Privacy Policy
Effective date: April 10, 2026
1. Introduction
Cineq ("we," "us," or "our") operates the Cineq mobile application (iOS and Android) and the website at cineq.app (collectively, the "Service"). This Privacy Policy explains what personal data we collect, how we use it, with whom we share it, and your choices regarding that data.
By using the Service you agree to this Privacy Policy. If you do not agree, please do not use the Service.
2. Data We Collect
2.1 Account Data
When you create an account we collect your email address, display name, and authentication credentials (managed via Apple Sign In or Google Sign In). We also store a unique user ID, avatar URL, and optional profile fields you provide (bio, website, social links).
2.2 Activity Data
We collect data you actively provide through the Service: film and TV show logs (including ratings, reviews, watch dates, rewatch status, tags), watchlist entries, follows, reactions, comments, list curation, and Watch Party participation.
2.3 Theatre & Location Data
When you tag a theatre on a log entry, we may request your approximate location (GPS) to suggest nearby cinemas. Location is used solely for the search request and is not stored on our servers. Theatre venue data is sourced via the Google Places API.
2.4 Device & Usage Data
We collect anonymous analytics data through PostHog, including device type, OS version, app version, screen views, feature usage events, and session duration. This data is used to improve the Service and is not linked to your identity for advertising purposes.
2.5 Payment Data
Payments for Cineq Premium are processed by Stripe (web) and RevenueCat / Apple App Store / Google Play Store (mobile). We do not store your credit card number, bank account details, or other payment instrument data on our servers. Stripe and RevenueCat provide us with a transaction ID, subscription status, plan type, and billing dates.
2.6 Import Data
If you import your watch history from Letterboxd (CSV), we process the file server-side to match entries against TMDB and create log records. The uploaded CSV is deleted after processing.
3. How We Use Your Data
- Provide, operate, and maintain the Service
- Display your profile, stats, and activity to other users (per your privacy settings)
- Generate personal statistics (films watched, hours logged, genres, theatre visits, etc.)
- Power social features (feed, reactions, comments, taste compatibility, Watch Party)
- Deliver taste-based recommendations and discovery features (using anonymized embedding vectors)
- Process subscription payments and manage your Premium entitlements
- Send transactional emails (account verification, password reset) and optional notification emails
- Analyse usage patterns to improve the Service (via PostHog analytics)
- Detect and prevent abuse, fraud, and Terms of Service violations
- Comply with legal obligations
4. Sub-processors & Third-Party Services
We share your data only with the following third-party service providers ("sub-processors"), each used for a specific purpose:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase (AWS us-east-1) | Database, authentication, file storage, realtime, edge functions | All account and activity data |
| Stripe | Web payment processing | Email, payment method tokens, subscription events |
| RevenueCat | Mobile subscription management & entitlements | User ID, subscription status, purchase receipts |
| Apple (App Store) | iOS in-app purchases & authentication | Apple ID token, purchase receipts |
| Google (Play Store & Sign In) | Android in-app purchases & authentication | Google ID token, purchase receipts |
| TMDB (The Movie Database) | Film & TV metadata, posters, cast info | Search queries (no personal data) |
| Google Places API | Theatre venue search & details | Approximate location coordinates (not stored) |
| PostHog | Product analytics & feature flags | Anonymous usage events, device metadata |
| OpenAI | Taste embedding generation (text-embedding-3-small) | Anonymized taste vectors derived from ratings (no reviews or personal data) |
| Vercel | Web application hosting & CDN | HTTP request metadata (IP addresses, user agent) |
| Expo / EAS | Mobile app build & over-the-air updates | Device metadata for update targeting |
| Google AdSense | Display advertising (web, free tier) | Cookie-based identifiers per Google's privacy policy |
We do not sell your personal data to any third party. We do not share your data with data brokers, ad networks (beyond the AdSense integration noted above), or any party not listed in this table.
5. Data Retention
We retain your account and activity data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., financial transaction records, which are retained for up to 7 years). Anonymized analytics data may be retained indefinitely.
6. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your account and personal data
- Export your data in a portable format
- Withdraw consent for optional processing
- Object to processing based on legitimate interests
- Restrict processing in certain circumstances
To exercise any of these rights, email us at support@cineq.app. We will respond within 30 days.
7. Cookies & Local Storage
The web application uses essential cookies and localStorage for authentication sessions, theme preferences, and dismissed UI state. We use PostHog for analytics, which may set its own cookies. Google AdSense may set cookies for ad personalization on the free tier; you can opt out via your browser settings or Google's ad settings page.
8. Security
We implement industry-standard security measures including: HTTPS/TLS encryption in transit, encrypted database storage at rest (AES-256 via Supabase/AWS), Row-Level Security (RLS) on all database tables, server-side API key management (no sensitive keys exposed client-side), and regular dependency updates.
No system is 100% secure. If you discover a security vulnerability, please report it to support@cineq.app.
9. Children's Privacy
The Service is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
10. International Data Transfers
Your data is primarily stored in the United States (AWS us-east-1 via Supabase). If you are located outside the United States, your data will be transferred to and processed in the United States. We rely on the sub-processors' standard contractual clauses and data processing agreements for lawful transfer mechanisms.
11. California Privacy Rights (CCPA)
If you are a California resident, you have the right to: know what personal information we collect and how it is used; request deletion of your personal information; opt out of the sale of personal information (we do not sell personal information); and not be discriminated against for exercising your privacy rights.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the effective date. Your continued use of the Service after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions about this Privacy Policy or your data, contact us at:
Cineq
Email: support@cineq.app
Website: cineq.app