Legal

Privacy
Policy.

Last updated: May 2026

1. Who we are

InCynq is a social platform for Second Life residents, operated from Ireland, EU. We are the data controller for all personal data collected through incynq.app and incynq.net.

Contact: privacy@incynq.net

Data Controller: InCynq, Ireland, EU

2. What data we collect

Account data — your Second Life avatar username, display name, profile picture, email address, and password (stored as a secure hash — we never see your actual password). Your SL username is verified at registration.

Profile data — bio, interest groups, maturity level preferences, grid status, and any other information you choose to add to your profile.

Content data — posts, comments, events, and likes you create or interact with on InCynq.

Follow data — which accounts you follow and which follow you.

Wallet data — your InCynq wallet balance, transaction history, and top-up records.

Referral data — your unique referral code, which users signed up using your link, and activation and reward history. Used solely to manage the referral programme and credit rewards.

Brand analytics (brand accounts only) — when you scroll past or open a brand post, we log an anonymous impression or view count. Brands see aggregate numbers only — never individual identities. Resident posts are never tracked. See section 4 for full detail.

Device and session data — browser type, device type, and session tokens needed to keep you logged in securely.

Push notification subscriptions — if you enable push notifications, we store your browser's push endpoint and subscription keys in order to deliver notifications to your device. This data is deleted when you turn off push notifications or delete your account.

Survey responses — if you choose to complete the optional member survey, we store your answers and star rating. The survey is entirely optional and can be dismissed at any time.

3. How we use your data

  • To create and manage your account and provide the InCynq service
  • To display your profile and content to other users
  • To enable social features — following, likes, comments, events, and discovery
  • To match sponsored content to your chosen interest groups
  • To send account notifications and important platform announcements
  • To process wallet transactions and referral rewards
  • To provide brands with aggregated, anonymised analytics on their content
  • To prevent fraud, abuse, and protect the safety of all users
  • To comply with our legal obligations under Irish and EU law

4. Brand content analytics

When you interact with brand content — scrolling past a brand post in your feed (impression), opening a post (view), or visiting a brand profile — we log the event in our database. This is used to power brand dashboards.

What brands see: aggregate counts only — total impressions, total views, unique viewer counts. They never see which specific users viewed their content.

What we store: the post or profile ID, a timestamp, and your user ID — used only to calculate unique viewer counts and prevent double-counting. Never shared with brands.

Resident posts: never tracked. This only applies to brand content.

To prevent inflated counts, we use browser session storage (cleared automatically when you close your tab) to deduplicate events within a single session. See the Cookie Policy for details.

5. Lawful basis for processing

  • Contract performance — account management, service delivery, wallet transactions
  • Legitimate interest — brand analytics, platform safety, fraud prevention
  • Consent — optional communications and functional cookies
  • Legal obligation — compliance with Irish and EU law, GDPR

6. Data sharing

We do not sell, share, or trade your personal data. Ever.

We use the following trusted service providers who process data on our behalf under strict data processing agreements:

  • Supabase — database and authentication (EU region)
  • Resend — transactional email delivery
  • Cloudflare — hosting and DNS
  • Google (Gemini API) — AI-powered content moderation. Post text and images are sent to Google's Gemini API before publishing to check for prohibited content. No content is stored by Google beyond the duration of the API request.
  • Formspree — contact form processing. Messages submitted via the contact form on incynq.net are processed and delivered by Formspree.

We may disclose data to law enforcement where required by law.

7. International transfers

Your data is stored on Supabase servers in the EU region where possible. Any transfers outside the EU use standard contractual clauses and GDPR-compliant safeguards.

8. Data retention

  • Active accounts — data is retained while your account is active
  • Deactivated accounts — retained for 14 days (residents) or 30 days (brands) to allow reactivation, then deleted
  • Deleted accounts — permanently deleted after the cooling-off period. This fulfils your right to erasure under GDPR
  • Brand analytics — retained for 90 days then purged
  • Wallet and transaction records — retained for the lifetime of your account, then permanently deleted with it

9. Your rights under GDPR

As an EU resident, you have the right to:

  • Access — request a copy of all data we hold about you
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data (right to be forgotten). You can trigger this directly from Settings → Danger Zone → Delete Account
  • Restriction — request we limit processing of your data
  • Portability — receive your data in a machine-readable format
  • Object — object to processing based on legitimate interest
  • Withdraw consent — where processing is based on consent

To exercise any right, email privacy@incynq.net. We will respond within 30 days.

10. Children's privacy

InCynq requires users to be 16 or older — the same minimum age as Second Life. Adult-rated content and ads require users to be 18 or older and SL adult-verified. We do not knowingly collect data from anyone below the minimum age.

11. Security

We use industry-standard security measures including HTTPS encryption, hashed passwords, secure authentication tokens, and access controls. No system is 100% secure — please use a strong password and report any suspicious activity to security@incynq.net.

12. Changes to this policy

We may update this Privacy Policy from time to time. Changes will be posted here with an updated date. For significant changes, we will notify you via the app. Continued use of InCynq after changes constitutes acceptance.

13. Contact

For privacy questions, data requests, or complaints: privacy@incynq.net

You also have the right to lodge a complaint with the Irish Data Protection Commission at dataprotection.ie.