← Back to The Scene
v1.2 · Updated 17 April 2026

Privacy Policy

What we collect, how we protect it, and what we will not do with your data. Written for humans, not lawyers.

The Scene
Version: v1.2 (self-drafted, self-reviewed; scheduled for external legal review 2027-01-15 or first revenue, whichever comes first)
Last updated: 2026-04-17
Effective date: (TBD, goes live when The Scene opens to beta testers)

1. Who we are

The Scene is a compatibility-first dating and community app being built for the kink community. We are a pre-launch project based in Sydney, Australia, operated by a sole founder who is not yet incorporated as a company (see our public writing on the decision to register as an Australian company post-launch).

There is no individual founder face attached to The Scene in public communications. This is a deliberate brand decision and has nothing to do with hiding accountability. Our accountability mechanism is this document, our Community Guidelines, and our public commitments in the "Trust is the floor" principles document at thescenedatingapp.com/blog/trust-is-the-floor.

In this policy, "we", "us", and "our" means "the team building The Scene."

2. What this policy covers

This policy covers:

  • The Scene mobile app (Android first, iOS later)
  • Our website at thescenedatingapp.com and any subdomains
  • Our support page at thescenedatingapp.com/support
  • Any other digital surfaces where The Scene's brand appears

This policy does NOT cover:

  • External services we link to (Lifeline, 1800RESPECT, KAP, DanceWize, Curious Creatures, and any other service listed on our support page). Each of those services has its own privacy practices.
  • Third-party sites reached by links in user-generated content (member bios, messages, etc.). We are not responsible for their privacy practices.
  • Platforms where The Scene maintains a brand presence (Twitter/X, Reddit, Mastodon, FetLife). Those platforms have their own privacy policies you should read.

3. What we collect, and why

Every piece of data described below is stored in our Supabase database, which is hosted on cloud infrastructure in the Asia-Pacific region. Every table has Row Level Security (RLS) enabled, which means the database itself enforces who can read and write what, independently of what our application code does.

Here is a complete list of what we collect, mapped to the actual tables in our database, in plain English.

3.1 Account and profile data (profiles table)

When you sign up, we collect:

  • Your email address (from your Google or email sign-up flow, stored in Supabase Auth)
  • A display name (this can be a pseudonym, we don't require legal names)
  • Your date of birth (required, used to verify you are over 18 and for matching filters)
  • Your gender (self-described, free text; can be kept private)
  • Your orientation (self-described, free text; can be kept private)
  • Your experience level (how long you've been in the scene)
  • What you are looking for (dating, casual, community, friendship, etc.)
  • A short bio (free text, optional)
  • A location (latitude, longitude, and a location name like "Sydney", see section 3.6 below for precision and handling)
  • One avatar image and up to several public profile photos
  • A separate set of private photos that are only revealed to matched users
  • A push notification token (for sending you app notifications you've opted into)
  • Internal flags like whether you've finished the consent course, whether your profile is visible in discovery, and whether you're on the free or premium tier

We use this data to:

  • Build your profile card that other members see during discovery
  • Verify you are over 18
  • Run the matching algorithm against other profiles in your area
  • Send you push notifications for matches and messages (only if you've enabled notifications)
  • Apply your premium features if you are on the premium tier

We do NOT use this data to:

  • Target advertising to you (we do not run advertisements)
  • Share with third parties so that those parties can market to you

We may use aggregated, anonymised data for research purposes. You can opt out at any time via the consent_ai_training setting in your account preferences. See section 4 for a full description of our position on data use, including business transfers.

3.2 Kink preference data, special category (quiz_responses, kink_scores, hook_quiz_results tables)

This section is the most sensitive part of the policy and we are writing it explicitly.

When you complete the compatibility quiz on The Scene, we collect:

  • Your response to each quiz question (which activity, what interest level, what experience level, and what role preference)
  • The six-tier interest level you assigned: Essential, Exciting, Intriguing, Willing, Dislike, or Hard Limit
  • Your hard limits list and essentials list (stored as arrays on your kink_scores row)
  • Your per-category aggregated scores across the 18 scoring categories (dominance, sexual activity, toys, aftercare, sensation, bondage, impact, breath play, humiliation, body torture, fetish, names, phrases, scenes, service, voyeurism, fluids, body/dress, third parties)
  • The results of any hook quizzes you've taken (the top result and the full score breakdown)

This is special category personal data. Under the Australian Privacy Act 1988 (Australian Privacy Principles 3 and 6), it counts as "sensitive information" and we need your explicit consent to collect it. Under the EU General Data Protection Regulation (Article 9), it counts as "special category data" and requires explicit consent even more strictly.

We handle it as follows:

  • Explicit consent. When you sign up, you explicitly agree to the processing of kink preference data for the purpose of compatibility matching. This agreement is the core consent, and you cannot use the matching features without it. You can withdraw it at any time by deleting your account.
  • Separation of data. Your kink preference data is stored in dedicated tables (quiz_responses, kink_scores, hook_quiz_results) that are governed by their own RLS policies. These policies allow only you to read and modify your own rows. No other user, and no third party, can query this data.
  • Per-category visibility. You decide which categories appear on your profile and which stay private. You can mark each of the 18 categories as public, match-only, or private, and this setting is enforced at the database query layer, not just at the UI.
  • Hard limits are absolute. Your hard limits are used by the matching algorithm to clamp match scores with incompatible profiles. This is described in detail in our public "How hard limits work" writing at thescenedatingapp.com/blog/how-hard-limits-work.
  • Limited secondary use. Your kink preference data is used primarily for running the matching algorithm against other users. It is not used for advertising and it is not shared with any third party for marketing purposes. We may use aggregated, anonymised data for research purposes. You can opt out at any time via the consent_ai_training setting in your account preferences. Aggregated, anonymised data, and data transferred as part of a merger, acquisition, or asset sale as described in section 4, may be used in ways other than direct matching. We do not make an absolute commitment that data will never be transferred or commercialised under any circumstance.
  • Encryption at rest. Every row in these tables is encrypted on disk by the database infrastructure. Encryption keys are held by Supabase and rotated under their own security policy.

If you are ever uncomfortable with the idea of kink preference data being on a platform, the right response is to not sign up. We would rather you make an informed choice not to use The Scene than feel surprised later about what we knew.

3.3 Matching and interaction data (matches, swipes, daily_actions tables)

When you use the discover feed, we record:

  • Every profile you see and every action you take on it (like, pass, or shooting star)
  • Matches you form (when two users like each other)
  • Compatibility scores calculated between you and other profiles
  • How many swipes or shooting stars you've used on a given day (to enforce the free-tier daily limits)

We use this data to:

  • Show you people you haven't already seen
  • Prevent spam and rate-limiting abuse
  • Run the daily free-tier limits (20 profiles per day for free accounts)

We never show your swipes or likes back to another member. The other person does not know you passed on them unless they also passed on you and the match never formed.

3.4 Messages (messages table)

When you message a matched user:

  • We store the message content in our database, encrypted at rest
  • We store the timestamp, sender, and match context
  • We store a read receipt timestamp when the recipient opens the conversation

We do not currently offer end-to-end encryption for messages. This means that in principle, a moderator with database access could read a message. In practice, the only person with database access right now is the sole founder, and we do not read your messages. The moderation response to a report of harassment will include reading the reported message, and only the reported message, to investigate. Nothing else.

We will add end-to-end encryption in a future version. That is a commitment, not a promise. It will happen when we can ship it properly, not before. Until then, we are transparent about the limitation in this policy rather than pretending we have more privacy than we do.

3.5 Photos and private photos (profiles.photos, profiles.private_photos, Supabase Storage)

Profile photos and private photos are stored in Supabase Storage, in a bucket called avatars.

  • Public profile photos are served via public URLs that anyone with the URL can access. The bucket enforces that nobody can list the contents of the bucket (we fixed this listing leak on 2026-04-15), so photos are only reachable by members who have been shown them through the app.
  • Private photos are a separate collection attached to your profile but delivered via signed URLs that are generated per-request, authenticated, and short-lived. A signed URL works for a matched user who has been authorised to view your private photos and stops working within minutes. A screenshot of the URL cannot be reused.
  • Blurred previews. Before your match hits "reveal," they see a blurred version of the private photo. The blur is a separately-generated lower-resolution image, not a CSS filter over the full-resolution one. The full-resolution image is not on their device until the server confirms they are authorised.

Technical details are in our public writing at thescenedatingapp.com/blog/private-photos-and-signed-urls.

3.6 Location data (profiles.location_lat, location_lng, location_name)

We store your location as two numbers (latitude and longitude) plus a human-readable name (like "Sydney").

  • Location is captured at signup from the location you confirm, not continuously tracked
  • We do not monitor your real-time movement
  • We use the coordinates to calculate distance to other profiles for the discover feed
  • The numeric precision we store is sufficient to put you in the right suburb but not to a specific address. In practice this is a city-level signal with a neighbourhood hint.
  • Your location coordinates are readable by other members for the distance calculation, but no other member can see your exact coordinates. They see a calculated distance ("5 km away") rendered on their client.
  • You can change or clear your location at any time in Settings

3.7 Device and diagnostic data

When you use the app, our analytics and error-reporting services (if you consent) may collect:

  • Your device type (Android model, iOS device, web browser)
  • Your app version
  • Your operating system version
  • Crash reports and stack traces (with personally identifiable information scrubbed before sending)
  • Usage events (which screens you visited, which features you used, anonymised and without identifying content)

This collection is opt-in. If you toggle consent_analytics off during signup, none of this gets sent anywhere. If you toggle it on, data goes to PostHog (analytics) and Sentry (error reporting), both of which are third-party services we use under data processing agreements.

3.8 Consent preferences (consent_preferences table)

When you sign up, we collect four separate consent flags:

  • consent_core (required, default true): the core consent to process your account and kink preference data for matching. You cannot use the app without this. This is not a dark pattern; it is simply the thing the app does.
  • consent_analytics (optional, default off): whether we can collect anonymised analytics and crash reporting data (section 3.7).
  • consent_ai_training (optional, default off): whether we may use your anonymised data for research purposes, including improvement of the matching algorithm. If you toggle this off, your data is excluded from such research. You can change this setting at any time in your account preferences.
  • consent_marketing (optional, default off): whether we can email you about new features, campaigns, or events.

We also store the timestamp when you gave consent and the version of the terms you agreed to, so that if we ever change the terms, we know what you originally agreed to.

You can change any of these flags at any time in Settings.

Changing them will update the consent_preferences row immediately. If you disable analytics after previously enabling it, we stop sending new data. Data already collected remains in analytics providers' systems until our periodic retention cycle removes it (see section 8 below).

3.9 Reports and blocks (reports, blocks tables)

If you report or block another user, we store:

  • Who did the reporting or blocking
  • Who was reported or blocked
  • The reason category (harassment, fake profile, underage, non-consensual, spam, other)
  • Any additional details you provide
  • The status of any report (pending, reviewed, resolved, dismissed)
  • The timestamp

We use this to:

  • Investigate reports and take appropriate moderation action
  • Enforce block lists bidirectionally (neither party will see the other in discovery)
  • Detect patterns of abuse

Reports that mention incapacitated consent, harassment, non-consensual behaviour, or any form of safety concern are handled through our specific moderation protocol. See the Community Guidelines for details.

3.10 Notifications, badges, and trust signals (notification_prefs, user_badges tables)

We store:

  • Your notification preferences (whether you want push notifications for new matches, new messages, shooting stars, and marketing)
  • Any badges you have earned (Consent Certified, age verified, education course completions, and others)

Badges are visible on your profile to other members. Notification preferences are private.

4. How we use and do not use your data

Explicit list, so there is no ambiguity:

  • Advertising. We do not use identifiable personal data to target advertising to you, and we do not run advertisements on the platform.
  • Aggregated, anonymised research. We may use aggregated, anonymised data for research purposes, including improvement of the matching algorithm and analysis of platform health. You can opt out at any time via the consent_ai_training setting in your account preferences. When such data is used, it is stripped of identifiers.
  • Paid promotion in the feed. We have committed publicly to not running paid promotion in the discovery feed (see "Trust is the floor" principle 6). Premium provides additional features. It does not provide visibility priority.
  • Sharing with third parties for their own marketing. We do not share identifiable personal data, including kink preference data, with third parties so that those parties can market to you.
  • Business transfers. In the event of a merger, acquisition, reorganisation, or sale of some or all of our assets, user data may be transferred as part of that transaction to the acquiring or successor entity. Where such a transfer would cause your data to become subject to a different privacy policy, we will notify you before that change takes effect so that you have the opportunity to delete your account.
  • Referral services. We do not take money from any service we refer you to (see "Trust is the floor" principle 8). Any mental health, harm reduction, or educational service we link to on our support page is there because we trust them, not because they paid. This is a binding public commitment.
  • Law enforcement. We do not provide your data to law enforcement without a valid legal process. A court order, a subpoena, or a legally mandated report under Australian law is the threshold. An informal request from an officer is not sufficient.
  • Message content. We do not monitor your messages for content unrelated to a specific report. If you are harassed and report it, we read the reported conversation to investigate. We do not scan all conversations for keywords and we do not train third-party advertising classifiers on your messages.

We do not make an absolute promise that your personal data will never be sold, transferred, or commercialised under any circumstance. The categories above describe the routine commitments we are prepared to stand behind. Business transfers, legal compulsion, and aggregated anonymised use are not excluded by those commitments.

5. Who sees what

5.1 Other members

Other members of The Scene can see:

  • Your public profile (display name, bio, photos, location distance, experience level, looking-for, and the categories you have marked public)
  • Your badges
  • The fact that you have completed the consent course (if you have earned the Consent Certified badge)

Other members cannot see:

  • Your email address
  • Your date of birth (only the age derived from it appears on your profile)
  • Your exact location coordinates
  • Your hard limits list or essentials list
  • Any category you have marked private
  • Any category you have marked match-only, unless you are matched with them
  • Your private photos, unless you are matched and have revealed them
  • Your messages with other members
  • Who you have swiped, liked, or passed on
  • Your reports, blocks, or moderation history

5.2 Matched members

Once you match with someone, they additionally see:

  • The categories you have marked match-only
  • Your private photos, once you reveal them
  • Your messages within your shared conversation

They do NOT gain access to anything you have marked private.

5.3 Archive content

The Scene includes an archive layer where past entries you have chosen to keep (for example, superseded quiz answers, older photos, prior profile text) are stored on your account. Archive content is hidden from the discovery feed and from your public profile by default. It is not a secure vault and we do not describe it as a tamper-evident history log. You may choose to share archived content selectively with a matched user, or make specific archived items public on your profile, at your discretion. Any archived content you share becomes subject to the same visibility rules as the tier to which you have shared it. You remain the source of truth for what moves out of the archive.

5.4 Our team

Right now, the only person with database access is the sole founder. We do not read your data, your quiz responses, your messages, or your photos in the normal course of running the app.

The specific circumstances in which a founder or moderator would view your data:

  • You file a support request: the founder reads the request and any specific data you reference in it.
  • You are reported by another member: the moderator reads the report and the specific interaction referenced, but not unrelated data.
  • You report another member: same as above.
  • A legal process requires it: a court order or subpoena compels disclosure of specific data, and we comply with the minimum required.

When any of the above happens, the access is logged. Once we grow beyond a single founder, we will add explicit access controls and audit logs and update this policy accordingly.

5.5 Service providers

We use a small number of third-party services to run The Scene. Each is bound by data processing agreements with reasonable privacy protections.

  • Supabase (database, authentication, storage, edge functions): our core backend. Data is stored in the Asia-Pacific region.
  • RevenueCat (subscription management): receives subscription-related metadata, not your kink preference data.
  • PostHog (analytics): only receives data if you have enabled consent_analytics. All data is anonymised with PII scrubbing before sending.
  • Sentry (error reporting): only receives data if you have enabled consent_analytics. All data is anonymised with PII scrubbing before sending.
  • Google Workspace (our admin@thescenedatingapp.com email): standard Google Workspace data handling applies.
  • Resend (transactional email): only receives your email address and the content of the email we are sending you.
  • Yoti (age verification): receives a photo of your face and an ID document for verification purposes only. Yoti's retention and handling of this data is governed by their own privacy policy at yoti.com.

None of these providers are paid for access to your data. They are paid for the services they provide to us. If any provider changes in a way that affects your privacy, we will update this policy and notify you.

6. Age verification

The Scene is strictly for users aged 18 and over.

As of March 2026, Australian law requires platforms hosting adult content to verify user age. We comply with this requirement by using Yoti, a third-party age verification service. When you sign up:

  1. You enter your date of birth during account creation
  2. Before you can access adult content or match with anyone, you are asked to complete age verification through Yoti
  3. Yoti asks you to scan an ID document and take a selfie
  4. Yoti returns a simple yes/no result to The Scene: "this person is over 18" or "this person is not"
  5. Yoti retains the underlying documents according to its own data retention policy (see yoti.com/privacy)
  6. The Scene retains only the result ("verified" or "not verified"), a timestamp, and a badge on your profile

If age verification fails, your account cannot complete onboarding. If you believe your verification was wrongly rejected, contact us at admin@thescenedatingapp.com and we will investigate.

If we discover that a verified account actually belongs to someone under 18, the account is immediately terminated, all associated data is deleted, and (where Australian law requires it) we report to the relevant authorities.

7. How we protect your data

Practical, concrete measures we take:

  • Row Level Security (RLS) is enabled on every single table in our database. This means that even a direct API call to the database with an authenticated user token cannot read rows that do not belong to that user, because the database itself enforces per-row access.
  • The avatars bucket blocks anonymous enumeration. The listing leak was fixed on 2026-04-15 after it was identified in a security audit on the same day.
  • Private photos are served via signed URLs with short expiry times. No permanent URLs to private content exist.
  • Per-category visibility is enforced at the database query layer, not in the UI. Hiding something in the UI while leaving it in the payload is a failure mode we explicitly designed against.
  • Hard limits in matching are clamped at the math layer, not at the filter layer. The matching algorithm respects your hard limits regardless of what the UI shows.
  • Password requirements are 12 characters minimum. Email verification is required. 2FA is recommended and supported.
  • Transport encryption (TLS 1.2+) protects all data in transit between your device and our servers.
  • At-rest encryption protects the database on disk.
  • Moderation response follows a documented protocol with named escalation paths for safety-critical reports.
  • Independent security audits. The first full security audit of The Scene's database happened on 2026-04-15, identified 5 critical RLS holes, and those holes are now closed. The next audit will happen before any beta tester is admitted.

None of the above is a promise that we will never be breached. Every security posture eventually fails. What we commit to is acting quickly, telling you specifically what happened, documenting it in our public changelog, and fixing the cause.

8. How long we keep your data

  • Active account data is kept for as long as your account exists.
  • Deleted account data is permanently removed within 30 days of your deletion request. Anything that is legally required to be retained longer (for example, evidence of a reported safety incident) is kept only as long as strictly necessary.
  • Anonymised aggregate data may be retained for analytics and performance improvement, but only if you have enabled consent_analytics. If you revoke that consent, new data stops being collected. Existing anonymised data cannot be de-anonymised back to you, so we do not remove it when consent is revoked.
  • Audit logs of moderator actions and access are kept for 12 months, then deleted.
  • Age verification records are kept as required by the Online Safety Amendment. Currently this means the verification result and timestamp are retained for the lifetime of the account.

9. Your rights

You have the following rights over your data. We will respond to any of these requests within 30 days.

9.1 The right to know what we have

Where required by law (for example, under Australian Privacy Principle 12 or GDPR Article 15), we will respond to formal access requests in accordance with our statutory obligations. Access requests must be submitted in writing to admin@thescenedatingapp.com and will be handled within the timeframes set by the applicable statute. We do not offer a self-service export feature, and we do not promote data export as a product feature. Our response to a statutory access request is limited to what the relevant law compels us to provide.

9.2 The right to portable data

Where required by law (for example, under GDPR Article 20), we will respond to formal data portability requests in accordance with our statutory obligations. Portability requests must be submitted in writing to admin@thescenedatingapp.com. We do not advertise data portability as a promoted product feature and we do not maintain a self-service export mechanism. Our response is limited to the categories of data to which the statutory right applies.

9.3 The right to correct

If any of your profile information is wrong, you can correct it directly in the app. For information you cannot directly correct (for example, an internal status flag), email us with the correction and we will update it.

9.4 The right to delete

You can delete your account at any time from Settings, then Delete account. This is permanent. Within 30 days, all your data is removed from the active database. Anonymised aggregate data (if you enabled analytics) may persist in the analytics provider's systems.

9.5 The right to withdraw consent

Any optional consent (consent_analytics, consent_ai_training, consent_marketing) can be toggled off in Settings at any time. The core consent (consent_core) cannot be withdrawn while your account is active. Withdrawing it is equivalent to deleting the account, and we will do so on request.

9.6 The right to complain

If you believe we have mishandled your data, you have the right to lodge a complaint with a privacy regulator:

  • Australia: Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or 1300 363 992
  • European Economic Area: your local Data Protection Authority
  • United Kingdom: the Information Commissioner's Office (ICO) at ico.org.uk

You can also complain directly to us first, at admin@thescenedatingapp.com. We would strongly prefer to hear about it before it reaches a regulator, not because we want to avoid the regulator, but because we want to fix the problem.

10. International transfers

The Scene's database is hosted by Supabase in the Asia-Pacific region (ap-northeast-2, specifically). If you use The Scene from a country outside the Asia-Pacific region, your data is transferred to our database in that region.

For users in the European Economic Area, the United Kingdom, or other GDPR-adjacent jurisdictions, this transfer is covered by standard contractual clauses or equivalent legal safeguards. If this is unacceptable to you, we understand, and we respectfully suggest you do not sign up for The Scene until we are able to offer regional hosting.

11. Cookies and tracking

11.1 In the app

The Scene mobile app does not use browser cookies. The app stores a session token in secure storage on your device for authentication purposes. This token is sent to our backend on every request you make. No advertising or tracking identifiers are collected.

11.2 On the website

The website at thescenedatingapp.com currently uses no cookies and no third-party analytics trackers. If that changes in a future version, we will update this policy and notify you.

12. Children under 18

The Scene is strictly for users aged 18 and over. We enforce this with age verification (see section 6).

If we become aware that an account belongs to someone under 18, we terminate the account immediately, delete all associated data, and report to relevant authorities where Australian law requires us to.

If you are a parent or guardian and believe a minor has created an account on The Scene, please contact us immediately at admin@thescenedatingapp.com. We will investigate and take action within 24 hours.

13. Changes to this policy

We may update this privacy policy from time to time. When we make material changes (changes that affect what we collect, how we use it, or your rights):

  • We will update the "Last updated" date at the top
  • We will bump the version number
  • We will send a notification within the app before the change takes effect
  • For major changes that affect your consent, we will ask you to re-confirm consent the next time you log in

Continued use of The Scene after a change takes effect means you accept the updated policy. If you do not accept the update, you can delete your account at any time.

For historical transparency, older versions of this policy will be archived at thescenedatingapp.com/privacy/archive.

14. Our binding commitments

The Scene has made public commitments that are binding on the platform. They appear here so they can be enforced by you as users.

  1. Consent is the floor, not the ceiling. The mandatory consent course is the entry door. We will not remove or shorten it below 15 minutes without a full member consultation.
  2. Hard limits are absolute. The matching algorithm clamps scores when there is a hard-limit conflict. We will not change this to a soft-weight approach.
  3. Education is the price of entry. The glossary and consent course are mandatory. We will not paywall them.
  4. Privacy is power. Per-category visibility and signed-URL private photos are permanent features. We will not weaken them.
  5. Density beats scale. We launch in one city first and expand deliberately. We will not chase scale at the cost of density.
  6. No paid promotion in the feed. Premium gets you features. It never gets you visibility priority over more compatible members.
  7. No founder face. Public representation of The Scene is always from "The Scene team," never from a named individual.
  8. No money from treatment providers. We will never accept payment from any therapist directory, crisis line, or referral service we link to.

If we ever break commitments 6 or 8, you should leave the platform and tell people why.

15. Contact us

For any question, complaint, correction request, data access request, or anything else privacy-related:

Email: admin@thescenedatingapp.com

Response time: We aim to respond to any privacy inquiry within 3 business days and resolve any request within 30 days.

Postal address: (To be updated when The Scene registers as an Australian company. For now, contact is email only.)

16. If you need help we can't give

This is a privacy policy, not a support guide, but we want to be explicit: The Scene is not a mental health service and we cannot intervene in a crisis. If you or someone you know is in crisis right now, these services are free, confidential, and qualified for the conversation:

  • Lifeline: 13 11 14 (24/7 crisis support)
  • 1800RESPECT: 1800 737 732 (24/7 sexual assault, domestic and family violence counselling)
  • Beyond Blue: 1300 22 4636 (24/7 depression and anxiety support)
  • QLife: 1800 184 527 (LGBTQIA+ peer support, 3pm to midnight)
  • 13YARN: 13 92 76 (24/7 Indigenous crisis support)
  • ADIS NSW: 1800 250 015 (24/7 alcohol and drug support)
  • Emergency services: 000 (if life is in immediate danger)

For a more complete list, see thescenedatingapp.com/support.

17. Australian Privacy Act compliance note

This policy is drafted in reference to the Australian Privacy Act 1988 and the 13 Australian Privacy Principles (APPs). Specifically:

  • APP 1 (open and transparent management): This policy, the Community Guidelines, and our public writing at thescenedatingapp.com/blog fulfil our APP 1 obligations
  • APP 2 (anonymity and pseudonymity): We explicitly support pseudonymous display names. You are not required to use your legal name
  • APP 3 (collection of solicited personal information): We only collect information we need to run the service. Sensitive information (kink preferences, sexual orientation) is collected with explicit consent per APP 3.3
  • APP 4 (dealing with unsolicited personal information): If we receive personal information we did not solicit (for example, someone else's information in a report), we either retain it for the purposes of the report or destroy it per APP 4.3
  • APP 5 (notification of collection): This policy is the notification
  • APP 6 (use or disclosure of personal information): We only use personal information for the purposes described in this policy. We do not disclose it to third parties except as described in section 5
  • APP 7 (direct marketing): We do not use personal information for direct marketing without your explicit consent (consent_marketing)
  • APP 8 (cross-border disclosure): See section 10 on international transfers
  • APP 9 (adoption, use or disclosure of government related identifiers): We do not use government identifiers for our own identification purposes. Yoti age verification uses your government ID but returns only a yes/no result to us
  • APP 10 (quality of personal information): We keep your information accurate and up-to-date by allowing you to correct it at any time
  • APP 11 (security of personal information): See section 7 above
  • APP 12 (access to personal information): Where APP 12 requires us to provide access to personal information we hold about you, we will do so in accordance with our statutory obligations. Requests are handled as described in section 9.1
  • APP 13 (correction of personal information): You have the right to correct any inaccuracy, described in section 9.3

If you believe we have failed any of these obligations, contact us at admin@thescenedatingapp.com. If you are not satisfied with our response, you can complain to the OAIC at oaic.gov.au or 1300 363 992.

18. GDPR compliance note (for users in the EEA, UK, or similar jurisdictions)

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with GDPR-equivalent data protection law, additional rights apply:

  • Legal basis for processing: Your consent (Article 6(1)(a)) for all processing. Your explicit consent (Article 9(2)(a)) for special category data (kink preferences).
  • Data portability: Where the statutory right under Article 20 applies, we will respond to formal portability requests in accordance with our legal obligations. We do not offer data portability as a promoted product feature. See section 9.2.
  • Right to erasure ("right to be forgotten"): Full deletion of your account and all associated data, see section 9.4.
  • Right to restrict processing: You can contact us to request that we limit the use of your data pending a correction or investigation.
  • Right to object: You can object to specific types of processing, particularly processing based on legitimate interest.
  • Right to withdraw consent: Any optional consent can be withdrawn at any time without affecting the lawfulness of prior processing.
  • Complaint to a supervisory authority: Your local Data Protection Authority (for UK users, the ICO at ico.org.uk).

We do not currently have an EU representative. If our user base in the EEA grows to a point where this is legally required, we will appoint one and update this policy.

Back to The Scene