This Privacy Policy ("Policy") describes how the Sissy Conditioner application ("the App") handles information in connection with your use of the App. By downloading, installing, or using the App, you acknowledge that you have read, understood, and agree to the practices described in this Policy. This Policy should be read in conjunction with our Terms of Service.
The App operates on a fully local, device-resident architecture. All User-generated and User-supplied content — including but not limited to media files, images, videos, audio, text prompts, notification configurations, lock session data, combination photographs, check-in photographs, achievement progress, profile information, preferences, and any other data created or imported by the User ("User Data") — is stored exclusively on the User's device. The Developer does not collect, receive, store, process, access, transmit, or maintain any User Data on any server, cloud infrastructure, database, or system under the Developer's ownership or control. The Developer has no technical capability to view, retrieve, intercept, modify, or delete User Data at any time.
The App functions as a media playback and conditioning tool that operates solely on content provided by the User. The Developer does not supply, curate, recommend, host, or exercise any editorial control over any content loaded into the App. All media and content is selected, obtained, and imported at the User's sole discretion. The User bears full responsibility for ensuring that any content they load into the App complies with all applicable laws and regulations. The Developer expressly disclaims any knowledge of, responsibility for, or liability arising from User-supplied content.
If you choose to sign in with Patreon to access subscriber-only features, the App initiates an OAuth 2.0 authorization flow through Patreon's API. During this process, the App receives only the following information as provided by Patreon: (a) your Patreon user identifier, and (b) your current subscription tier status. This information is used solely for the purpose of verifying your active membership and determining feature eligibility. This verification data is cached locally on your device and is periodically re-validated. No authentication tokens, Patreon credentials, or membership data are transmitted to or stored on any server, infrastructure, or system controlled by the Developer. The Developer does not access, store, or process your Patreon password or payment information at any time. Your use of Patreon's services is governed by Patreon's own Privacy Policy and Terms of Use.
This section added 2026-05-12 in response to the Commit feature release in app version 1.0.3.
When you use the Commit (chastity lock) feature, the App may capture a photograph of your combination or key code using the device camera. This photograph is immediately encrypted using AES-256-CBC with a key bound to the Android Keystore (a hardware-backed or TEE-backed key management facility provided by the Android operating system). The encrypted photograph is stored exclusively in the App's private storage directory on your device. THE COMBINATION PHOTOGRAPH IS NEVER UPLOADED TO ANY SERVER, CLOUD SERVICE, OR EXTERNAL SYSTEM UNDER ANY CIRCUMSTANCE DURING NORMAL OPERATION. The Developer has no ability to access, view, decrypt, or retrieve your combination photograph at any time. When the lock cycle ends (whether by completion, manual override, or any other termination event), the combination photograph is deleted from the App's storage.
If the lock cycle is configured to require periodic check-in photographs, these photographs are captured via the device camera and processed identically to combination photographs: encrypted with AES-256-CBC using an Android Keystore-bound key, stored exclusively in app-private storage, never transmitted to any external server, and deleted when the lock cycle ends or when they are no longer required by the check-in schedule.
The App requests access to the device camera solely for the purpose of capturing combination photographs and check-in photographs within the Commit feature. The camera is not used for any other purpose. No photographs are taken without the User's explicit initiation. The camera is not accessed in the background, and no continuous or periodic image capture occurs.
The App includes a self-destruct feature that, under certain conditions configured by the User, may wipe App data. IN THE EVENT THAT A SELF-DESTRUCT IS TRIGGERED WHILE A CHASTITY LOCK CYCLE IS ACTIVE, THE APP WILL FIRST DECRYPT THE COMBINATION PHOTOGRAPH AND SAVE IT TO THE DEVICE'S STANDARD PHOTO GALLERY (SHARED MEDIA STORAGE) AS AN EMERGENCY SAFETY MECHANISM BEFORE PROCEEDING WITH DATA DELETION. This is the only circumstance under which the combination photograph is decrypted and moved outside of the App's private encrypted storage. This behavior exists to prevent a scenario in which the User permanently loses access to their combination due to a self-destruct event. The User should be aware that after this emergency export, the combination photograph will be visible in the device's photo gallery and is no longer encrypted by the App.
No analytics, telemetry, usage tracking, or third-party monitoring of any kind is performed on any data associated with the Commit feature. The Developer does not collect or receive any information about whether the User has activated a lock cycle, the duration of any lock cycle, the number of check-ins performed, wager outcomes, or any other Commit-related activity. This data exists only on the User's device.
This section added 2026-05-12 in response to updates in app version 1.0.3.
The optional partner remote-control feature uses end-to-end encryption (ECDH key exchange with per-session ephemeral keys). All commands and data transmitted between the Controller and Controlled devices are encrypted on the sending device and decrypted only on the receiving device. The relay server (a Cloudflare Worker operated by the Developer) facilitates the encrypted message exchange but CANNOT decrypt, read, inspect, or log the contents of any command or payload. The server sees only opaque encrypted blobs and session metadata necessary for routing (session code, connection timestamps for idle detection).
If the User explicitly chooses to send a check-in photograph or other image to a partner via the remote-control feature, the image is encrypted end-to-end before transmission. The relay server cannot view, decode, or store the image contents. Images are transmitted as encrypted payloads and are not persisted on the server beyond the immediate relay. THE APP DOES NOT AUTOMATICALLY SHARE ANY PHOTOGRAPHS WITH ANY PARTNER. Photo sharing via the remote-control feature occurs only upon the User's explicit, voluntary action.
Remote-control session data (session codes, encrypted command queues, connection timestamps) is stored in a Cloudflare Durable Object for the duration of the session only. Sessions automatically expire after one hour or after five minutes of inactivity by the controlled device, whichever occurs first. Upon expiration, all session data is permanently and irrecoverably deleted. No session data is archived, backed up, or retained after session termination.
The App contains no analytics software, advertising frameworks, ad networks, tracking pixels, device fingerprinting mechanisms, telemetry systems, crash reporting services, or any other form of usage monitoring or behavioral tracking. The App does not collect device identifiers, IP addresses, geolocation data, browsing history, usage patterns, or any other behavioral or diagnostic information. No data of any kind is transmitted from the App to the Developer or to any third party for analytics, advertising, marketing, or any other purpose.
The Developer does not sell, rent, lease, trade, share, transfer, disclose, or otherwise make available any User Data to any third party under any circumstances. Because the Developer does not collect or possess any User Data, there is no data to share. In the event of a legal request, subpoena, or court order directed at the Developer, the Developer will have no User Data to produce, as no such data exists on any system under the Developer's control.
As all User Data resides exclusively on the User's device, the security of that data is dependent upon the security measures employed by the User on their own device, including but not limited to device encryption, screen lock mechanisms, biometric authentication, and physical device security. The combination and check-in photographs captured by the Commit feature are additionally protected by AES-256-CBC encryption with Android Keystore-bound keys, providing an additional layer of security independent of device-level encryption. The Developer does not have access to, and therefore cannot guarantee the security of, any locally stored data. The Developer shall not be liable for any unauthorized access to, loss of, corruption of, or damage to User Data resulting from device theft, malware, unauthorized physical access, Android Keystore compromise, or any other security breach affecting the User's device.
The App is intended exclusively for adults aged eighteen (18) years or older, or the age of majority in the User's jurisdiction, whichever is greater. The App is not directed at, and the Developer does not knowingly collect any information from, children under the age of 18. If you are under 18 years of age, you are prohibited from using the App and must delete it immediately.
Because all User Data is stored locally on the User's device, data retention is entirely within the User's control. To permanently delete all App data, the User may uninstall the App from their device or clear the App's data through the device's application settings. Upon uninstallation or data clearance, all locally stored User Data — including encrypted combination photographs, check-in photographs, lock cycle data, session history, and all other App data — is removed in accordance with the device operating system's standard data deletion procedures. There is no server-side account, cloud backup, or remote data store to delete, as no such systems exist.
The App does not transmit personal data across borders, as all personal data remains on the User's local device. The remote-control feature transmits only end-to-end encrypted payloads through Cloudflare's global network; the Developer cannot decrypt these payloads and they do not constitute personal data accessible to the Developer. No personal data is transferred to or processed in any jurisdiction by the Developer. Users in all jurisdictions benefit from the same local-only data architecture described in this Policy.
With the exception of the optional Patreon OAuth authentication described in Section 4 and the optional remote-control relay described in Section 6, the App does not integrate with, connect to, or transmit data to any third-party services, APIs, platforms, or external systems. The App does not embed third-party SDKs, libraries, or frameworks that collect or transmit user data. The User's interaction with Patreon is governed by Patreon's own privacy practices, over which the Developer has no control. The remote-control relay operates on Cloudflare's infrastructure; Cloudflare's privacy practices are governed by Cloudflare's own Privacy Policy and are limited to standard infrastructure-level processing (IP routing, DDoS protection) and do not involve access to encrypted payload contents.
Because the Developer does not collect or store any personal data, traditional data subject rights (such as rights of access, rectification, erasure, portability, or objection under GDPR, CCPA, or similar regulations) are inherently satisfied by the App's local-only architecture. All data is already in your exclusive possession on your device, and you may access, modify, export, or delete it at any time through the App's interface or your device's file management tools without any action required from the Developer.
The Developer reserves the right to modify this Policy at any time. The most current version of this Policy will always be available at this URL. Your continued use of the App following the posting of any revised Policy constitutes your acceptance of such changes. It is your responsibility to review this Policy periodically. Material changes will be reflected in an updated "Last updated" date at the top of this Policy.
For questions, concerns, or requests regarding this Privacy Policy, please contact the Developer via the Patreon page associated with the App.