Return to homepage

Privacy Policy

Privacy is one of the main objectives of Quivre's design.

A minimum of sensitive information is collected from you to support core functionality. And what is collected, is kept encrypted whenever possible (using your own secret password).

Quivre is fully GDPR compliant, and offers the same privacy to both EU and non-EU users.

I'd like this page to be as easy to understand as possible: please let me know if anything's unclear so that I can try improve it!

Personal data stored on Quivre

No personal data is ever shared with any 3rd parties!

What dataWhen it's collectedWhy it's collectedHow it's stored, and for how longComments
Part of your IP address (x.y.z.000)Automatically when you visit QuivreSecurity: rate-limiting, and to help detect malicious requestsOn my server, for 14 daysDoesn't directly identify you, but can identify your country and city
Your browser data (user agent)Automatically when you visit QuivreAnalytics: so I know which devices to optimise forOn my server, for 14 daysDoesn't directly identify you
Your email addressIf you choose to share it (optional)To allow email login or to allow notification emails when a partner shares their desiresOn my server, until your account is (auto) deletedNever used for any other other reason (marketing, spam, etc.)

Tracking, cookies

Quivre does not track you, and it does not enable any 3rd parties to track you. Quivre's only cookie is used only for secure authentication (when you log-in, and during the onboarding process).

A "session-style" authentication cookie is used that will expire if you close your browser, choose to log out, or after some hours of inactivity.

Storing your quiz answers

The storage method depends on if you choose to enable the optional email login or not.

  • With email login enabled

    All your Quivre data is stored on my server unencrypted by necessity. This is the traditional way that the vast majority of internet account data is stored, and allows a forgotten password to be reset.

  • With email login disabled

    This is a high-security option uniquely available to Quivre.

    Your answers to the Quivre quiz are associated with your Quivre code and are stored in 2 ways:

    • On my server, AES-encrypted using your secret password (which I do not store). Your encrypted answers are used to support updating your answers, and to support sharing desires when you and a partner both consent to do so.

      If this data is leaked, it's unreadable without your secret password. A forgotten password cannot be reset.
    • On my server, in an unencrypted format with random noise (for plausible deniability). This is used to support approximate matching without the need for consent.

      If this data is leaked, there's no way to tell for sure what any of your answers actually was without your secret password.

    Note that for extra privacy, you can also choose to keep your Quivre code private (i.e. just between you and your trusted partners). This way, even if there's a total data leak - there'll be no way to tell which (encrypted, or noisy) data even belongs to you.

    See the responsible use page for more details.

Data shared with other users

  1. When you give someone your Quivre code

    Anyone who has your code (meaning anyone you share it with, or anyone they share it with) can see:

    • Their approximate sexual compatibility with you (0 to 100%)
    • Your approximate overall kinkiness (0 to 100%)
    • Your approximate openness to trying things (0 to 100%)

    See the responsible use page for more details.

  2. When you consent to share desires

    You can optionally consent to share your sexual desires with a specific Quivre code (partner). You can choose to:

    • Share only mutual desires (things that both you and your partner are open to), or
    • Share everything (all your desires, regardless of your partner's answers).

    If you and your partner both consent, then you'll each be able to see the relevant desires for exactly 8 days. After 8 days, this data will be automatically deleted.

Anonymous community statistics

Your quiz answers may be combined with answers from other users to generate aggregated, anonymous community statistics.

This data is made public, and intended for fun/curiosity. There's no way to infer anything about you in particular from the public aggregate data.

Personal correspondence

If you send me a direct message (e.g. by email, contact form, or social media), I'll normally archive the message along with with whatever personal information was included in/with the message (e.g. your email address).

If you'd prefer I instead delete a message after receipt, please just mention so in the message.

Account security

It is solely your responsibility to ensure that you keep private any credentials used to log in to your Quivre account.

If you have a Quivre password, use a strong password (some minimums are enforced) and keep your password private.

If you have email login enabled, use a strong email password, and follow any other security recommendations from your email provider.

Export or delete your data

You can export and/or permanently delete all your data on Quivre at any time by logging in and going to your account options (coming soon, in the meantime please contact me).

Note that for security, you must be authenticated (logged in) to do this.

Important: if you have not enabled email login and you forget your password - I cannot help you to delete or export your data.

Automatic data expiration

As a security measure, all your data (including your answers to the Quivre quiz) will be automatically deleted if you don't log in for more than 18 months.

Technical security measures

Quivre is designed, built, and deployed following conservative security best practices including:

  • Forced strong HTTPS everywhere with HSTS (preload).
  • Minimal, single-tenant hardened server deployment with 2FA SSH access, hosted in Germany under EU data protection laws.
  • Updated, mature server software including: NGINX, JVM 10, etc.
  • Modern browser protections incl. anti CSRF/XSS, CSP, strict transport security, etc.
  • Solid, standard, well-understood, open source cryptography: nothing fancy, nothing home-rolled.
  • Scrypt key derivation (strong N=18 for quiz answers).
  • Bug bounty program.
  • Coming later: 2FA (2-factor authentication) support.