Privacy Policy

Last updated: 2026-05-20.

The short version

We collect the minimum we need to make the app work: your account (Google or Apple), the shows / movies / people / franchises you follow, and the friendships you create. We do not sell your data, do not run third-party analytics, and do not show ads.

What we collect

• Account info.When you sign in with Apple or Google, we receive an opaque user ID and (unless you use Apple's private email relay) an email address.
• Profile you create. Username, optional display name, avatar (uploaded only when you pick one — we ask for photo-library access only at that moment, and only read the file you select), bio, timezone, and your alert preferences.
• Your follows.Which shows / movies / people / franchises you follow, which you've marked watched, and any per-show alert overrides (alert level, snooze timer, hidden-from-feed flag).
• Friends + recommendations. Friendships you create and recommendations you send. Recipients can save or dismiss recommendations they receive.
• Device push tokens + metadata. Token, platform (iOS/Android), app version, and last-seen timestamp so we can deliver the alerts you asked for and retire dead tokens.
• Watchlist imports. When you import a CSV from Letterboxd, Trakt, or another source, we read the file locally on your device, send each title (and year, if present) to TMDB through our edge functions to find a match, and store the resulting follows. The raw CSV file is never uploaded to our servers.

Stored only on your device

These never leave your device unless you uninstall and reinstall:

• Recent search queries.
• Dismissed recommendations.
• Theme preference (auto / light / dark) and accent palette.
• Onboarding-tour completion flag.
• Rating-prompt timestamps.

What we do NOT collect

• Location data.
• Contacts (we don't scan your address book).
• Advertising or cross-app tracking identifiers.
• Third-party analytics SDKs.

Where your data lives

On a Supabase Postgres database hosted in the United States. Access is gated by Postgres row-level-security policies — your private rows are only visible to you (and, for some rows, to your accepted friends).

Third-party metadata

We fetch show / movie / person metadata from TMDB. This product uses the TMDB API but is not endorsed or certified by TMDB.

Your rights

• Download your data. In-app, Settings → Account → Download my data. We email you a JSON dump.
• Delete your account. In-app, Settings → Account → Delete my account. Removes everything you own; cascades through follows, friendships, recommendations, and push tokens.

Children

Not directed at children under 13. We don't knowingly collect data from them.

Contact

Questions about privacy? Email privacy@lume.app.