Is the contact form on this website private?

Yes. The contact form encrypts your message in your browser using PGP before it leaves your device. The server receives only encrypted data and cannot read your submission. The message can only be decrypted with a private key held exclusively by Nela.

Does this website use tracking or analytics?

No. This website uses no analytics scripts, advertising pixels, session recorders, heatmapping tools, or third-party telemetry. No Google Analytics, no Meta Pixel, no Hotjar, and no external tools that profile visitors.

Where is client data handled?

Data is handled through European services only. The web server is in the Netherlands under GDPR and Dutch law. Email and screening documents are handled through Proton in Switzerland under Swiss data protection law. No US-based services are used to process or store your data.

What is the most private way to send screening documents?

Proton Drive is the preferred option. Nela creates a private upload folder and sends you the link. You can upload your documents in any browser without creating an account. Files are encrypted and stored in Switzerland under zero-access encryption.

What happens to screening documents after a first meeting?

Screening documents are deleted once the first meeting is complete. After that, only your name, phone number, and email address are retained so that you do not need to repeat screening in future.

Privacy & Discretion

Discretion is not treated as an extra here. This website was built with privacy as a foundation, so that browsing, contacting me, and sharing the information necessary for screening can be handled as carefully and as minimally as possible.

Your privacy and mine matter equally. Every decision about how this site works, how you reach me, and how screening is handled was made with one principle in mind: keep what is necessary, avoid what is not, and never collect data simply because most websites do.

The only cookie

This website sets exactly one cookie, named age_ok. It stores a single value, 1, simply to remember that the age gate has already been acknowledged in that browser.

It contains no unique identifier, no session reference, no device metadata, and no behavioural information. Its max-age is set to 6 hours, after which the browser discards it automatically. It is also scoped with SameSite=Strict.

In practical terms, it exists only to spare you from seeing the age prompt on every page load. It does not identify you, track you, or tell me anything about your visit. If you browse in a private or incognito window, it disappears with that session.

Why you will not see a cookie banner here

Cookie consent banners are generally required when a website uses non-essential cookies for analytics, advertising, tracking, or other forms of personal data processing. The single cookie used here is strictly functional and exists only to suppress the repeated age prompt for a short period.

There are no analytics cookies, advertising cookies, or tracking tools behind the scenes. In simple terms, there is nothing here to consent to beyond the age acknowledgement itself, so there is no banner.

No trackers, no analytics, no pixels

This website contains no analytics scripts, advertising pixels, session recorders, heatmapping tools, or third-party telemetry of any kind. No Google Analytics, no Meta Pixel, no Hotjar, no Microsoft Clarity, and no external JavaScript designed to profile visitors.

You are not treated as a data point here. No script measures how long you stay, no pixel reports your visit elsewhere, and no third party builds a profile around your activity on this site.

How the contact form is protected

When you submit the contact form, your message is encrypted in your browser using PGP before it leaves your device. The server receives only the encrypted payload and cannot read the contents.

The message is then relayed to my Proton inbox. The server's role is purely technical: it passes the encrypted submission along and does not store it, analyse it, or share it with any third party. The message can only be read with the corresponding private key, which I alone hold.

What I ask for and why

When you first contact me, I ask for your full legal name, email address, and phone number. This is simply the minimum needed to establish genuine contact and to know that I am speaking with a real person.

If we decide to proceed, screening can take one of three forms. You may choose whichever is most suitable for your situation.

Option 1: A verified LinkedIn profile with photo, or a LinkedIn profile with photo and official company email, plus a hotel confirmation in your name.
Option 2:A photo of your passport, driver's license, or ID showing your full legal name, country, year of birth, and photo. Other details may be covered. A hotel confirmation in your name is also required.
Option 3 (Prague & Bratislava only): A confirmed prepaid hotel reservation in your name. After check-in, a brief verification call to your room may also be requested.

I ask only for what is genuinely needed and no more.

How screening documents can be shared securely

These options are not identical, so I outline them clearly below. The aim is simple: to let you choose the method that best matches your own comfort level. Regardless of the channel used, screening documents remain in my Proton Drive only until our first meeting is complete.

1. Proton Drive, preferred option

How it works: I create a private upload folder in Proton Drive specifically for you and send you the link. You open it in any browser, upload your documents, and save. No Proton account, app, or registration is required on your side.

In transit: Your document is encrypted as it is uploaded. From a privacy standpoint, this is the strongest and simplest option.

Where it is stored:On Proton's servers in Switzerland under zero-access encryption.

In practical terms: Proton cannot read the file contents, and the files remain accessible only through my account, which is protected by password and two-factor authentication.

2. ProtonMail to ProtonMail, equally strong

In transit: Fully end-to-end encrypted for the entire journey between Proton accounts.

Where it is stored: Once received, the document is moved to my Proton Drive and the email itself is deleted on my side.

Privacy level: Comparable to Proton Drive.

What you need: A ProtonMail account. If you already use Proton, this is an excellent option.

3. Gmail, Outlook, or other email providers

In transit: Messages are generally protected in transit with standard TLS. However, cross-provider email does not offer the same level of end-to-end privacy as Proton-to-Proton communication.

Where it is stored:On your provider's side in your sent folder, and then on my side after receipt until I move the document into Proton Drive and delete the email.

What this means: This is acceptable for many people, but not the most private option if you are especially cautious about where copies may remain.

In short: Suitable for many situations, though Proton Drive or ProtonMail are better choices if you prefer the highest level of privacy.

4. iMessage, strong in transit and dependent on backup settings

In transit: End-to-end encrypted between Apple devices when the conversation remains in iMessage rather than SMS.

Where it is stored: On your device, and possibly in iCloud depending on your backup settings.

What matters most: Your iCloud settings determine how private storage remains after sending.

In short: A strong option in transit, provided you are comfortable with your Apple backup configuration. If you use iMessage for documents, it is worth reviewing iCloud Messages or enabling Advanced Data Protection first.

5. WhatsApp, strong in transit but shaped by backup settings

In transit: WhatsApp uses the Signal Protocol, which offers strong protection for message content while messages are being sent.

Where it is stored: On your device, and potentially in iCloud or Google Drive if cloud backups are enabled.

What to keep in mind: Message content is well protected in transit, but backups and metadata are separate considerations.

In short: Fine for general conversation. For screening documents, it is best used only if you are comfortable with your backup settings and with the fact that metadata may still exist.

6. Telegram standard chat, least private option

In transit:Standard Telegram chats are encrypted between your device and Telegram's servers, but not end-to-end encrypted.

Where it is stored:On Telegram's servers in a way that does not provide the same privacy standard as the other options above.

What I recommend: I do not recommend standard Telegram for screening documents.

Better alternative:If Telegram is your preference, use Secret Chat instead. Secret Chat provides proper end-to-end encryption and keeps the conversation off Telegram's standard cloud storage.

At a glance

A simple comparison of the main differences between channels.

Channel	Interception risk	Storage risk	Practical privacy note
Proton Drive	Negligible	Negligible	Swiss law only
ProtonMail to ProtonMail	Negligible	Negligible	Swiss law only
Gmail / Outlook to ProtonMail	Low	Moderate on sender side	May involve sender's provider
iMessage (backup off)	Low	Low	Limited to physical device access
iMessage (backup on)	Low	Higher	May involve Apple backup storage
WhatsApp (backup off)	Low	Low, metadata remains	Metadata may still exist
WhatsApp (backup on)	Low	Higher	May involve backup provider
Telegram standard chat	Low	High	Depends on Telegram's server-side handling
Telegram Secret Chat	Negligible	Low, device only	Limited to physical device access

What happens after a first meeting

Screening documents are deleted from my side once our first meeting is complete.

After that, I retain three things only: your name, phone number, and email address. This allows me to recognise you if you contact me again and means you do not need to repeat screening in future. Nothing else is kept.

Security on my side

My phones and laptop are encrypted, locked, and protected with standard device-level security measures. My Proton account is secured with two-factor authentication through Proton Authenticator.

No system can honestly be described as perfect, but the practical aim is straightforward: keep access tightly controlled, minimise what is stored, and make sure privacy does not depend on vague assurances.

References between escorts

I do not offer or request formal references between escorts, and I do not volunteer client names to colleagues. If another escort contacts me already holding a client's name and identifying details, I may confirm one thing only: whether I personally consider him safe to meet, or not. No details and no history.

The trust behind discretion

A sensible question sits underneath all of this: whether information shared for screening could ever be used in a way that causes you difficulty.

I have no incentive to misuse it. On the contrary, my entire business depends on being the kind of person clients feel safe with. That is not sentimental language. It is a practical reality. Discretion is not optional in this world, and trust once lost does not return.

The only exception would be something genuinely criminal or an actual attempt to cause me physical harm. In that situation, of course, I would protect myself and cooperate with the appropriate authorities.

Questions

If anything here is unclear, or if you would like to discuss how a specific type of information is handled, you are welcome to ask me directly. I would always rather answer honestly than leave something to assumption. You can reach me at nela.elsner@protonmail.com.