Privacy Policy

1. Information We Collect

1.1 Information You Provide to Us

We collect information that you voluntarily provide when you register for an account, update your profile, or otherwise interact with the Service:

• Account Information: When you create an account, we collect your username, email address, and a password (which is hashed and never stored in plain text).
• Profile Information: You may optionally provide your full name, a display nickname, birth year, gender, country of residence, preferred language, a profile image, and a profile banner image.
• Content You Create: Information about the movies, TV series, and games you add to your library, including watch status, favorites, ratings, playtime, completion status, archive records, and personal notes.
• Communication Data: If you contact us directly via email or through any support channel, we collect the content of your message and any attachments you may send.
• Preferences and Settings: Your application preferences, including theme selection (dark mode), auto-update settings, notification preferences, recommendation settings, and language preferences.

1.2 Information Collected Automatically

When you access or use the Service, we may automatically collect certain information about your device and usage:

• Log Data: Our servers automatically record information that your browser or device sends whenever you visit the Service. This may include your Internet Protocol (IP) address, browser type and version, the pages you visit, the time and date of your visit, the time spent on those pages, and other diagnostic data.
• Device Information: We may collect information about the device you use to access the Service, including the hardware model, operating system and version, unique device identifiers, and mobile network information.
• Usage Data: Information about how you interact with the Service, such as which features you use, the frequency and duration of your activities, search queries, content you view, and your navigation patterns.
• Location Information: We may infer your general location (city or country level) based on your IP address. We do not collect precise geolocation data from your device.

1.3 Information from Third-Party Sources

We may receive information about you from third-party services that we integrate with:

• Authentication Services: If you choose to log in using a third-party authentication provider, we may receive certain profile information from that provider as permitted by your privacy settings with that provider.
• Analytics Providers: We use analytics services such as Google Firebase Analytics to help us understand how users interact with the Service. These services collect usage data and provide aggregated reports.
• Subscription Data: If you purchase a subscription through our mobile application, we receive transaction confirmation and subscription status information from RevenueCat, our subscription management provider. RevenueCat processes payment information on our behalf; we do not directly receive or store your full credit card details.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To Provide and Maintain the Service: To create and manage your account, authenticate your identity, process your requests, and deliver the core functionality of the Service, including tracking your media library, managing watchlists, and providing personalized recommendations.
• To Personalize Your Experience: To tailor content, recommendations, and features based on your preferences, watch history, language settings, and region. This includes generating smart calendar events for upcoming releases relevant to your tracked content.
• To Communicate With You: To send you service-related notifications, such as account verification emails, password reset instructions, security alerts, and updates about changes to our policies or terms. We may also send you notifications about new episodes of tracked series, upcoming movie releases, and game release dates based on your notification preferences.
• To Improve the Service: To analyze usage patterns, diagnose technical issues, conduct research, and develop new features and functionality. This includes monitoring the performance of our multi-layer caching system (Redis, PostgreSQL, API fallback) to optimize response times.
• To Ensure Security: To detect, prevent, and investigate fraudulent activity, unauthorized access, and other potentially illegal or policy-violating activities. This includes rate limiting and monitoring for abuse of our API endpoints.
• To Comply with Legal Obligations: To comply with applicable laws, regulations, legal processes, or governmental requests, and to enforce our Terms of Service and other agreements.
• To Process Subscriptions: To manage your subscription status, verify entitlements, and coordinate with RevenueCat for payment processing and subscription lifecycle management.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, our legal basis for collecting and using your personal information depends on the specific context in which we collect it. We process your personal data on the following legal bases:

• Performance of a Contract: We process your data to fulfill our contractual obligations to you, such as creating and maintaining your account, providing the Service, and processing your subscriptions.
• Legitimate Interests: We process your data for our legitimate interests, including improving the Service, ensuring security, preventing fraud, analyzing usage patterns, and marketing our services, provided these interests are not overridden by your data protection rights.
• Consent: We may process your data based on your explicit consent for specific purposes, such as sending marketing communications or using certain cookies. You may withdraw your consent at any time through your account settings or by contacting us.
• Legal Obligation: We may process your data to comply with applicable laws, regulations, or valid legal requests from law enforcement or other government authorities.

4. How We Share Your Information

We do not sell your personal information to third parties. We may share your information in the following circumstances:

4.1 Service Providers and Vendors

We may share your information with third-party service providers who perform services on our behalf, including:

• Hosting and Infrastructure: Cloud hosting providers, database services, and content delivery networks (CDNs) that help us operate and deliver the Service.
• Analytics: Providers such as Google Firebase Analytics that help us understand how users engage with the Service.
• Subscription Management: RevenueCat, which manages in-app subscription purchases, entitlement verification, and subscription lifecycle events on our behalf.
• Content Data: Third-party content databases such as TMDB (The Movie Database), IGDB (Internet Game Database), and RAWG that provide metadata about movies, TV series, and games displayed within the Service. When you search for or view content details, we may transmit the relevant content identifier to these services.
• Translation Services: Providers such as DeepL or Google Cloud Translation that power our multi-language localization features.
• Email Services: Providers that help us send transactional and notification emails.

All service providers are contractually obligated to protect your information and use it solely for the purposes of providing the contracted services.

4.2 Business Transfers

If Roxmedia is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership or uses of your personal information.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government demand), or if we believe in good faith that such action is necessary to:

• Comply with a legal obligation.
• Protect and defend the rights or property of Roxmedia.
• Prevent or investigate possible wrongdoing in connection with the Service.
• Protect the personal safety of users of the Service or the public.
• Protect against legal liability.

4.4 With Your Consent

We may share your information for any other purpose with your explicit consent or at your direction.

5. Third-Party Services

Our Service integrates with and relies on several third-party services. This section provides detailed information about these integrations and how your data interacts with them.

5.1 RevenueCat (Subscription Management)

We use RevenueCat to manage in-app subscriptions and purchases. RevenueCat acts as a middleware between our mobile application and the app stores (Google Play Store). When you make a purchase:

• RevenueCat receives and processes your purchase transaction data from the app store.
• We receive confirmation of your subscription status and entitlement information from RevenueCat.
• RevenueCat does not receive your Roxmedia account credentials. We use a unique, anonymized identifier to link your subscription status to your account.
• We do not receive or store your full credit card or payment method details. Payment processing is handled entirely by the respective app store (Google Play).

RevenueCat’s privacy practices are governed by their own privacy policy, which we encourage you to review at https://www.revenuecat.com/privacy.

5.2 Google Firebase Analytics

We use Firebase Analytics, a service provided by Google LLC, to collect anonymized usage data and analytics. Firebase Analytics helps us understand user behavior, track feature adoption, and measure the effectiveness of our Service. Firebase Analytics may collect:

• Device information (model, OS version).
• App usage data (screens visited, features used, session duration).
• General location data (derived from IP address, at city/country level only).
• User-triggered events within the application.

Data collected by Firebase Analytics is governed by Google’s privacy policy, available at https://policies.google.com/privacy. You can learn more about how Google uses data at https://policies.google.com/technologies/partner-sites.

5.3 TMDB (The Movie Database)

We use the TMDB API to retrieve metadata about movies and TV series, including titles, descriptions, cast information, release dates, posters, and backdrop images. When you search for or view content details, we transmit the relevant TMDB content identifier to TMDB’s servers. TMDB does not receive your Roxmedia account information. TMDB’s privacy policy is available at https://www.themoviedb.org/privacy-policy.

5.4 IGDB (Internet Game Database)

We use the IGDB API, operated by Twitch Interactive (an Amazon company), to retrieve metadata about video games, including titles, descriptions, genres, platforms, release dates, cover art, and ratings. Your queries to IGDB may include game identifiers but do not include your Roxmedia account information. IGDB’s privacy practices are covered under Twitch’s privacy policy at https://www.twitch.tv/p/legal/privacy-notice/.

5.5 RAWG Video Games Database

We use the RAWG API as an additional source of video game metadata. RAWG does not receive your Roxmedia account information. RAWG’s privacy policy is available at https://rawg.io/privacy.

5.6 Translation Services

Our Service supports 16 languages through machine translation. We may use services such as DeepL or Google Cloud Translation to translate content metadata (titles, descriptions, genres) into your selected language. Content sent for translation is processed solely for the purpose of providing localized content and is not stored by the translation provider beyond the temporary processing period.

5.7 External Links

The Service may contain links to third-party websites, platforms, or services that are not owned or controlled by Roxmedia. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you interact with.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and ensure the security of the Service.

6.1 Types of Cookies We Use

• Essential Cookies: These cookies are necessary for the core functionality of the Service. They enable features such as user authentication, maintaining your session state, and remembering your preferences (such as language selection and theme). The Service cannot function properly without these cookies.
• Preference Cookies: These cookies allow us to remember choices you make (such as your language preference or the region you select) and provide enhanced, more personalized features.
• Analytics Cookies: These cookies help us understand how visitors interact with the Service by collecting and reporting information anonymously. We use these to measure and improve the performance of our Service.
• Security Cookies: These cookies help us detect and prevent security threats, authenticate users, and protect user data from unauthorized access.

6.2 JWT Tokens

We use JSON Web Tokens (JWT) for authentication. When you log in, an access token and optionally a refresh token are stored as secure, HTTP-only cookies in your browser. These tokens are used to authenticate your subsequent requests without requiring you to re-enter your credentials. These tokens expire after a set period, after which you will need to log in again or your session will be automatically refreshed.

6.3 Your Cookie Choices

Most web browsers allow you to control cookies through their settings. You can typically set your browser to block cookies, delete existing cookies, or alert you when cookies are being sent. However, please note that disabling essential cookies may prevent you from logging into the Service or using certain features that require authentication.

We do not currently respond to Do Not Track (“DNT”) signals because there is no universally accepted standard for how to interpret such signals.

7. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, or as required by applicable law.

• Account Information: We retain your account information for as long as your account remains active. If you choose to delete your account, we will permanently delete or anonymize your personal data within thirty (30) days of your deletion request, except where retention is required by law or for legitimate business purposes (such as fraud prevention or resolving disputes).
• Content Data: Your media library data (tracked movies, series, games, watch history, archives) is retained for the life of your account and is deleted upon account deletion.
• Usage Data: We retain anonymized or aggregated usage data indefinitely for analytical purposes. This data cannot be used to identify you personally.
• Log Data: Server logs are retained for a limited period (typically 30-90 days) for security monitoring and debugging purposes, after which they are automatically deleted.
• Subscription Data: Subscription records are retained for the duration of your subscription relationship and for a reasonable period thereafter as required for accounting, tax, and legal compliance purposes.

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security). Passwords are hashed using industry-standard bcrypt hashing algorithms and are never stored in plain text.
• Access Controls: Access to personal data is restricted to authorized personnel who need the information to perform their job functions. We enforce role-based access controls and conduct regular access reviews.
• Infrastructure Security: Our servers are hosted in secure data centers with physical security measures, network firewalls, intrusion detection systems, and regular security updates.
• API Security: We implement rate limiting, input validation, and authentication requirements on all API endpoints. Sensitive operations require additional authentication or security tokens.
• Monitoring: We continuously monitor our systems for suspicious activity and have procedures in place to respond to potential security incidents.
• Data Minimization: We only collect and retain the minimum amount of personal data necessary to provide and improve the Service.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. If you believe your account or information has been compromised, please contact us immediately.

9. Your Rights and Choices

9.1 Access and Update

You can access and update most of your personal information directly through your account settings page. This includes your profile information, notification preferences, language settings, and connected content. You may also request a copy of all personal data we hold about you by contacting us.

9.2 Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. Upon your request, we will provide your data in a portable format (such as JSON or CSV) within a reasonable timeframe.

9.3 Deletion

You have the right to request the deletion of your personal data. You may delete your account at any time through your account settings. Upon account deletion:

• Your account credentials and profile information will be permanently deleted.
• All your media library data (tracked movies, series, games, episodes, archives) will be permanently deleted.
• Anonymized or aggregated data that cannot be linked back to you may be retained for analytical purposes.
• Information required for legal compliance or legitimate business purposes may be retained as described in Section 7.

9.4 Restriction and Objection

You may have the right to restrict or object to certain types of processing of your personal data. For example, you may object to processing based on legitimate interests or for direct marketing purposes. You can manage your notification preferences and data processing choices through your account settings.

9.5 Exercising Your Rights

To exercise any of the rights described above, please contact us at the email address provided in Section 14. We will respond to your request within the timeframe required by applicable law (typically 30 days). We may need to verify your identity before processing your request.

9.6 Complaint to Supervisory Authority

If you are located in the EEA, UK, or Switzerland and believe that our processing of your personal data violates applicable data protection laws, you have the right to lodge a complaint with your local data protection supervisory authority.

10. Children’s Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information promptly. If you are a parent or guardian and you become aware that your child has provided us with personal information without your consent, please contact us immediately.

In certain jurisdictions, the minimum age may be higher (e.g., 16 in some EU member states). We comply with all applicable age restrictions under local law. If you are between the ages of 16 and 18 (or the legal age of majority in your jurisdiction), you may only use the Service under the supervision of a parent or legal guardian who agrees to be bound by this Privacy Policy and our Terms of Service.

11. International Data Transfers

Your information may be transferred to and processed on servers located in countries other than the country in which you reside. These countries may have data protection laws that differ from the laws in your country.

We take appropriate safeguards to ensure that your personal data remains protected in accordance with this Privacy Policy when transferred internationally. For transfers from the EEA, UK, or Switzerland to countries not recognized as providing an adequate level of data protection, we implement appropriate safeguards such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Ensuring that service providers maintain appropriate technical and organizational security measures.
• Conducting transfer impact assessments where required.

By using the Service, you consent to the transfer of your information to our facilities and to the facilities of those third parties with whom we share it as described in this Privacy Policy.

12. California Privacy Rights

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

• Right to Know: You have the right to request that we disclose what categories and specific pieces of personal information we have collected about you, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting or sharing the information, and the categories of third parties with whom we share the information.
• Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
• Right to Opt-Out: We do not sell your personal information as defined under the CCPA/CPRA. We also do not share personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise your California privacy rights, please contact us using the information in Section 14. We will verify your request using information associated with your account. You may also designate an authorized agent to submit a request on your behalf.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make changes, we will revise the “Last Updated” date at the top of this policy.

For material changes, we will provide additional notice, such as:

• Sending an email notification to the email address associated with your account.
• Displaying a prominent notice within the Service.
• Requiring you to acknowledge the updated policy before continuing to use the Service.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about our privacy practices.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

• Email: [email protected]
• Data Protection Officer: [email protected]

We will make every effort to respond to your inquiry promptly and to resolve any concerns you may have about our privacy practices.