Privacy Policy
Last updated: January 1, 2025
1. Introduction
("we," "us," "our") operates MMT. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your personal data. This policy complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and applicable international privacy laws.
2. Information We Collect
Account data: Email address and hashed password, collected at registration. Usage data: Watchlist entries, TV episode watch history, friend connections, activity feed events, ratings, and reviews you create within the Service. Preference data: Theme preference and language preference stored locally in your browser. Offline data: If you use the Service while unauthenticated, watchlist data is stored locally in your browser's IndexedDB and is not transmitted to our servers until you register and sync. We do not collect: IP addresses for tracking purposes, browser fingerprints, advertising identifiers, or behavioral analytics.
3. How We Use Your Information
We use your information solely to: (a) provide and maintain the Service; (b) authenticate your identity and secure your account; (c) display your watchlist and social features to you and your friends as directed by you; (d) improve the reliability and functionality of the Service.
4. Legal Basis for Processing (GDPR)
For users in the European Economic Area, our legal bases for processing are: (a) Contract: processing necessary to perform the Service you requested; (b) Legitimate Interests: security, fraud prevention, and service improvement; (c) Consent: for preference cookies (you may withdraw at any time via cookie settings).
5. Data Sharing and Third Parties
We share data with: The Movie Database (TMDB): Search queries and TMDB IDs are sent to TMDB's API to retrieve movie and TV data. TMDB may log API requests per their own privacy policy. Future payment processor (Stripe): If and when paid features are introduced, payment data will be handled by Stripe. No payment data is collected currently. We do not sell your personal data. We do not share your data with advertisers.
6. Data Retention
We retain your account data for as long as your account is active. If you request account deletion, we will delete your personal data within 30 days, except where retention is required by law.
7. Data Security
Passwords are hashed using bcrypt before storage. Account data is stored in a PostgreSQL database. We implement reasonable technical and organizational measures to protect your data. No method of transmission over the internet is 100% secure.
8. Your Rights
Depending on your jurisdiction, you have the right to: (a) Access: request a copy of the data we hold about you; (b) Rectification: request correction of inaccurate data; (c) Erasure: request deletion of your account and associated data; (d) Portability: request your data in a portable format; (e) Objection: object to certain processing; (f) CCPA: California residents have the right to know, delete, and opt-out of sale (we do not sell data). To exercise any right, contact us at . We will respond within 30 days.
9. International Transfers
Your data may be processed and stored on servers outside your country of residence. We ensure appropriate safeguards are in place in accordance with applicable law.
10. Children's Privacy
The Service is not directed to children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy periodically. The effective date is shown at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact and Data Controller
The data controller is . For privacy inquiries or to exercise your rights, contact: .