Trust

Privacy policy.

Plain English. No ten-page lawyer wall. We've written this so you can actually read it.

Last updated: 1 March 2026

The short version

We collect what we need to run the service, nothing more. We don't sell your data. We don't share you with brokers. Delete your account and your data is gone within thirty days. If something here surprises you, that's a bug, please tell us.

What we collect

To run thatnewone we need to collect a small set of things from you, and that's it.

Account basics: your email, a username, a password (hashed, we never see it in plain text), and the date you joined.
Profile content: whatever you choose to write or upload. Bio, photos, kink lists, preferences, location to the nearest town if you've enabled that.
Verification status: a yes-or-no flag from our age verification provider. We never see, store, or hold copies of your ID document.
Activity: messages you send, profiles you view, who you've vouched for. Standard for any social product.
Device basics: what kind of device you're on and a rough region from your IP address. We use this to keep the service secure and to tell you if someone signs in from somewhere unexpected.

What we don't collect

We don't fingerprint your device, run third-party tracking pixels, sync with advertising networks, or quietly hand your behaviour to data brokers. There are no Facebook pixels, no Google Analytics, no TikTok tags.

Photos and the face blur system

When you upload a photo, two things happen on our servers. First, an AI moderation check looks for content that violates our guidelines or UK law (underage material, deepfakes, scraped or non-consensual content). Failed images are deleted and never reach anyone. Second, our face detection system identifies faces in the image and applies the auto-blur if you've left it on. The blurred version is what's shown by default. The unblurred original is encrypted and stays on our servers, only revealed to people you've personally chosen to share it with.

If you delete a photo, both versions are deleted permanently within seven days.

Messages

Messages between members are stored on our servers so you can read them across devices and so we can respond to abuse reports. They're encrypted at rest. We do not read your messages routinely. We only access them when investigating a report you or another member has filed, or where required by UK law enforcement. End-to-end encryption is on our roadmap.

Who can see what

Your profile visibility is fully under your control. By default you're visible to other verified members, and your photo tiers are vanilla-only. You decide who sees your erotic and explicit content, who sees your face unblurred, and who can message you. None of these defaults will ever change without you opting in.

How long we keep things

Active account data: as long as your account is active.
Deleted account data: purged within thirty days, except where we're legally required to retain something (for example, evidence preserved for a law enforcement request).
Messages: retained while both senders' accounts are active. Either party deleting their account starts the deletion clock.
Verification flag: kept as long as your account exists. Deleted when you delete your account.

Sharing with third parties

The only third parties who ever touch your data are the ones we need to actually run the service:

Hosting: Fly.io, our cloud provider, in the UK and EU.
Age verification: a UK-licensed verification provider (named in your verification flow). They confirm yes-or-no and tell us nothing else.
Payments: Stripe, only if you become a Supporter. We never see your card details.
Email: SMTP2GO for transactional email like password resets and notifications.

None of these are advertising or analytics companies. None of them get a copy of your profile or messages.

Your rights under UK GDPR

You can:

Ask for a copy of all the data we hold about you (we'll send a download within thirty days).
Correct anything that's wrong.
Delete your account at any time, which triggers the thirty-day full deletion process.
Object to specific processing or withdraw consent for optional features.
Complain to the Information Commissioner's Office if you think we've handled your data badly.

Email privacy@thatnewone.co.uk for any of these.

Changes to this policy

If we make material changes, we'll tell you in the app and by email at least thirty days before they take effect. We won't quietly weaken your privacy through fine print.

Contact

For privacy questions: privacy@thatnewone.co.uk

For everything else: our contact page.