Legal
Privacy Policy
Last updated May 23, 2026 • Effective May 23, 2026
The short version
Your IntiSafe content is end-to-end encrypted. We can't read it.
We collect only what we need to run the service: account info, billing details, and basic usage data.
We don't sell your data. Ever.
We don't use your content to train AI or for advertising.
Your project records remain yours — accessible in read-only mode even if your account is inactive or closed, until you ask us to delete them.
You have the right to access, correct, export, or delete your data — just ask.
This policy applies to you wherever you are in the world. If your local law gives you additional rights, we'll honor them.
When you upload performer information, you are the data controller for that data. IntiSafe processes it on your behalf. Your local legal obligations as a controller are yours to meet.
1. Who We Are
This Privacy Policy explains how CINTIMA LLC, a California limited liability company ("IntiSafe," "we," "us," or "our"), collects, uses, and protects information when you use the IntiSafe platform, website, or related services.
IntiSafe is available to users anywhere in the world. This policy applies regardless of where you are located, and we aim to honor applicable privacy rights under local law wherever you use the platform.
This policy applies to:
• Visitors to intisafe.app
• People who sign up for our newsletter or contact us
• Customers who purchase Early Access or a paid subscription
• Users of the IntiSafe application
2. What We Collect
We collect different categories of information depending on how you interact with IntiSafe.
2.1 Information You Give Us Directly
Account information — Name, email address, country, professional role
Billing information — Payment details (processed by Stripe — we never see your card number), billing address, transaction history
Communications — Messages you send via our contact form, support requests, feedback, survey responses
Newsletter signups — Email address, name, country, role
2.2 Your Encrypted Content
When you use IntiSafe, you may upload content including scripts, scene notes, rider documentation, performer information, and production records ("Your Content"). Your Content is encrypted on your device before it reaches our servers. We store the encrypted data, but we cannot read it. Only you — and people you explicitly share with — hold the keys to decrypt it.
You represent that you have the authorization to upload and process all content you submit, including production materials received in the course of a professional engagement. We do not verify the ownership or licensing status of content you upload; that responsibility rests with you.
A note about performer data: Your Content typically includes personal information about third parties — performers, cast members, and production personnel. This may include sensitive information such as physical characteristics, body exposure consents, and health conditions relevant to intimacy work. Under privacy laws in many jurisdictions (including GDPR in the EU and UK), this type of information is classified as sensitive or special category personal data and carries additional protections.
When you upload and process performer data through IntiSafe, you are acting as the data controller for that data — you determine what is collected, why, and how it is used. IntiSafe acts as your data processor, handling that data on your behalf and under your direction. This relationship exists regardless of whether you are a US-based IC working domestically, a local IC hired by a foreign production shooting in your country, or a US IC on an overseas shoot. Your obligations as a data controller under applicable local law — including obtaining appropriate consent from performers and maintaining records in compliance with applicable regulations — are yours to meet. IntiSafe's end-to-end encryption is designed to support those obligations, not substitute for them.
If you are working in a jurisdiction that requires a written Data Processing Agreement between you (as controller) and your software providers (as processors), a DPA is available from IntiSafe on request. Contact support@intisafe.app.
2.3 Information Collected Automatically
When you visit our website or use the platform, we automatically collect:
• Device and connection data: IP address, browser type, operating system, device identifiers
• Usage data: Pages visited, features used, time spent, referring URLs, click patterns
• Cookies and similar technologies: See Section 8 for details
2.4 Information from Third Parties
We may receive information about you from:
• Stripe — payment confirmation and basic transaction details
• Loops — newsletter and contact form submission data
• Google Analytics — aggregated website usage statistics
3. How We Use Your Information
We use the information we collect to:
• Provide, operate, and improve the IntiSafe platform
• Process payments and manage your subscription
• Send service-related communications (account confirmations, billing receipts, security notices)
• Send marketing communications you've opted into (newsletter, product updates) — you can unsubscribe at any time
• Respond to your support requests and feedback
• Detect, prevent, and address fraud, abuse, security issues, and technical problems
• Comply with legal obligations
• Understand how the platform is used so we can make it better (using aggregated, non-identifying data)
What we don't do:
• We don't sell your personal information to anyone
• We don't use Your Content to train AI models
• We don't share your data with advertisers
• We don't read or analyze the contents of your encrypted files
4. Legal Bases for Processing (GDPR)
If you're in the European Economic Area, United Kingdom, or Switzerland, we process your personal data on the following legal bases:
• Contract: To provide the service you signed up for
• Legitimate interests: To improve the platform, ensure security, and prevent fraud — balanced against your privacy rights
• Consent: For marketing communications and non-essential cookies (you can withdraw consent at any time)
• Legal obligation: To comply with applicable laws, court orders, and regulatory requirements
5. Who We Share Information With
We share information only with the parties below, and only for the purposes described.
Stripe — Payment processing — Name, email, billing address, payment details
Loops — Email and CRM (newsletter, contact form, transactional emails) — Email, name, role, country, message content
Framer — Website hosting — Standard server logs (IP, browser, page views)
Google Analytics — Website usage analytics — Anonymized usage data, IP-truncated
We may also share information when required by law (court orders, subpoenas, regulatory requests), to protect our rights and the safety of our users, or in connection with a business transfer (merger, acquisition, sale of assets) — in which case we'll notify you and you'll have the option to delete your account.
About law enforcement requests: Because Your Content is end-to-end encrypted, we cannot provide it in readable form to anyone — including law enforcement — even if compelled by court order. We can only produce what we hold: encrypted data plus account metadata (name, email, billing records).
6. International Data Transfers
IntiSafe is operated from the United States. If you are using IntiSafe from anywhere outside the U.S. — whether you are an IC based abroad, a local IC hired by a foreign production, or a US IC working on an overseas shoot — your account information and usage data will be transferred to, stored, and processed in the United States.
For users in the European Economic Area, United Kingdom, or Switzerland, we rely on Standard Contractual Clauses approved by the European Commission to ensure your data receives adequate protection when transferred to the U.S.
For users in Canada, we process personal information in accordance with the purposes described in this policy and in a manner consistent with applicable Canadian privacy law, including PIPEDA and Quebec's Law 25 where applicable.
For users in Australia, we handle personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles.
For users in all other countries, your data is processed in the U.S. in accordance with this Privacy Policy. Where your local law requires additional protections or transfer mechanisms, contact us at support@intisafe.app and we will work with you to address them.
Note: Your Content — scripts, rider documentation, performer records — is end-to-end encrypted before it leaves your device. The transfer protections described above apply to your account metadata and usage data, not to the encrypted content itself, which we cannot access regardless of where it is stored.
7. How Long We Keep Your Data
We retain personal information only as long as necessary for the purposes described in this policy.
Account information — While your account is active; account records retained as needed for legal and billing purposes following closure
Encrypted content — Retained indefinitely in read-only mode following account closure or inactivity. We will not delete your project data without your affirmative written request. Upon request, deletion is completed within 30 days.
Billing records — Up to 7 years, as required by tax and accounting regulations
Newsletter subscriptions — Until you unsubscribe
Contact form submissions — Up to 2 years, then deleted unless an ongoing matter requires retention
Website analytics — Up to 26 months (Google Analytics default)
Your project records are yours. IntiSafe treats production documentation as legal records. Even after your account is closed or your subscription lapses, your projects remain accessible to you in read-only mode and are exportable in PDF or JSON format at any time, at no charge. We will not delete project data without your explicit written request.
8. Cookies and Tracking
Our website uses cookies and similar technologies.
8.1 Essential Cookies
These are required for the website to function — for example, remembering whether you've dismissed a banner or maintaining your session if you're logged in.
8.2 Analytics Cookies
We use Google Analytics to understand how visitors use the site (which pages are popular, where people drop off, etc.). This helps us improve the experience. We've configured Analytics to anonymize IP addresses and disable advertising features.
8.3 Your Choices
• Reject non-essential cookies through our cookie banner
• Configure your browser to block or delete cookies (note: this may break some site functionality)
• Opt out of Google Analytics by installing the Google Analytics opt-out browser add-on
9. Your Privacy Rights
9.1 Rights for Everyone
Regardless of where you live, you can:
• Access the personal information we hold about you
• Correct information that's inaccurate
• Request deletion of your account and associated data
• Export your data in a portable format
• Unsubscribe from marketing emails (link in every email, or by emailing us)
To exercise these rights, email support@intisafe.app. We'll respond within 30 days.
9.2 Additional Rights for California Residents (CCPA / CPRA)
If you're a California resident, you have the right to:
• Know what personal information we collect, use, and disclose
• Request deletion of your personal information
• Correct inaccurate personal information
• Opt out of the sale or sharing of personal information (we don't sell or share, but the right exists)
• Limit the use of sensitive personal information
• Be free from discrimination for exercising these rights
You can submit requests by emailing support@intisafe.app. We may need to verify your identity before fulfilling certain requests.
9.3 Additional Rights for EU/UK/Swiss Residents (GDPR)
If you're in the EEA, UK, or Switzerland, you also have the right to:
• Restrict or object to certain processing
• Withdraw consent at any time (for processing based on consent)
• Lodge a complaint with your local data protection authority
9.4 Rights for Users in Other Jurisdictions
Privacy law is active in many countries beyond the EU and California. If you are located in Canada, Australia, Brazil, South Africa, or anywhere else with applicable data protection law, your local law may give you rights similar to those described above — including rights of access, correction, deletion, and complaint.
We will honor reasonable requests made under applicable local law. Contact support@intisafe.app and identify the rights you are seeking to exercise. We'll respond within 30 days.
10. Children's Privacy
IntiSafe is not directed to children under 18, and we do not knowingly collect personal information from anyone under 18. If you believe we've collected information from a minor, contact us at support@intisafe.app and we'll delete it.
11. Security
We take security seriously. Our protections include:
• End-to-end encryption for all content stored in IntiSafe — your data is encrypted on your device before it reaches us
• Encrypted connections (TLS/HTTPS) for all data in transit
• Limited employee access to systems containing personal data, on a need-to-know basis
• Regular security reviews of our infrastructure and code
No system is completely secure. In the event of a data breach that affects your personal information not protected by end-to-end encryption, we will notify you and the appropriate authorities as required by applicable law, including California Civil Code § 1798.82, without unreasonable delay.
12. Changes to This Policy
12.1 We may update this Privacy Policy from time to time.
When we make material changes, we'll notify you via email or through the platform at least thirty (30) days before the changes take effect, and update the "Last updated" date at the top of this page. For minor changes (clarifications, formatting), we'll update the date without separate notification.
12.2 Immediate changes.
Notwithstanding the above, we may update this Policy with immediate effect where required by applicable law or regulation, or where necessary to address a security vulnerability or threat to the platform or its users. In those cases, we will notify you as promptly as reasonably practicable and update the "Last updated" date at the top of this page.
13. Do Not Track
Some browsers offer a "Do Not Track" signal. There is currently no industry standard for how to interpret these signals, so we do not respond to them. Instead, we offer the cookie controls and privacy rights described in Sections 8 and 9.
14. Contact
Questions, concerns, or privacy requests? Reach out to:
CINTIMA LLC
support@intisafe.app
If you are located outside the U.S. and are not satisfied with our response to a privacy request, you may have the right to lodge a complaint with your local data protection or privacy authority.