Privacy policy.

Last updated: June 19, 2026

The Cupsar is built around anonymous fit information. We collect information needed to run accounts, reviews, moderation, security, and site operations. We do not sell personal information or operate a social, follower, or direct-message system.

Information we collect

• Account information: email address, display name, password hash, account role, age confirmation, and account timestamps.
• Fit profile information: optional measurements, usual size, breast-shape information, and profile visibility choices.
• Review information: brand, model, worn size, usual size, fit ratings, tags, written review text, purchase/return choices, and review timestamps.
• Photo information: processed image files, photo type, image dimensions, file size, moderation status, moderation reason when applicable, and related upload or review records.
• Operational information: authentication sessions, security events, and limited technical information needed to prevent abuse, protect accounts, diagnose errors, and keep the service available.

Passwords are not stored as readable plaintext passwords.

What is public, account-only, and private

How photo uploads are handled

Photos are optional. The Cupsar accepts JPEG, PNG, and WebP images up to 10 MB. An upload is processed in memory rather than stored as a permanent original file.

During processing, the image is normalized for orientation, converted to WebP, resized into large, medium, and thumbnail versions, and compressed for display. The processed image versions are the files retained for moderation and, if approved, account-only viewing.

Embedded EXIF metadata is removed from the stored image versions. This includes the extra information many phones and cameras attach automatically to a photo file.

Why metadata matters

A phone photo can contain more than the pixels you see. Depending on the device and settings, the original file may include GPS coordinates, capture date and time, camera or phone model, orientation, editing software details, and other technical data.

That information can reveal more context than someone intended to share. Removing embedded metadata helps reduce that risk, but it cannot remove identifying visual details. Faces, tattoos, distinctive marks, mirrors, room layouts, paperwork, labels, usernames, and background landmarks can still identify someone.

Crop or cover identifying details before upload. Moderators may reject a photo whenever it could reasonably identify you or another person.

Photo access and moderation

Photos are not intended to be publicly crawlable. Approved photos are delivered through access-controlled application routes for logged-in adult users. Guests are not allowed to retrieve them through direct links.

Every uploaded review or profile photo starts in moderation. A photo may be approved, rejected, hidden, or removed based on the Content Rules and Moderator Guidelines.

Deletion and retention

When you delete one of your photos, its stored image variants are deleted from active private storage and the photo record is removed from the active database. When you replace a photo, the older stored image variants are deleted after the replacement is saved.

When a moderator rejects a photo, its stored image variants are deleted. The site may retain a limited moderation record, such as the photo type, status, rejection reason, and review timestamp, so the decision can be understood and repeated re-uploads can be handled consistently.

When you delete your account, The Cupsar deletes your stored review and profile photos, removes your profile data including measurements, usual size, and breast shape, removes your votes, and disables the account. Existing review text and ratings may remain in the review database, but are anonymized so they no longer identify the deleted account.

Deleted information may remain in system backups for a limited time until those backups rotate out. It is not restored to active site use after deletion unless needed to recover from a system failure or meet a legal obligation.

How we use information

• Operate accounts, authentication, reviews, and search.
• Moderate photos and written submissions.
• Protect against spam, scraping, fraud, and account abuse.
• Maintain backups, diagnose errors, and improve reliability.
• Respond to support, privacy, and security requests.
• Meet legal obligations when required.

Sharing and service providers

We do not sell personal information. Information may be processed by service providers that host the application, database, backups, authentication, email, security controls, or file storage. Those providers receive only the information needed to provide their service.

We may also disclose information when reasonably necessary to enforce the rules, protect users or the service, investigate abuse, or comply with a valid legal obligation.

Cookies and sessions

The Cupsar uses required authentication and security session data so signed-in features work correctly. We do not use the site as an advertising tracker. If optional analytics or similar tools are added later, this policy will be updated before that change is used.

Security and contact

No online system can promise absolute security. We use access controls, moderation, technical safeguards, and operational practices intended to protect account and photo data.

Send security concerns or responsible vulnerability reports to [email protected]. Send general support or privacy questions to [email protected].