Privacy Policy

Last updated: February 15, 2026

1. Introduction

Welcome to WankLog ("we," "our," or "us"), a UK-based company. We are committed to protecting your privacy and personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable laws. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, and related services (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

We are the data controller for your personal data. Our contact details are at the end of this policy.

2. Definitions

• Personal Data: Any information relating to an identified or identifiable individual.
• Special Category Data: Sensitive data including information about sex life or sexual orientation (e.g., your session logs).
• Processing: Any operation performed on personal data, such as collection, storage, or deletion.

3. Information We Collect

3.1 Information You Provide

• Account Information: Email address, name, nickname, and password when you create an account.
• Profile Information: Optional details such as phone number, birthday, height, weight, and social media handles.
• Session Data: Activity tracking data including duration, timestamps, intensity, frequency, and optional notes (this is Special Category Data).
• Communications: Feedback, support requests, and other communications you send to us.

3.2 Information Collected Automatically

• Device Information: Device type, operating system, unique device identifiers, and app version.
• Usage Data: App usage statistics, features accessed, interaction patterns, and crash reports.
• Log Data: IP address, browser type, access times, referring URLs, and error logs.

3.3 Health and Wellness Data (Special Category)

Our Service collects Special Category Data related to your sexual habits and wellness. This data is:

• Processed only with your explicit consent (obtained via a separate opt-in during signup or settings).
• Stored securely with end-to-end encryption.
• Never sold, rented, or shared for marketing purposes.
• Only used for the core Service features you request (e.g., tracking, stats, leaderboards if opted-in).
• Deletable at any time upon your request, with confirmation of deletion provided.

We do not use this data for automated decision-making or profiling.

4. Lawful Basis for Processing

• Explicit Consent: For Special Category Data (revocable at any time).
• Contract: To provide the Service (e.g., account management).
• Legitimate Interests: For analytics, security, and improvements (balanced against your rights).
• Legal Obligation: For compliance with laws.

5. How We Use Your Information

We use the collected information for:

• Providing, maintaining, and improving the Service.
• Personalizing your experience (e.g., custom stats).
• Processing your account, subscriptions, and transactions.
• Sending updates, notifications, security alerts, and support messages.
• Analyzing anonymized usage patterns to enhance features.
• Detecting, preventing, and investigating fraud, abuse, or security incidents.
• Complying with legal obligations, including tax and regulatory requirements.

We have conducted a Data Protection Impact Assessment (DPIA) for processing Special Category Data.

6. Data Sharing and Disclosure

We do NOT sell your personal data. We may share your information only in these limited circumstances:

• With Your Explicit Consent: E.g., for leaderboards, social sharing, or integrations.
• Service Providers: Trusted UK/EU-based third parties (e.g., hosting via AWS EU regions, analytics via Google Analytics with anonymization) bound by data processing agreements ensuring UK GDPR compliance.
• Legal Requirements: If required by law, court order, or to protect rights, property, or safety (we'll notify you unless prohibited).
• Business Transfers: In a merger, acquisition, or asset sale, with notice to you and safeguards.

7. Data Security

We implement industry-standard security measures, including:

• TLS/SSL encryption for all data in transit.
• AES-256 encryption for data at rest, especially Special Category Data.
• Regular security audits, vulnerability scans, and penetration testing.
• Secure authentication with optional multi-factor authentication (MFA).
• Keychain/Secure Enclave storage for credentials on iOS/Android devices.
• Access controls: Data access limited to authorized personnel on a need-to-know basis.
• Incident Response: In case of a data breach, we'll notify affected users and the ICO within 72 hours if required, and provide mitigation steps.

Despite these measures, no system is 100% secure; you use the Service at your own risk.

8. Data Retention

We retain your data only as long as necessary:

• Account data: While active or as needed for Service provision.
• Session data: Until deleted by you or account closure.
• Anonymized data: Indefinitely for aggregate analytics (no re-identification possible).

After deletion requests, we erase data within 30 days (or sooner if required). Backups may retain data for up to 90 days for recovery purposes.

9. Your Rights Under UK GDPR

You have enhanced rights for Special Category Data. These include:

• Access: Request a copy of your data (free, within 1 month).
• Rectification: Correct inaccurate data.
• Erasure ("Right to be Forgotten"): Delete your data, subject to legal retention.
• Portability: Receive your data in a machine-readable format.
• Restriction: Limit processing while we verify accuracy or consent.
• Objection: Object to processing based on legitimate interests.
• Withdraw Consent: At any time, without affecting prior processing (may limit Service use).
• Complaint: Lodge with the ICO (ico.org.uk).

To Exercise Rights: Use app settings > Privacy > Export/Delete, or email privacy@wanklog.com with verification (e.g., account email). We'll respond within 1 month (extendable if complex).

For CCPA/CPRA (if applicable to CA users): Similar rights, including "Do Not Sell/Share" (we don't sell data anyway).

10. Children's Privacy

The Service is strictly for users 18+. We do not knowingly collect data from under-18s. If discovered, we delete it immediately and may terminate accounts.

11. International Data Transfers

Data is primarily processed in the UK/EU. If transferred outside (e.g., to US providers), we use UK-approved safeguards like Standard Contractual Clauses (SCCs) or International Data Transfer Agreements (IDTAs), plus risk assessments.

12. Third-Party Services

• Apple HealthKit/Wearables: Data stays on-device unless you explicitly sync; we don't access without consent.
• Authentication: Google/Apple/Facebook (only minimal data for login).
• Analytics: Google Analytics (anonymized IP, opt-out available).

See our Cookie Policy for tracking details.

13. Cookies and Tracking

See our separate Cookie Policy.

14. Changes to This Policy

We'll notify you of material changes via email, in-app, or website banner at least 30 days in advance. Continued use constitutes acceptance.

15. Contact Us

• Email: privacy@wanklog.com
• Postal: Innovatus International Ltd; 31 Louisberg Road, Hemswell Cliff, DN21 5XU, United Kingdom
• Data Protection Officer: dpo@wanklog.com
• ICO Registration: 00011760791

For complaints, contact us first; unresolved issues can go to the ICO.