MiniMovie
Sign in

Privacy Policy

Effective: 2026-05-01 · Version 1.0

TL;DR

MiniMovie is a personal movie and TV tracking app. We store only what you explicitly provide through your actions (watchlist, watch history) plus your first name and avatar URL from your sign-in provider for display purposes. We don't sell data or track you across the web. You can export or delete everything at any time from your account page.

What We Collect

Data Source Purpose
Provider subject ID Apple or Google sign-in Unique account identifier
First / given name Apple or Google sign-in Display in the UI (greeting, avatar fallback)
Avatar URL Google sign-in (if available) Profile picture display
Watchlist entries Your actions Track what you want to watch, are watching, or have watched
Watch events Your actions Record when you watched something
Session token (cookie) Authentication flow Keep you signed in

What We Don't Collect

  • Email address — never requested, never stored
  • Full name — only the given/first name
  • Device fingerprints — we use basic, anonymised traffic analytics (page views, country); no personal tracking scripts or ad pixels are used
  • Location data — not collected

Lawful Basis (GDPR)

We process your data under legitimate interest (providing the service you signed up for) and consent (you chose to sign in and use the tracking features). You may withdraw consent at any time by deleting your account.

How We Use Your Data

  • Display your name and avatar in the UI
  • Persist your watchlist and watch history
  • Calculate stats, streaks, and achievements
  • Authenticate your session

We do not use your data for advertising, profiling, or sell it to third parties.

Sub-Processors

Provider Purpose Location
Cloudflare CDN, hosting, and edge compute Global
Railway API hosting and database US
Apple Sign In Authentication only Global
Google OAuth Authentication only Global

Your data is stored in United States (us-east).

Data Retention

  • Account data — retained until you delete your account
  • Session tokens — expire after 30 days of inactivity
  • Auth codes — single-use, expire within 5 minutes

When you delete your account, all data is permanently removed within 24 hours.

Your Rights

Under GDPR and similar regulations, you have the right to:

  • Access — export all your data from your account page
  • Rectification — update your name/avatar by re-authenticating with your provider
  • Erasure — delete your account from your account page
  • Portability — export data as JSON
  • Object — contact us to object to processing

Cookies

We use a single essential cookie to maintain your session:

Cookie Purpose Duration
__Secure-mm_session Session authentication 30 days
mm_authed UI hint to indicate the user is authenticated. Does not contain sensitive data. 30 days

No analytics, marketing, or third-party cookies are used. A cookie banner is not required because we only use essential cookies.

Children

MiniMovie is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with data, please contact us and we will delete it.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via the app. The version number and effective date at the top of this page always reflect the current version.

Contact

For privacy questions, data requests, or concerns, email us at privacy@minimovie.info.