Legal Document

Privacy Policy

CineManiac — Your Social Movie Companion

Last updated: April 2025

This Privacy Policy explains how CineManiac collects, uses, and protects your personal information when you use our mobile application available on iOS and Android. By creating an account or continuing to use the app, you agree to this policy.

1 Data We Collect

1.1 Account & Identity Data

Data Field Source Storage
Email addressRegistration / Google / Apple Sign-InCloud Firebase Auth + Firestore
Display nameRegistration / Social loginCloud Firestore
Username (unique)RegistrationCloud Firestore
Profile photo URLGoogle/Apple or user uploadCloud Firestore (URL) + Firebase Storage (file)
BioUser inputCloud Firestore
Apple ID / Google ID tokensOAuth flowTransient Not stored raw
User ID (Firebase UID)Auto-generatedCloud Firebase Auth + all documents

1.2 User Preferences & Settings

Data FieldStorage
Favorite genresCloud Firestore
Notification preferences (friends, circles, events, polls)Cloud Firestore
Language / locale preferenceCloud Firestore + Local SharedPreferences
Region / country preferenceLocal SharedPreferences
Equipped cosmetic items (border, text effect, color)Cloud Firestore
Premium subscription statusCloud Firestore
Auto-share circle IDsCloud Firestore

1.3 Movie & Entertainment Data

Data FieldStorage
Movies added to watchlistCloud Firestore
Movies marked as watchedCloud Firestore
Movie ratings (0–100 scale)Cloud Firestore
Genre, cast, director, keyword IDs (cached from TMDB)Cloud Firestore
Search history (last 10 queries)Local SharedPreferences only

1.4 Social & Communication Data

Data FieldStorage
Friends list (user IDs)Cloud Firestore
Friend requests (sent & received)Cloud Firestore
Circle membershipsCloud Firestore
Circle activity / shared ratingsCloud Firestore
Circle invitationsCloud Firestore
Event chat messages (text, sender name, timestamp)Cloud Firestore
Event participation status (accepted, declined, invited)Cloud Firestore
Event poll votesCloud Firestore
Circle poll votesCloud Firestore
Movie suggestions to circlesCloud Firestore

1.5 Activity & Behavioral Data

Data FieldStorage
CineManiac Score (gamification points)Cloud Firestore
Daily login reward timestampsCloud Firestore
Ad watch count & last ad watch dateCloud Firestore
Unlocked shop itemsCloud Firestore
Activity feed entries (ratings, watchlist adds)Cloud Firestore (via Cloud Functions)
Password reset cooldown timestampLocal SharedPreferences only
Auto-share onboarding dismissalLocal SharedPreferences only
Location permission prompt statusLocal SharedPreferences only

1.6 Device & Technical Data

Data FieldStorage
FCM push notification tokensCloud Firestore
Device platform (iOS/Android) — inferredNot stored explicitly

1.7 Location Data

Data FieldPurposeStorage
Approximate GPS coordinates Nearby cinema search, region detection Transient Used for API call only, not stored
Country code (ISO) TMDB region for movie listings Local SharedPreferences only

1.8 On-Device ML Data

Data FieldStorage
Taste ML model weights (personalized recommendation model) Local SharedPreferences only — never uploaded

2 Third-Party Services & Data Sharing

We use the following third-party services, each governed by their own privacy policy.

Firebase (Google)

Authentication, Cloud Firestore (all user data), Firebase Storage (profile images, max 5 MB), Cloud Messaging (push notifications), and Cloud Functions (server-side processing). Data stored in the europe-west1 region.

firebase.google.com/support/privacy ↗

Google Sign-In

Receives email, display name, and profile photo URL. OAuth scope: email.

policies.google.com/privacy ↗

Apple Sign-In

Receives email (may be a relay address) and full name (first sign-in only). OAuth scopes: email, fullName.

apple.com/legal/privacy ↗

TMDB (The Movie Database)

Provides movie search, details, images, cast, genres, and recommendations. Data sent: search queries, language preference, region code. No personally identifiable information is sent to TMDB.

themoviedb.org/privacy-policy ↗

Google Places API

Used for nearby cinema search. Data sent: GPS coordinates (latitude/longitude) and search radius. Data received: cinema names, addresses, ratings, and open/closed status.

policies.google.com/privacy ↗

Google AdMob

Displays banner, interstitial, and rewarded video ads to non-premium users (home screen, movie detail, activity feed). AdMob may collect device advertising identifiers (IDFA on iOS, GAID on Android). On iOS, the App Tracking Transparency (ATT) prompt is shown before AdMob is initialized.

policies.google.com/technologies/ads ↗

RevenueCat

Manages in-app subscriptions (Premium tier) via Apple App Store and Google Play. Data shared: Firebase UID (as app_user_id) and purchase transaction data. RevenueCat sends subscription lifecycle events to our Cloud Function via a secure webhook.

revenuecat.com/privacy ↗

3 How We Use Your Data

  • Account management — Create, authenticate, and maintain your account.
  • Core functionality — Track watched movies, store ratings, manage your watchlist.
  • Social features — Friend requests, circles, event planning, and chat coordination.
  • Personalized recommendations — On-device ML model and TMDB genre-based recommendations using your rating history.
  • Push notifications — Friend requests, circle invitations, event updates, chat messages, and poll reminders.
  • Nearby cinema search — Find cinemas near you using GPS location (with your permission).
  • Content localization — Adjust movie listings by your detected or selected region and language.
  • Advertising — Display banner, interstitial, and rewarded video ads to non-premium users.
  • In-app purchases — Manage premium subscriptions via RevenueCat.
  • Gamification — CineManiac Score, daily login rewards, and shop items.
  • Activity feed — Share your movie ratings and watchlist actions with friends (generated server-side).

4 Data Retention & Deletion

ScenarioWhat Happens
Account deletion Your user document and username reservation are deleted from Firestore. Your Firebase Auth record is removed.
Orphaned data Friend requests, circle memberships, event participations, and activity feed entries that reference your account may persist in our database after deletion.
Local data SharedPreferences data (search history, locale, ML weights, cooldowns) persists on-device until you uninstall the app.
Profile images Profile images stored in Firebase Storage are not automatically deleted when your account is deleted.
Chat messages Event chat messages persist for the event's lifetime. Messages from deleted accounts will retain the original sender name.

Account deletion removes your primary user document, but some associated data (movie subcollections, circle references, activity entries, and profile images) may remain in our systems. We are working to extend automatic cleanup to cover all associated data.

5 Data Security

  • All data is transmitted over HTTPS/TLS.
  • API keys are obfuscated in the compiled binary using the envied package.
  • Firestore Security Rules enforce access control — only owners can write; reads are scoped to participants.
  • Firebase Storage rules enforce file ownership — users can only write to their own profile image path.
  • Apple Sign-In uses a SHA-256 nonce to prevent replay attacks.
  • RevenueCat webhook requests are validated using time-constant secret comparison to prevent timing attacks.
  • Passwords are managed entirely by Firebase Authentication — we never store or access your password.

6 Children's Privacy

CineManiac is not directed at children under the age of 13 (or the minimum age required in your jurisdiction, which may be higher — for example, 16 in some EU member states). We do not knowingly collect personal information from children below the applicable minimum age. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

7 Your Rights (GDPR / CCPA)

  • Right to access — View your data in-app: profile, movies, friends, and settings.
  • Right to rectification — Edit your profile, display name, bio, and other settings at any time.
  • Right to deletion — Delete your account in Settings → Danger Zone. See Section 4 for retention details.
  • Right to data portability — Contact us to request a copy of your data.
  • Right to withdraw consent — Manage notification preferences, revoke location permission, and opt out of ad tracking via the ATT prompt (iOS) or device settings (Android).
  • Right to object — Opt out of personalized advertising via your device's advertising settings or the iOS ATT prompt.

8 Local Storage

CineManiac is a native mobile app and does not use web cookies. We use SharedPreferences (a platform key-value store) to store the following data locally on your device:

  • Language and locale preference
  • Region preference
  • Search history (up to 10 recent queries)
  • Password reset cooldown timestamps
  • On-device ML model weights (personalized recommendations)
  • UI onboarding dismissal flags
  • Location permission prompt status

This data remains on your device until you uninstall the app.

9 International Data Transfers

Your data is primarily stored on Firebase / Google Cloud infrastructure in the europe-west1 region. However, by using CineManiac, your data may be transferred to and processed in the United States and other countries where Google (Firebase, AdMob, Places), Apple, RevenueCat, and TMDB operate their servers.

These transfers are made under appropriate safeguards as required by applicable data protection law, including the standard contractual clauses provided by these services.

10 Contact Us

For privacy inquiries, data access or deletion requests, or any questions about this policy, please reach out:

support@cinemaniac.app
← Back to CineManiac Terms of Service →