Skip to content
BackLEASH

Privacy Policy

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Thomas Gnahm
Mainzer Str. 44
12053 Berlin
Germany
Email: contact@myleash.app

2. General Information on Data Processing

We only process personal data of our users insofar as this is necessary to provide a functional platform and our content and services. Processing generally only takes place with the user's consent, except where permitted by law.

3. Legal Bases for Processing

We process data based on: consent (Art. 6(1)(a) GDPR), contract performance (Art. 6(1)(b) GDPR), legal obligation (Art. 6(1)(c) GDPR), and legitimate interests (Art. 6(1)(f) GDPR).

4. Special Categories of Personal Data

LEASH is a platform for BDSM and fetish interactions. Data may be processed that allows conclusions about sex life or sexual orientation (Art. 9(1) GDPR). This processing takes place exclusively on the basis of your explicit consent pursuant to Art. 9(2)(a) GDPR. You may withdraw your consent at any time.

5. Data We Collect

Upon registration:

  • Email address (for magic link authentication)
  • Selected role, profile name, description, and pictures
  • Voice recordings (voice intros, interview audio)
  • Video recordings (video intros)

During use:

  • Messages and communication content between users
  • Tasks, rules, and ratings within relationships
  • Payment data and transaction history
  • Live video sessions and their recordings
  • AI-generated interview summaries and evaluations
  • Push notification tokens (device identifiers)

Technical data:

  • IP address, browser type, operating system
  • Automatically deleted after 30 days

5a. Session Recordings

Live video sessions between users may be recorded. Both participants are informed before the session begins.

Recordings are stored on EU servers (Frankfurt, Germany) controlled by the Operator. Audio recordings are deleted after 90 days; video recordings after 30 days. Audio recordings may be transcribed for quality assurance (see Section 7).

6. Purposes of Processing

  • Provision and operation of the platform
  • Authentication and account management
  • Enabling communication between users
  • Processing of payments and tributes
  • Ensuring platform security
  • Fulfillment of legal obligations

6a. AI-Powered Data Processing

The Platform uses artificial intelligence (AI) for the interview system (“Gatekeeper”). Your responses are transmitted to the Google Gemini API to generate a summary and assessment.

No fully automated decision-making within the meaning of Art. 22 GDPR takes place. The AI evaluation serves solely as a decision-making aid. The final decision on applications is made by other users.

7. Recipients and Data Processors

We use the following service providers. Data processing agreements (Art. 28 GDPR) are in place with all providers. Where data is transferred to the USA, this is done on the basis of EU Standard Contractual Clauses.

  • Supabase Inc. — Database, authentication, file storage (EU servers, Frankfurt)
  • Vercel Inc. — Web hosting and content delivery
  • Stripe Inc. — Payment processing (credit cards, subscriptions, payouts). Appears as “MLA Digital Services” on bank statements
  • Resend Inc. — Transactional email delivery
  • LiveKit Inc. — Live video session infrastructure (self-hosted on EU servers, Frankfurt)
  • Google LLC (Gemini API) — AI interview processing and summarization
  • AssemblyAI Inc. — Audio transcription of session recordings
  • BunnyWay d.o.o. (Bunny.net) — Video hosting and content delivery (EU, Slovenia)
  • Functional Software Inc. (Sentry) — Error monitoring and performance tracking

8. Cookies and Local Storage

We use only technically necessary cookies for authentication. We do not use tracking cookies, marketing cookies, or analytics services.

9. Retention Period

  • Account data: Duration of account usage, deleted within 30 days after deletion
  • Messages: Anonymized or deleted upon account deletion
  • Payment data: 10 years (§ 147 AO)
  • Server logs: 30 days

10. Your Rights

Under the GDPR you have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and objection (Art. 21). Contact: contact@myleash.app

11. Withdrawal of Consent

You may withdraw your consent at any time with effect for the future via email to contact@myleash.app or via the account settings.

12. Supervisory Authority

Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219, 10969 Berlin
Email: mailbox@datenschutz-berlin.de

13. Data Security

We use SSL/TLS encryption and appropriate technical and organizational security measures to protect your data.

Last updated: March 2026