← Back to Trick Dash
Privacy Policy
Effective Date: March 16, 2026 · Last Updated: March 16, 2026
Bunk Labs, Inc. ("Company," "we," "us") operates Trick Dash, an LGBTQ+ social application. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.
We built Trick Dash with privacy as a core design principle. We don't sell your data. We don't serve ads. We collect only what's necessary to make the app work.
1. Data We Collect
| Data | How We Store It | Why |
|---|
| Email address | SHA-256 hash only — your actual email is never stored after verification | Account recovery via magic link |
| Birthday | Stored to compute age; exact date not displayed to others | Age verification (18+ requirement) |
| Display name | Stored in plaintext | Shown to other users in Radar mode |
| Dark Room nickname | Stored in plaintext, separate from Radar identity | Anonymous persona in Dark Room mode |
| Profile photos | Stored in Cloudflare R2 (encrypted at rest) | Displayed on your profile |
| Approximate location | Geohash (low-resolution area, not exact coordinates) | Nearby user discovery |
| Messages | Stored in Cloudflare D1 with configurable retention (1–14 days) | Message delivery; auto-deleted per your retention setting |
| Device identifier | Randomly generated UUID stored on your device | Anonymous account creation |
| Push subscription | Web Push endpoint URL + encryption keys | Sending push notifications you've opted into |
1.1 Data We Do NOT Collect
We do not collect: your real name (unless you choose to use it as your display name), your exact GPS coordinates (only geohash), your contacts or address book, your browsing history, advertising identifiers, or analytics/tracking data from third-party SDKs. We do not use cookies for tracking or analytics. Any cookies set are strictly functional (e.g., session tokens for authentication). We have no third-party analytics, advertising, or tracking SDKs in the app.
2. How We Use Your Data
- Nearby discovery: Your geohash is used to show you profiles in your area and to show your profile to nearby users.
- Messaging: Messages are stored temporarily to enable delivery. You control your message retention period (1–14 days).
- Account security: Your hashed email enables magic link login for account recovery.
- Content moderation: Profile photos may be reviewed (by automated systems or human moderators) to enforce our Community Guidelines. You may appeal any automated moderation decision to our human review team by contacting privacy@trickdash.com.
- Service operation: We use operational data (error logs, request counts) to maintain and improve the Service. This data is aggregated and not tied to individual users.
3. How We Share Your Data
We share your data only in these limited circumstances:
- With other users: Your profile information (name, photos, age, approximate distance) is visible to other users as part of the Service's core functionality. In Dark Room mode, only your anonymous persona is visible.
- Infrastructure providers: We use Cloudflare for hosting, storage, and content delivery. Cloudflare processes data on our behalf under a data processing agreement. Resend processes transactional emails (magic links only).
- Legal requirements: We may disclose data if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
We do not sell, rent, or trade your personal data to third parties, as defined by the CCPA/CPRA. Data shared with Cloudflare and Resend constitutes a service-provider relationship, not a sale or sharing for cross-context behavioral advertising. We do not share data with advertisers.
4. Data Retention
- Messages: Auto-deleted based on your chosen retention period (default: 7 days, configurable 1–14 days).
- Photos: Stored until you delete them or delete your account.
- Flashes: Auto-expire and are deleted after 24 hours.
- Expiring photos: Deleted from our servers after the recipient views them.
- Profile data: Stored until you delete your account.
- Push subscriptions: Automatically cleaned up when they expire or become invalid.
5. Your Rights
5.1 All Users
Regardless of where you live, you can:
- Delete your account: In Settings → Data & Privacy → Delete Account. This permanently removes your profile, photos, messages, and all associated data from our servers.
- Export your data: In Settings → Data & Privacy → Export Data. You'll receive a downloadable file containing your profile information, photos, and message history.
- Control message retention: Choose how long your sent messages are stored (1–14 days).
- Block users: Block any user to prevent them from seeing your profile or contacting you.
- Revoke location access: Through your device's system settings at any time.
5.2 European Economic Area (GDPR)
If you are in the EEA, you have additional rights under the General Data Protection Regulation:
- Legal basis: We process your data based on (a) your consent (location, push notifications), (b) contractual necessity (account, messaging), and (c) legitimate interests (security, moderation).
- Right of access: Request a copy of all data we hold about you.
- Right to rectification: Update inaccurate data via your profile settings.
- Right to erasure: Request deletion of your data (or use the in-app Delete Account feature).
- Right to data portability: Export your data in a machine-readable format.
- Right to object: Object to processing based on legitimate interests.
- Right to withdraw consent: Withdraw consent at any time (e.g., revoke location permissions).
- Data transfers: Data is processed in the United States and at Cloudflare edge locations globally. Transfers are safeguarded by the EU-U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs) as a fallback mechanism.
To exercise these rights, email privacy@trickdash.com. We will respond within 30 days.
5.3 California (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it's used.
- Delete your personal information.
- Opt out of sale: We do not sell your personal information. No opt-out is necessary.
- Right to correct: Correct inaccurate personal information via your profile settings.
- Right to limit use: Limit use of your personal information by managing consent preferences in Settings (location, push notifications, message retention).
- Non-discrimination: We will not discriminate against you for exercising your rights.
To exercise these rights, email privacy@trickdash.com. We will verify your identity before processing requests, which may involve confirming your email address or device identifier.
6. Security
We implement industry-standard security measures including: encryption in transit (TLS) for all connections, encryption at rest for stored photos and data, JWT-based authentication with short-lived tokens, rate limiting on authentication endpoints, and Web Push payload encryption (RFC 8291). No system is 100% secure, and we cannot guarantee absolute security.
7. Children's Privacy
Trick Dash is not intended for anyone under the age of 18. We do not knowingly collect personal information from individuals under 18. If we become aware that a user is under 18, we will promptly delete their account and associated data. If you believe a minor is using the Service, please report it to safety@trickdash.com.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice in the app and updating the "Last Updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.
9. Contact
For privacy-related inquiries:
Bunk Labs, Inc.
Email: privacy@trickdash.com
For GDPR-specific requests, you may also contact your local Data Protection Authority.