Privacy Policy

How we handle (and more importantly, don't handle) your data.

Privacy Policy

Last Updated: September 1, 2025

1. Introduction & Our Commitment to Your Privacy

Welcome to the Bunkros Identity Lab ("Bunkros," "we," "us," "our"). Our mission is to provide a secure and affirming space for self-discovery. Your privacy is not an afterthought; it is a foundational principle of our platform.

This Privacy Policy explains in detail what information we collect, why we collect it, how we use and protect it, and how you can exercise your privacy rights. This policy is written in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and relevant Dutch data protection laws.

By using our services, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller Information

The entity responsible for processing your personal data (the "Data Controller") is:

Entity Name: Bunkros
Contact Email for Privacy Inquiries: privacy@bunkros.net
General Contact: contact@bunkros.net

3. What Personal Data We Collect and Our Legal Basis for Processing

We have designed our platform to collect the minimum amount of data necessary to provide our services. We categorize the data we process as follows:

Data Category	Types of Data Processed	Purpose of Processing	Legal Basis (under GDPR)
Account Information	Email Address, Encrypted Password, Account Creation Date.	To create and manage your secure member account, authenticate your logins, and communicate essential service-related information.	Art. 6(1)(b) GDPR: Processing is necessary for the performance of a contract (our Terms of Service) with you.
User Interaction & Test Data	Your answers to our "Tests" and questionnaires; your interactions with the Bunkros AI; data related to personality, kink orientation, and identity exploration.	To provide the core functionality of the Lab: generating personalized insights, connecting your results to our content library, and facilitating your self-mapping journey.	Art. 9(2)(a) GDPR: Processing of Special Category Data based on your explicit and unambiguous consent. We will request this consent separately before you begin any tests.
User-Generated Content	Journal entries, reflections, essays, and public profile information you choose to create in the "Projects" section; content you share in the "sharing zones."	To allow you to document your journey, build a personal narrative, and optionally connect with other members.	Art. 6(1)(a) GDPR: Processing is based on your consent, which you provide by voluntarily creating this content.
Communication Data	Your email address and the content of your communications when you contact us for support or inquiries.	To respond to your questions, provide technical support, and address your concerns effectively.	Art. 6(1)(f) GDPR: Processing is necessary for our legitimate interest in providing excellent user support and managing our platform.
Technical & Usage Data (Anonymized)	Aggregated and anonymized data such as total visitor counts, general traffic patterns, and server load statistics. We do NOT collect or store IP addresses, device identifiers, or granular user tracking data.	To monitor the health and security of our servers, prevent abuse, and understand basic usage trends to improve our service.	Art. 6(1)(f) GDPR: Processing is necessary for our legitimate interest in maintaining and securing our platform.

A Special Note on "Special Category Data":
The information you provide in our "Tests" and through your AI interactions may reveal details about your sexual orientation, sexual life, and health. Under GDPR, this is "Special Category Data" and receives the highest level of protection. We will not and cannot process this data without your explicit, freely-given, and informed consent. You will be presented with a clear consent request before you can access these features. You may withdraw this consent at any time, which will result in the deletion of this data from our systems.

4. Automated Decision-Making and Profiling

The Bunkros AI uses your Test Data and interactions to perform a limited form of profiling. It is crucial to understand what this means:

What it does: The AI analyzes the patterns in your inputs to create connections and suggest relevant content within our ecosystem (e.g., glossary entries, archetypes, articles). It helps build your personalized identity map.
What it does NOT do: The AI does not make automated decisions that have legal or similarly significant effects on you. Its outputs are not medical diagnoses, clinical assessments, or definitive judgments. They are reflective prompts designed to aid your self-exploration.

You have the right to object to this profiling, though doing so will fundamentally limit your ability to use the core features of the Bunkros Identity Lab.

5. Data Sharing and Third-Party Processors

We are committed to not selling, renting, or leasing your personal data to third parties for marketing purposes. We only share data with trusted third-party service providers ("Data Processors") who are contractually obligated to protect your data and only use it for the specific services they provide to us. These include:

Infrastructure & Hosting Providers: To host our website and store data securely. Our providers are selected for their high security standards and are located within the European Economic Area (EEA) where possible.
Security Services: To protect our platform from cyber threats like DDoS attacks and malicious bots.
Essential Functional Services: Such as third-party font libraries to ensure our website displays correctly.

We have Data Processing Agreements (DPAs) in place with all our processors, ensuring they comply with GDPR standards.

6. Data Retention

We believe in data minimization and do not keep your data for longer than necessary.

Account Information & Test Data: Retained for as long as your member account is active. If you choose to delete your account, this data will be permanently and irrevocably deleted from our production systems within 30 days.
User-Generated Content: Retained for as long as your account is active, unless you choose to delete specific content earlier.
Communication Data: Emails sent to us may be retained for up to 24 months to maintain a record of our correspondence but will be deleted thereafter unless required for legal reasons.
Anonymized Technical Data: May be retained indefinitely as it cannot be used to identify you.

7. Your Rights Under GDPR

As a user located in the EU, you have the following rights regarding your personal data:

The Right to Access: You can request a copy of the personal data we hold about you.
The Right to Rectification: You can request that we correct any inaccurate or incomplete data.
The Right to Erasure (The "Right to be Forgotten"): You can request the deletion of your personal data. This can be actioned directly by deleting your account.
The Right to Restrict Processing: You can request that we limit the way we use your data.
The Right to Data Portability: You have the right to receive your data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
The Right to Object: You can object to our processing of your data where we are relying on legitimate interests as our legal basis.
Rights Related to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on you. As stated, our AI does not perform such functions.
The Right to Withdraw Consent: You can withdraw your consent at any time for the processing of your Special Category Data.

To exercise any of these rights, please contact us at privacy@bunkros.net. We will respond to your request within one month, as required by law.

8. Data Security

We take the security of your data very seriously and implement appropriate technical and organizational measures to protect it. These measures include:

Encryption: Passwords are cryptographically hashed, and all data is encrypted in transit (using SSL/TLS) and at rest.
Access Control: Access to personal data is strictly limited to authorized personnel who require it to perform their job functions.
Anonymization: We anonymize data wherever possible, such as in our general usage analytics.
Regular Security Audits: We conduct regular reviews of our security practices.

However, please be aware that no method of transmission over the internet or electronic storage is 100% secure. You are responsible for keeping your account password confidential.

9. Children's Privacy

The Bunkros Identity Lab is intended for adults. Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected data from a child under this age, we will take immediate steps to delete that information and their account.

10. International Data Transfers

Our primary operations are within the European Economic Area (EEA). If we use a data processor located outside the EEA (e.g., in the United States), we will ensure that the transfer of data is protected by appropriate safeguards, primarily through the use of the European Commission's Standard Contractual Clauses (SCCs) or an Adequacy Decision.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. We will notify you of any significant changes by posting the new policy on this page and, if you are a member, by sending a notification to your registered email address.

12. Contact Us and Your Right to Complain

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us at: privacy@bunkros.net.

You also have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data infringes on your rights. The lead supervisory authority for our operations is the Dutch Data Protection Authority:

Autoriteit Persoonsgegevens
Website: https://www.autoriteitpersoonsgegevens.nl/