When you use a D/s task app, you’re typing stuff you wouldn’t put on a billboard. Task titles. Punishment descriptions. Notes your Dom leaves on your completions. Pet names. The intimate texture of a real dynamic.
Most apps store all of that in a database in plain text. That means anyone with database access (a developer, a contractor, someone who gets breached) can read it. All of it. Clear as day. We covered real breach cases and what the industry gets wrong in The Privacy Problem with Kink Apps.
We’ve been building SubTasks for about a year and that’s always bothered us. So we finally did something about it.
What we shipped
Last week we deployed field-level encryption across SubTasks. Here’s what that means in plain terms.
Your sensitive data (task names, descriptions, punishment details, completion notes, reward names, your pet name in the app) gets encrypted before it touches the database. It’s stored as ciphertext. Anyone looking directly at the database just sees garbage.
The encryption is AES-256-GCM, which is the same standard used for banking data and government systems. The decryption key is managed by AWS KMS and is only accessible to the running application servers. Developer IAM credentials have an explicit deny on that key. We literally cannot run a decrypt command from our own machines now. Tried it. Access denied. That’s working as intended.
14 fields across 7 tables are encrypted right now: task titles, task descriptions, completion notes, Dom validation feedback, reward and punishment names and descriptions, acknowledgment notes, and pet names.
What never reaches our logs
Encryption protects your data at rest in the database. But there’s another attack surface: application logs. If our backend logged the task title every time you completed a task, that would show up in CloudWatch in plaintext, encryption or not.
We audited every log statement in the backend codebase. None of your sensitive content (task titles, descriptions, completion notes, punishment details, pet names) appears in our logs. Logs contain only IDs, counts, statuses, and system events (“task completed for task_id=123”). The content of what you’re doing stays out of our logging infrastructure entirely.
Sentry (our error tracker) is configured with send_default_pii=False, which blocks it from sending request bodies, cookies, or user-identifying data in error reports.
The honest asterisk
We’re not going to claim this is end-to-end encryption, because it isn’t. As the AWS account owner, we could, in a real emergency, log into the console and modify the key policy to grant access. That’s a deliberate, audited action. CloudTrail logs every single KMS API call and every IAM policy change.
This is the same trust model that 1Password, Notion, and Linear use. Seeing your data would require a deliberate policy change that leaves a permanent audit trail. That’s a meaningful difference from plaintext storage.
True end-to-end encryption, where keys live on your device and the server never touches plaintext, is on the roadmap. It’s a bigger architectural lift. This was the right first step.
Why we’re telling you this
Because the kink community deserves to know what’s being done with their data. Most apps don’t say. The privacy policy is a wall of legal text and you’re expected to trust it. We compared every major option in our best BDSM apps for couples review, and security was a deciding factor.
We’d rather just tell you what we built and how it works. If you have questions or want to get into the technical details, ask. We’ll answer.
SubTasks is free at subtasksapp.com and now on iOS and Android. See how it works.