data processed via this website (against.porn).
2. What we collect
On the website: nothing automatically. No cookies, no third-party analytics scripts, no fingerprinting. Standard web server logs (requested URLs and IP addresses) are kept transiently and not linked to identifiers.
Via the waitlist form, if you submit it: your email address (lowercased and trimmed), a SHA-256 hash of that email for deduplication, the locale of the page that submitted, the page slug as a source value, your User-Agent string, a salted-and-peppered SHA-256 hash of your IP, and timestamps for create / confirm / unsubscribe events.
3. Why we process this data
To send you (a) a one-time confirmation email and (b) a one-time announcement email when the app launches. That is the entire lawful purpose. Legal basis: explicit consent (Article 6(1)(a) GDPR; Article 7(I) LGPD).
4. Who we share it with
The email-sending provider Resend processes the email on our behalf as a sub-processor. We have a data processing agreement with Resend. We share nothing else with anyone else.
5. How long we keep it
Until you unsubscribe, or until launch + 30 days, whichever is sooner. After that, your record is deleted.
6. Your rights
Under GDPR, LGPD, and equivalent laws you have the right to access, rectify, erase, restrict, and port your personal data, and to withdraw consent at any time. Use the unsubscribe link in any of our emails, or write to [email protected].
7. International transfers
Resend processes data in the United States. We rely on the EU-US Data Privacy Framework and Standard Contractual Clauses for transfers from the EU/UK. Brazilian users: this constitutes “international transfer” under LGPD Articles 33-36; consent is the legal basis.
8. Changes
We will update this policy if our practices change. Material changes will be announced via the email on file (if you have one) and on this page.
9. Contact
10. About the against. app
The against. mobile app is a separate product from this website. Its data practices differ from those described above.
What the app collects: when you complete onboarding, the app stores your first name, age, sex, and relationship status on your device only. You may add private notes to relapse entries; these are encrypted with AES-256-GCM (authenticated encryption) on your device before being written to local storage. Your encryption key is generated on first launch and stored in your phone’s secure enclave — on iOS, in the Keychain, accessible only when the device is unlocked and non-transferable; on Android, in EncryptedSharedPreferences with the master key held in the Android Keystore (hardware-backed when available). The key never leaves your device.
What the app does not collect: the app contains no analytics, no telemetry, no third-party SDKs that send data off-device, no advertising identifiers, and no crash reporters that include user content. The app performs zero network requests during normal use. Daily reminders (if you enable them in settings) are scheduled locally by your operating system — no remote push service is involved.
Sharing: the app does not share any data with anyone, including against. itself. We have no server-side store of your usage.
Your control: at any time you can export an encrypted backup of your data, or delete all of it, from the app’s in-app settings. Uninstalling the app also deletes all locally-stored data.
Contact: [email protected] for app-related questions. For data-rights requests under GDPR, LGPD, or equivalent laws, use [email protected] (see section 6 above).
Last updated: