Terug

Privacy Policy

Last updated: March 2026

Who are we?

The Blurline Foundation is a non-profit organization based in the Netherlands dedicated to sexual safety and awareness. We develop Blurline, a communication tool that allows two people to share and compare their boundaries.

What do we store?

Blurline is built on the principle of zero-knowledge. We store minimal data: - Anonymized session tokens (temporary, maximum 24 hours) - Anonymized, aggregated statistics for our partners (schools, municipalities) - Contact form messages (name, email, message) Session data is automatically and permanently deleted after 24 hours.

What do we NEVER store?

We never store the following: - Names of tool users - Phone numbers or email addresses of users - Who had a session with whom - Individual boundary profiles after session expiry - IP addresses of users - Location data - Browsing history

Session data and processing

All boundary profiles are processed in the user's browser (client-side). The server never sees the actual choices. The overlap calculation happens entirely locally. When revoking a session, all data is immediately deleted. There is no way to recover data after deletion.

Cookies

Blurline uses minimal cookies: - Session cookies (technically necessary, expire after 24 hours) - Language preference (localStorage) We do not use tracking cookies, analytics cookies, or third-party cookies.

Sharing with third parties

We do not share personal data with third parties. Ever. No exceptions for marketing, advertising, or data sales. The only exception is when we are legally required to provide data (court order).

Your rights (GDPR)

Under the GDPR you have the following rights: - Right of access - Right to rectification - Right to erasure - Right to restriction of processing - Right to data portability - Right to object Because we store virtually no personal data, most rights are automatically guaranteed. For questions: privacy@blurline.nl

Minors

Blurline is intended for persons aged 16 and older. We deliberately do not collect data from persons under 16. During school workshops, we always work with school consent.

Security

We take security seriously: - End-to-end encrypted sessions - Automatic data deletion after 24 hours - No central user database - Regular security audits - Hosting in EU data centers - Compliance with GDPR, NIS2 directive, and Cyber Resilience Act

Changes

We may update this privacy policy. For material changes, we publish the new version on this page with an updated date.

Contact

Privacy questions? Email: privacy@blurline.nl Complaint with regulator: Dutch Data Protection Authority (autoriteitpersoonsgegevens.nl)