Privacy Policy

Last updated: April 17, 2026 · Effective: April 17, 2026

      Short version: PolyQuesting collects only what it needs to run the service,
      never sells your data, and treats your relationship style, identity, kink preferences, and quiz
      results with the discretion they deserve.
    

1. Who We Are

PolyQuesting is operated by Here I'M Ideas LLC, a North Carolina limited liability company ("we", "us", "our"). Here I'M Ideas LLC is the data controller for personal information collected through the PolyQuesting platform at polyquesting.polsia.app.

PolyQuesting is a social platform for the polyamorous, ethically non-monogamous (ENM), and relationship-curious community, offering compatibility quizzes, community profiles, messaging, consent agreements, and shared activities.

For privacy questions or to exercise your rights, contact us at: privacy@polyquesting.polsia.app

2. Information We Collect

Account Information

Email address and username (required to create an account)
Display name, pronouns, bio, and avatar (optional, set by you)
Relationship style and orientation tags (optional, visible on your profile)
Password (stored as a bcrypt hash — we never store plaintext passwords)

Sensitive Personal Information

PolyQuesting is designed for adults in the polyamorous and ENM community. As a result, we may collect the following categories of sensitive personal information when you choose to provide them:

Sexual orientation and sexual identity — tags you add to your profile describing your orientation, identity, or relationship style
Relationship style preferences — e.g., hierarchical poly, relationship anarchy, solo poly, ENM, swinging
Kink and BDSM preferences — responses in kink/BDSM compatibility quizzes and consent agreement wizard fields
Health-related information — information you voluntarily share in quiz sessions about intimacy practices, where relevant to compatibility

Under the California Privacy Rights Act (CPRA), these categories constitute "sensitive personal information." We use this data only to provide the core platform features you request. We do not sell, share for cross-context behavioral advertising, or use this data for profiling. See Section 5 for how we handle this data and Section 14 for your CPRA rights.

Content You Create

Messages you send to other users (stored to deliver them)
Quiz responses and compatibility scores
Polycule group memberships and names you create
Consent agreement (BDSM contracts) content you submit
Dice rolls and TTRPG session data
Reports you file about content or users

Automatically Collected

IP address and approximate location (for security and rate-limiting)
Browser/device type and OS (for compatibility)
Session tokens (stored in browser localStorage, expire after 30 days)
Basic usage logs (feature usage counts, not message content)

Payment Information

Subscription payments are processed by Stripe, Inc. We do not store full credit card numbers or payment card data on our servers. Stripe provides us with a payment token and basic billing information (last 4 digits, card type, billing postal code).

What We Do NOT Collect

We do not sell advertising and do not build advertising profiles
We do not collect precise GPS location
We do not scan or analyze message content for advertising purposes
We do not knowingly collect data from anyone under 18

3. Legal Basis for Processing

We process your personal information on the following legal bases:

Contract performance: Processing necessary to provide the PolyQuesting service you've signed up for — account management, authentication, delivering messages, calculating quiz compatibility, processing subscriptions
Consent: Processing sensitive personal information (relationship style, sexual orientation, kink/BDSM preferences) that you voluntarily provide by filling out your profile or participating in quizzes. You may withdraw consent at any time by deleting this data from your profile or account
Legitimate interests: Preventing fraud and abuse, maintaining platform security, analyzing aggregate usage patterns to improve the service (where this does not override your rights)
Legal obligation: Complying with applicable laws, responding to lawful requests from authorities, preserving records as required by law

4. How We Use Your Information

Provide the service: Deliver messages, calculate quiz compatibility, run video hangouts, manage consent agreements
Safety and moderation: Detect spam, abuse, and policy violations; review reports; enforce our Community Guidelines
Service improvements: Understand which features are used (aggregate, anonymized)
Communications: Send transactional emails (quiz invites, DM notifications) — only if you've enabled them in Notification Preferences
Billing: Process subscription payments via Stripe (we do not store card numbers)

5. Sensitive Information — Heightened Protections

PolyQuesting serves a community that shares intimate details about relationship style, sexual orientation, and kink/BDSM preferences. We apply the following heightened protections:

Sensitive profile fields are only visible to other logged-in users unless you explicitly set your profile to public
Quiz results, including kink and BDSM compatibility results, are only shared with participants in the same quiz session — no one else
Consent agreement (BDSM contract) content is private by default and only accessible to the participants in that agreement
We do not share sensitive personal information with third parties for any purpose other than delivering the service features you request
We do not use sensitive personal information for cross-context behavioral advertising
We do not sell sensitive personal information

6. Sharing Your Information

We do not sell your personal data. We share data only in these circumstances:

With your consent: When you choose to make your profile public or share quiz results with other users
Service providers: Third parties who help us operate the platform, under strict data processing agreements, limited to what they need to perform their service:
- Stripe, Inc. — payment processing and subscription management
- Jitsi — video call infrastructure (used in PolyMeets video features)
- Polsia — our AI platform infrastructure partner, who hosts and operates the underlying application and database infrastructure. Polsia processes data only as a data processor under our instruction and is subject to confidentiality obligations
- Email delivery providers — for transactional notifications you've opted into
Legal requirements: When required by law, court order, subpoena, or to protect the safety of our users or the public
Business transfer: If Here I'M Ideas LLC is acquired or merges with another company, your data may transfer as part of that transaction. We will notify you before your data is subject to a materially different privacy policy

7. Data Retention

We retain personal information for as long as necessary to provide the service and comply with legal obligations.

Data Category	Retention Period
Account information (email, username, profile)	Retained while your account is active. Deleted within 30 days of account deletion request.
Sensitive profile data (relationship style, orientation, kink preferences)	Retained while your account is active; deleted within 30 days of account deletion or when you remove it from your profile.
Messages	Retained until you delete your account. Individual message deletion coming in a future release.
Quiz sessions and responses	Retained indefinitely while your account is active; deleted within 30 days of account deletion.
Consent agreements (BDSM contracts)	Retained while all participants have active accounts, or until all participants request deletion.
Payment records	Retained for 7 years as required by financial regulations and tax law.
Security and moderation logs	Retained for 12 months for fraud prevention and abuse investigation.
Anonymized aggregate usage data	Retained indefinitely (no personal identifiers).

After account deletion, your data is purged within 30 days, except where legally required to retain (e.g., payment records, active legal matters).

8. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal information:

Right to know/access (GDPR Art. 15): Request a copy of the personal data we hold about you
Right to correct (GDPR Art. 16): Request correction of inaccurate or incomplete data
Right to delete / erasure (GDPR Art. 17): Request deletion of your personal data (subject to legal retention requirements)
Right to data portability (GDPR Art. 20): Request your data in a machine-readable format
Right to object (GDPR Art. 21): Object to certain processing activities (e.g., legitimate interest processing)
Right to restrict processing (GDPR Art. 18): Request that we limit how we use your data in certain circumstances
Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing

In-app self-service tools (fastest way to exercise your rights):

Download My Data — Go to Account Settings → "Your Data & Privacy" → "Download My Data" to receive a complete JSON export of all data we hold about you. Rate-limited to once every 24 hours. Available to all logged-in users immediately.
Delete My Account & Data — Go to Account Settings → "Danger Zone" → "Delete My Account & Data". On confirmation, your account, profile, messages, quiz results, polycule memberships, and notifications are deleted immediately. Any active subscription is cancelled. You will receive a confirmation email.

To exercise rights that cannot be fulfilled in-app, or if you have questions about your data, email privacy@polyquesting.polsia.app with your request and the email address associated with your account. We respond within 30 days (45 days for complex requests, with notice).

We will not discriminate against you for exercising your privacy rights.

9. Children's Privacy (COPPA)

PolyQuesting is intended exclusively for users 18 years of age and older. We do not knowingly collect personal information from anyone under 18. If you believe a person under 18 has provided personal information to us, contact us immediately at privacy@polyquesting.polsia.app and we will delete that information promptly.

10. Security

Passwords stored as bcrypt hashes (never plaintext)
All data transmitted over HTTPS/TLS
Session tokens are randomly generated and expire after 30 days
Database access restricted to application servers
Regular security reviews of authentication and data access paths

No method of transmission over the internet or electronic storage is 100% secure. While we apply commercially reasonable safeguards, we cannot guarantee absolute security.

11. North Carolina Data Breach Notification

Here I'M Ideas LLC complies with the North Carolina Identity Theft Protection Act (N.C. Gen. Stat. § 75-65). In the event of a security breach that compromises personal information of North Carolina residents, we will:

Investigate and contain the breach promptly
Notify affected individuals within 72 hours of determining that notification is required, to the extent practicable
Notify the North Carolina Attorney General's office as required by law
Provide affected users with information about what happened, what data was involved, and what steps they can take to protect themselves

If you believe your PolyQuesting account may have been compromised, contact us immediately at privacy@polyquesting.polsia.app or safety@polyquesting.polsia.app.

12. Cookies, Local Storage & Consent

PolyQuesting uses localStorage (not HTTP cookies) to store your session token. This token authenticates your requests to our API. No third-party tracking cookies are set on this platform.

What we store in localStorage:

pq_token — your session authentication token (essential; expires after 30 days)
pq_user — your cached user profile (essential; allows fast nav rendering without an API call)
pq_consent — your cookie/data consent preferences (essential; records your choices)

Consent banner: On your first visit, PolyQuesting displays a consent banner. You may choose:

Essential Only — session authentication and UI caching only (always available, no further consent needed)
Accept All — also enables anonymized in-app analytics events to help us improve the platform
Customize — individually toggle analytics consent

Analytics events are anonymized aggregates (page views, feature usage counts). They do not include message content, quiz responses, or identifiable personal data. You may update your preference at any time by clearing pq_consent from your browser's localStorage.

The service worker (PWA) may cache app assets for offline use. These caches contain only app code and UI assets — not your personal data.

13. International Transfers

PolyQuesting is operated in the United States. If you access the service from outside the US, your data is transferred to and processed in the US. By using PolyQuesting, you consent to this transfer. We apply appropriate safeguards consistent with applicable law.

14. California Residents — CCPA / CPRA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with the following rights:

Right to Know

You have the right to know what personal information we collect about you, the categories of sources, the business or commercial purposes for collection, the categories of third parties with whom we share it, and the specific pieces of personal information we hold.

Right to Delete

You have the right to request deletion of personal information we have collected about you, subject to certain exceptions (e.g., information needed to complete transactions, comply with legal obligations, or detect security incidents).

Right to Correct

You have the right to request correction of inaccurate personal information we hold about you.

Right to Opt Out of Sale or Sharing

We do not sell your personal information and do not share it for cross-context behavioral advertising. If this ever changes, we will provide notice and a mechanism to opt out before doing so.

Do Not Sell or Share My Personal Information
As of the effective date of this policy, PolyQuesting does not sell or share personal information as defined under the CCPA/CPRA. No opt-out action is required. If you have questions, email privacy@polyquesting.polsia.app.

Right to Limit Use of Sensitive Personal Information

You have the right to direct us to limit our use of your sensitive personal information (sexual orientation, relationship style, kink/BDSM preferences) to only what is necessary to provide the services you've requested. We already restrict use to service delivery — no additional action is required. To request further limitation, email privacy@polyquesting.polsia.app.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge you different prices, or provide a different level of service because you exercised your rights.

How to Submit a California Privacy Request

Email privacy@polyquesting.polsia.app with the subject line "CCPA/CPRA Request." We will verify your identity before responding. We respond within 45 days (with a possible 45-day extension for complex requests).

15. Third-Party Links

PolyQuesting may contain links to external websites. We are not responsible for the privacy practices of those sites. Review their privacy policies independently.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we'll notify you via email (if you have notifications enabled) and update the "Last updated" date above. Continued use of PolyQuesting after changes constitutes acceptance of the updated policy.

17. Contact Us

Questions about this policy or your data:
📧 privacy@polyquesting.polsia.app
🌐 polyquesting.polsia.app

Here I'M Ideas LLC · North Carolina, United States