Privacy Policy
Introduction
At MyWatchedMovies, we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your personal information when you use our service. We are committed to transparency and giving you control over your data.
Last updated: December 6, 2025
Information We Collect
Account Information
When you create an account, we collect:
- Email address - Used for login, account recovery, and important notifications
- Password - Stored securely using industry-standard encryption (bcrypt hashing)
- Display name - Optional, used to personalize your experience
- Authentication provider - If you sign in with Google or Apple via Auth0
Movie Data
To provide our core service, we store:
- Movies you've watched - Including ratings and watch dates
- Movies you plan to watch - Your watchlist
- Physical media collection - Optional tracking of DVDs, Blu-rays, etc.
- Movie lists - Custom lists you create
Preferences & Settings
- Theme preference - Light or dark mode
- Cookie consent - Your cookie preferences
- Notification settings - Email notification preferences
Usage Information
With your consent (Statistics cookies), we collect:
- Page views - Which pages you visit
- Session data - How long you use the site
- Device information - Browser type, screen size (anonymized)
- IP address - Anonymized for analytics purposes
How We Use Your Information
We use your information for the following purposes:
Provide Our Service
- Create and manage your account
- Store and display your movie collection
- Generate personalized statistics and recommendations
- Sync your data across devices
Communicate With You
- Send account verification emails
- Password reset requests
- Monthly statistics emails (if enabled)
- Important service updates
Improve Our Service
- Analyze usage patterns to improve features
- Fix bugs and technical issues
- Understand which features are most valuable
Security & Compliance
- Prevent fraud and abuse
- Comply with legal obligations
- Protect user accounts from unauthorized access
Third-Party Services
We use the following trusted third-party services:
The Movie Database (TMDB)
We use TMDB's API to provide movie information, posters, and metadata. When you search for movies, your search queries are sent to TMDB. We do not share your personal information with TMDB.
Auth0 (Authentication)
We use Auth0 for secure authentication with Google and Apple. When you sign in with these providers, Auth0 handles the authentication process. Auth0 may collect authentication-related data as described in their privacy policy.
Google Analytics (Optional)
With your consent, we use Google Analytics to understand how visitors use our site. All data is anonymized, IP addresses are masked, and advertising features are disabled.
Data Security
We implement industry-standard security measures to protect your data:
- Encryption - All passwords are encrypted using bcrypt hashing
- HTTPS - All data transmission is encrypted with SSL/TLS
- Secure sessions - Session tokens are protected and expire automatically
- Database security - Access controls and regular backups
- Authentication - OAuth 2.0 for social login via Auth0
While we take security seriously, no method of transmission over the internet is 100% secure. We continuously monitor and update our security practices.
Your Rights & Choices
You have full control over your data. Under GDPR and other privacy laws, you have the right to:
Access Your Data
View all your personal information and movie data in your profile settings.
Update Your Information
Edit your email, password, and preferences at any time through your profile.
Export Your Data
Request a copy of all your data in a portable format (contact us for data export).
Delete Your Account
You can delete your account at any time from your profile settings. We implement a 30-day soft delete period, after which all your data is permanently removed.
- Account deletion requires double confirmation (typing 'DELETE' + email verification)
- 30-day grace period before permanent deletion
- You can cancel deletion during the grace period
- After 30 days, all data is permanently and irreversibly deleted
Withdraw Consent
Change your cookie preferences at any time using the Cookie settings link in the footer.
Data Retention
We retain your data for the following periods:
- Active accounts - Data is retained as long as your account is active
- Deleted accounts - 30-day soft delete period, then permanent deletion
- Password reset tokens - Automatically deleted after 1 hour
- Email verification tokens - Automatically deleted after 24 hours
- Session data - Expires after 30 days of inactivity (or 1 year with "Remember Me")
- Analytics data - Anonymized data retained for up to 26 months (Google Analytics default)
Children's Privacy
MyWatchedMovies is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately and we will delete it.
GDPR Compliance
MyWatchedMovies is fully compliant with the EU General Data Protection Regulation (GDPR):
- Lawful basis for processing (consent, contract, legitimate interest)
- Data minimization - we only collect what's necessary
- Purpose limitation - data is only used for stated purposes
- Storage limitation - data is deleted when no longer needed
- Integrity and confidentiality - strong security measures
- Accountability - we document our compliance measures
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:
- Updating the "Last updated" date at the top of this policy
- Sending an email notification for significant changes
- Displaying a notice on the website
Your continued use of MyWatchedMovies after changes are posted constitutes your acceptance of the updated Privacy Policy.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
- Through the feedback form on our website
- Via your profile settings for account-related requests
We will respond to your inquiry within 30 days as required by GDPR.