TL;DR
We collect what we need to run the site. We don't sell your data. We don't share it with advertisers. We're a film verdict site, not a data broker. That's the whole story.
1. What We Collect
We collect information in two ways: what you give us directly, and what your browser tells us automatically.
What you give us directly:
- -Account information: name, email address, and password when you sign up
- -Profile preferences: streaming services you subscribe to, content preferences
- -Watchlist and ratings data: films you save, ratings you submit, taste match responses
- -Any content you post in The Discourse (comments, posts)
- -Payment information if you upgrade to Pro (processed by Stripe - we never see your full card number)
What your browser tells us automatically:
- -IP address and general location (country/region level)
- -Browser type and operating system
- -Pages visited and time spent on the site
- -Referring URL (how you found us)
- -Device type (desktop, mobile, tablet)
2. How We Use It
We use your data to run the site and make it better. Full stop.
- -To authenticate your account and keep it secure
- -To power the Taste Match algorithm and personalized recommendations
- -To remember your watchlist, ratings, and streaming service preferences
- -To send you verdict notifications if you've opted in
- -To process Pro subscription payments
- -To understand which features people use so we can improve them
- -To prevent abuse, spam, and fraud
We don't use your data to build advertising profiles. We don't use it to train AI models for third parties. We don't sell it. We use it to run a film verdict site.
3. What We Don't Do
This section exists because most privacy policies bury the important stuff. Here it is up front:
- -We do not sell your personal data to third parties. Ever.
- -We do not share your data with advertisers or data brokers.
- -We do not use your data to serve you targeted ads.
- -We do not build behavioral profiles to sell to marketers.
- -We do not share your email with anyone outside the services required to run this site.
- -We do not use dark patterns to trick you into sharing more than you intend to.
4. Cookies and Tracking
We use cookies. Here's what they do:
- -Session cookies: keep you logged in between page loads. Required for the site to function.
- -Preference cookies: remember your theme setting (dark/light), streaming services, and display preferences.
- -Analytics cookies: anonymous usage data to understand how the site is used. We use privacy-respecting analytics that don't fingerprint or track you across other sites.
We don't use third-party advertising cookies. We don't use Facebook Pixel, Google Ads tracking, or similar surveillance infrastructure. If you block cookies, the site still works - you'll just need to log in again each visit.
5. Third-Party Services
We use a small number of third-party services to run the site. Each one only gets the data they need to do their job:
- -Stripe: payment processing for Pro subscriptions. They handle card data under PCI DSS compliance. We never see your full card number.
- -Cloud infrastructure provider: our hosting and authentication infrastructure. Your account data lives on their servers.
- -TMDB (The Movie Database): film metadata, posters, and cast information. We query their API but don't share your personal data with them.
- -Analytics provider: anonymous, aggregated usage data. No cross-site tracking.
We don't use Google Analytics, Meta Pixel, or any advertising technology. If that changes, we'll update this policy and notify you.
6. Your Rights
You have rights over your data. Here's how to exercise them:
- -Access: you can request a copy of all data we hold about you
- -Correction: you can update your account information at any time in your dashboard
- -Deletion: you can delete your account and all associated data from your dashboard settings
- -Export: you can request an export of your watchlist, ratings, and activity data
- -Opt-out: you can opt out of non-essential communications at any time
If you're in the EU or UK, you have additional rights under GDPR/UK GDPR including the right to object to processing and the right to data portability. Contact us at [email protected] to exercise any of these rights.
If you're in California, you have rights under CCPA. We don't sell personal information, so most CCPA provisions don't apply - but you can still request access or deletion at any time.
7. Data Retention
We keep your data as long as your account is active. When you delete your account:
- -Your profile, watchlist, and ratings are deleted immediately
- -Your Discourse posts are anonymized (not deleted, since they're part of public conversations)
- -Your payment records are retained for 7 years as required by tax law
- -Aggregated, anonymized analytics data may be retained indefinitely (it can't be linked back to you)
Inactive accounts (no login for 3 years) may be deleted after 90 days notice to your registered email.
8. Security
We take security seriously. Your password is hashed using industry-standard bcrypt. Connections are encrypted via TLS. We don't store payment card data. We conduct periodic security reviews.
No system is perfectly secure. If we discover a breach that affects your data, we'll notify you within 72 hours via your registered email address and post a notice on the site.
If you discover a security vulnerability, please report it to [email protected]. We'll respond within 48 hours and credit you if you want it.
9. Children's Privacy
ummm, no is not directed at children under 13. We don't knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at [email protected] and we'll delete it promptly.
10. Changes to This Policy
If we make material changes to this policy, we'll notify you via email (if you have an account) and post a notice on the site at least 30 days before the changes take effect. Minor changes (typos, clarifications that don't affect your rights) may be made without notice.
The "Last Updated" date at the top of this page always reflects when the policy was last changed. Continuing to use the site after changes take effect means you accept the updated policy.