Operative — legal review in progress
This policy is current and operative; a final legal review is in progress — last updated 2026-07-11. It is written to be clear and protective, but it is not legal advice. If anything here conflicts with a signed agreement between you and Champlin Enterprises, that agreement controls.
1. Who we are
SafeHaven is operated by Champlin Enterprises(the “we,” “us,” or “controller” in this policy). For privacy questions, contact privacy@safehavenkink.com.
2. What we collect
We collect only what we need to run the Service:
- Account data: your email address and a hashed password. Email is used for sign-in, security, and essential service messages.
- Profile & persona data: the handle, bio, roles, interests, hard limits, region, and images you choose to add. Some of this — for example details about your sexual orientation, sex life, or health — is a “special category” of personal data under GDPR Article 9. You choose what to share, and we process it based on your explicit consent (see “Legal bases” below).
- Content you create: posts, messages, comments, uploaded or AI-generated images, group and event activity.
- Verification data (optional): if you choose to verify, the minimum needed to confirm you are a real adult. It is never shown on your public profile and is retained only as required.
- Usage & device data: IP address, browser/device type, pages viewed, and interaction events, collected via the analytics tools described below.
3. Analytics, cookies & the three trackers we use
SafeHaven’s public marketing pages use a small, named set of tools. We defer non-essential analytics until you choose through our cookie banner (see the Cookie Policy). The tools are:
- Google Analytics 4 (GA4):aggregate traffic and usage measurement, so we can understand what’s useful and improve it. GA4 runs under Google Consent Mode v2— it is set to “denied” by default and only measures with cookies after you accept. Provided by Google LLC.
- Pulse: our own first-party analytics (pulse.champlinenterprises.com), also operated by Champlin Enterprises, used for the same measurement purpose without handing data to extra third parties. The Pulse pixel loads only after you consent.
- BugHive: our own first-party error/crash tracking (bughive.champlinenterprises.com), used to detect and fix bugs and keep the Service secure and working. Because it is operational/security telemetry rather than marketing analytics, it runs as a legitimate interest and does not set an analytics cookie.
For the specific cookies these set and how to opt out, see the Cookie Policy. The member app itself uses strictly necessary cookies to keep you signed in.
4. How we use your data
- to provide, secure, and operate SafeHaven and its features;
- to authenticate you and protect accounts from abuse and fraud;
- to review content for safety and enforce our policies;
- to send essential service and security messages;
- to measure and improve the Service (with your consent, where required); and
- to comply with legal obligations and respond to lawful requests.
We do not sell your personal data, and we do not share it for cross-context behavioral advertising.
5. Legal bases (GDPR)
Where the GDPR applies, we rely on:
- Contract — to provide the Service you sign up for;
- Consent — for analytics cookies and for special-category data (Article 9), i.e. the sensitive profile details you choose to share. You can withdraw consent at any time;
- Legitimate interests — to keep the Service secure, to prevent abuse, and for error tracking, balanced against your rights; and
- Legal obligation — where we must retain or disclose data by law.
6. Data retention
We keep personal data only as long as needed for the purposes above. In general: account and profile data are kept while your account is active; when you delete your account, we delete or irreversibly anonymize your personal data within a commercially reasonable period, except for limited data we must retain for legal, security, tax, or abuse-prevention reasons (for example, records related to a safety report or a §2257/CSAM matter), and residual copies in encrypted backups that age out on a rolling schedule. Aggregated or de-identified data that can no longer identify you may be retained.
7. Your privacy rights
GDPR (EU / UK) rights
If you are in the EEA or UK, you have the right to access, correct, erase (“right to be forgotten”), port your data, restrict or object to certain processing, and to withdraw consent at any time. You also have the right to lodge a complaint with your local data-protection authority.
CCPA / CPRA (California) rights
If you are a California resident, you have the right to know what personal information we collect and how it is used, to access and delete it, to correct inaccuracies, and to opt out of any sale or sharing of personal information — and we do not sell or share it. We will not discriminate against you for exercising these rights.
How to exercise your rights
The fastest way is self-serve: signed-in members can export a copy of their data and delete their account and data from their in-app account settings. You can also email privacy@safehavenkink.com and we will respond within the timeframe the applicable law requires. We may need to verify your identity before acting on a request.
8. Who we share data with
We share personal data only with service providers who help us run SafeHaven (such as hosting, email delivery, and the analytics/error tools named above), each bound to protect it and use it only on our instructions; with authorities when required by law or to protect people from harm (see our Law Enforcement Guidelines); and in connection with a business transfer, subject to this policy. We do not sell your data to data brokers or advertisers.
9. International transfers
SafeHaven is operated from the United States, and your data may be processed in the U.S. and other countries whose laws may differ from yours. Where we transfer personal data out of the EEA or UK, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.
10. Security & honest limits
We protect data with encryption in transit, encryption of direct messages at rest, access controls, and location obfuscation (member locations are blurred to a broad region, never an exact point). We are candid about the limits: messaging is notend-to-end encrypted (we hold the key), screenshots by other members are always possible, and no online service can promise perfect security. We’d rather you know the real limits than trust an inflated promise.
11. Children
SafeHaven is strictly for adults 18 and older. We do not knowingly collect personal data from anyone under 18. If we learn that a minor has created an account, we terminate it and delete the data. See our Child Safety Policy. Reports: abuse@safehavenkink.com.
12. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be reflected in the “last updated” date and, where appropriate, additional notice. Continued use after an update means you accept the revised policy.
13. Contact
For any privacy question or to exercise a right, contact privacy@safehavenkink.com.
Related policies