Privacy Policy

The data controller for your personal data under GDPR is:

We only collect data necessary to operate the service. None of it is used for advertising or behavioural tracking.

• AccountEmail, name (optional), profile picture (optional), password hashed with bcrypt if you use password authentication.
• User contentMovies and TV shows you mark as watched, your watchlist, favourites, reviews and ratings you publish, watch dates.
• Social interactionsList of users you follow and who follow you, votes (upvotes / downvotes) on reviews, reports, blocks.
• PreferencesInterface language (FR or EN), profile privacy settings (public / private), notification preferences.
• Technical dataInternal account identifier (User ID), push notification token (Device ID, only if you enable notifications), in-app interactions (taps on titles) for app functionality.
• Activity logsFor security (anti-spam, anti-abuse), some actions (login, registration) are logged with your IP address, anonymised to IPv4 only. Access restricted to administrators.

Important: we use NO advertising SDKs, NO third-party analytics tools (no Google Analytics, no Facebook Pixel, etc.), NO behavioural trackers.

The iOS and Android app collects the same data as the web version, plus a few platform-specific items:

• Sign in with GoogleIf you sign in with Google, we receive your email, name, and profile picture from Google. No other Google data is requested. You can revoke this access at any time from your Google account.
• Sign in with AppleIf you sign in with Apple (iOS), we receive your email (or a private relay email if you choose) and your name (only on first sign-in). Apple does not share your Apple ID with us. You can revoke access from Settings → Apple ID → Sign in with Apple.
• Push notificationsIf you enable notifications, a unique device token (APNs on iOS / FCM on Android) is stored to deliver notifications. This token is only used for notification delivery and is removed if you disable notifications or uninstall the app.
• Device permissionsPhotos / Camera: only requested if you choose to set a custom profile picture. The image is uploaded to our servers and associated with your account. No continuous access to your photo library.

Per GDPR Article 6, here are the lawful bases we rely on:

• Performance of contractAccount data (email, name, user content) is necessary to provide the service you requested by creating an account.
• Legitimate interestActivity logs (with anonymised IP) protect the service against spam, fraud and attacks. This interest is balanced against your right to privacy.
• ConsentPush notifications require your explicit consent via the iOS/Android system prompt. You can withdraw this consent at any time from device or app settings.

We rely on the following services. No personal data is shared with them unless stated otherwise:

• TMDB (The Movie Database)API used to fetch movie and TV show metadata (titles, posters, synopses). No user data is sent to TMDB.themoviedb.org/privacy-policy
• OMDb APIAPI used to fetch IMDb / Rotten Tomatoes / Metacritic ratings. No user data is sent to OMDb.omdbapi.com
• Google (OAuth + APNs/FCM)Used for OAuth login (mobile + web) and Android push notification delivery (FCM). Subject to Google's privacy policy.policies.google.com/privacy
• Apple (Sign in with Apple + APNs)Used for Sign in with Apple (iOS) and iOS push notification delivery (APNs). Subject to Apple's privacy policy.apple.com/legal/privacy
• Vercel + MongoDB AtlasThe web app is hosted on Vercel (USA / EU, GDPR-compliant). The database is on MongoDB Atlas (EU). All connections are TLS-encrypted.

We only keep your data as long as necessary:

• Active accountAs long as your account is active, your data is kept to provide you the service.
• Activity logsLogs containing anonymised IPs are kept for a maximum of 12 months for security purposes, then deleted automatically.
• Read notificationsNotifications marked as read are automatically deleted 2 days after reading.
• Account deletionYou can delete your account at any time from Settings → Delete account (mobile and web). Deletion is immediate and irreversible: reviews, watchlist, history, follows, votes, blocks, reports, and push token are erased.

Push notifications (new follower, new review from someone you follow, vote on your review) are only sent if you explicitly accepted the system permission prompt. You can disable them at any time from app settings or your device system settings. When you disable them, your token is removed from our servers.

Feel It Stream is not directed to children under 13 (or the minimum legal age applicable in your jurisdiction). We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with data, contact us and we will delete it immediately.

You have the following rights over your personal data. To exercise them, contact us at thomasboissontb30@gmail.com — we will respond within 30 days.

• Right of accessYou can request a copy of all the personal data we hold about you.
• Right to rectificationYou can edit your name, email, picture and preferences directly from Settings → Profile in the app.
• Right to erasureYou can delete your account and all your data at any time from Settings → Delete account. Immediate and permanent deletion.
• Right to portabilityYou can request an export of your data in a structured format (JSON) by contacting us.
• Right to objectYou can object to processing based on legitimate interests (e.g., activity logs) by contacting us.
• Right to lodge a complaintYou have the right to file a complaint with your local data protection authority (CNIL in France: cnil.fr) if you believe your rights are not respected.

We may update this policy to reflect changes in law or in the service. The last update date is shown at the top of this page. For substantial changes, we will notify you by email or via an in-app notification before they take effect.

For any questions about this privacy policy or to exercise your GDPR rights, you can contact us at: