Privacy

Your raw answers stay in your browser

The test is designed around data minimization: no account, no answer API, and no server-side result database.

Reviewed July 14, 2026

Information the test does not ask for

Version 1 does not request a name, email address, birthday, gender, sexual orientation, relationship status, or demographic profile. It does not require an account or server session.

Local test data

Progress, raw answers, the latest result, and Private Boundary Map choices are stored in your browser's local storage when available. This allows refresh recovery on that device. If storage is blocked, the test continues in memory and progress may disappear on refresh.

You can remove test data by selecting Retake from the result and starting over, by clearing the Private Boundary Map, or by clearing site data in your browser. Local data does not automatically synchronize across devices.

Shared result links

A link is created only after a user chooses a share action. Its URL fragment contains a model version, a profile name, an optional ordinary secondary tendency, and eight rounded affinity scores. It does not contain raw answers, question IDs, uncertainty locations, boundary choices, a sender ID, or a timestamp.

The fragment is not sent to BDSMTest.top in the HTTP request. After a receiving browser validates it, the fragment is removed from the address bar and the summary is held in memory. However, the app used to send the link and anyone holding the link can see the encoded summary. It is not encrypted or proof against modification.

Result images and QR codes

Result PNGs and QR codes are generated locally. They are not uploaded to an image service. A result image shows the profile and top three affinity scores, but never raw answers or the Boundary Map.

Analytics and advertising

No analytics or advertising script is enabled in the current release. If event analytics are introduced, they must not receive answers, scores, profiles, shared payloads, boundary data, or free-form user content. Advertising is prohibited during the test, around the shared-result call to action, and inside the private boundary area.

Hosting logs and external platforms

Cloudflare may process ordinary request information needed to deliver static files, such as IP address, user agent, requested path, and security signals. URL fragments are not part of those HTTP requests. When you deliberately open WhatsApp, Telegram, Bluesky, X, Reddit, Facebook, or another share destination, that destination applies its own privacy terms.

Policy changes

Material changes to data collection will be reflected here before they are enabled. The effective date for this version is July 14, 2026.