Privacy & Security

On this website

against.porn does not use cookies, does not track visitors, and runs no third-party analytics in your browser. The only personal data we ever collect is the email address you optionally provide to be notified when the app launches, and only if you submit it yourself and confirm it via a one-time email.

That’s the whole thing. Specifically:

• No cookies. Not for analytics. Not for personalization. Not for advertising. The browser you use to read this page leaves with no Set-Cookie header from us.
• No third-party scripts. No Google Analytics, no Facebook Pixel, no Hotjar, no anything.
• No fingerprinting. We do not use canvas/font/WebGL fingerprinting, audio fingerprinting, or any other technique to identify you across sessions.
• Server logs. Like every web server, ours record request URLs and IP addresses. We rotate logs and keep no per-user retention. We do not link these to anything else.

On the waitlist (if you submit your email)

When you submit your email on the waitlist form, we store: the email itself (lowercased), a SHA-256 hash of the email for deduplication lookups, the locale of the page that submitted, the page slug as a source tag, your User-Agent string, a salted-and-peppered SHA-256 hash of your IP address, and timestamps. Raw IP is never persisted.

We send exactly two emails: a confirmation email when you sign up, and an announcement email when the app launches. After that we delete your record unless you’ve explicitly opted in to further communication. Every email contains a one-click unsubscribe link.

On the app

The app is offline-first. The first name, age, sex, and relationship status you enter at onboarding stay on your device. Private notes attached to relapse entries are encrypted on-device with AES-256-GCM (authenticated encryption) before being written to local storage. The encryption key is generated on first launch and stored in the operating system’s secure enclave — iOS Keychain on iOS, the Android Keystore on Android (via EncryptedSharedPreferences, hardware-backed when available). The key never leaves the device. We never receive it.

The app does not contain analytics SDKs, telemetry, advertising identifiers, or crash reporters that include user content. The app makes zero network requests in normal use. Daily reminders, if you enable them, are scheduled locally by your phone’s operating system — no remote push service is involved, no Firebase, no Google services.

You can export an encrypted backup or wipe all data from in-app settings. Uninstalling the app erases all locally-stored data.

On law enforcement requests

We have nothing to share that we don’t have. We have no record of your usage. We have no record of your encrypted data. If we receive a subpoena for “user X’s records,” our response is the truth: we don’t have them.

The exception is the waitlist email itself, which exists in our Firestore until you unsubscribe or until launch + 30 days. If compelled, we would have to disclose that. We mention this so you can decide.

Contact

[email protected] for any privacy-related question.

Technical details: How encryption works in against. · Why offline-first matters for sensitive data.