1. Who We Are

Reel Gradr is a personal film rating platform available at reelgradr.com. For privacy questions, you can reach us at noreply@reelgradr.com.

2. What Data We Collect

Account information

• Username — chosen by you at signup, used to identify your account
• Email address — used to verify your account and send password reset emails
• Password — stored as a secure bcrypt hash; we never store or see your plain-text password
• Display name — optional, shown on share cards instead of your username
• Profile avatar — optional, an image you upload or a predefined illustration

Activity data

• Film scorecards — the ratings, weights, and verdicts you submit
• Friend relationships — which accounts you have connected as friends
• Share links — short links you create to share your scorecards

Technical data

• IP address — used temporarily for rate limiting (preventing abuse). Not stored permanently.
• Session tokens — stored in your browser's localStorage to keep you signed in. Expire after 30 days.
• Theme preference — light or dark mode, stored locally in your browser only

3. How We Use Your Data

• To create and manage your account
• To send email verification and password reset emails
• To display your ratings and enable friend comparisons
• To generate film recommendations based on rating patterns
• To serve share links you create
• To prevent abuse through rate limiting

We do not use your data for advertising, profiling, or any purpose beyond operating the service.

4. Film Data and Third Parties

When you search for films, your search query is sent to The Movie Database (TMDB) to retrieve film metadata. Your search queries are subject to TMDB's privacy policy. We do not send any personally identifying information to TMDB.

We do not share your personal data with any other third parties.

5. Data Storage and Security

Your data is stored on a server hosted on Oracle Cloud infrastructure. We use the following measures to protect it:

• All connections are encrypted via HTTPS (TLS)
• Passwords are hashed using bcrypt with unique salts
• The database is backed up nightly and backups are retained for 7 days
• Rate limiting is applied to authentication endpoints to prevent brute force attacks

No security measure is perfect. In the event of a data breach, we will notify affected users by email as soon as reasonably possible.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, all of the following are permanently removed from our servers:

• Your username, email, and password hash
• All film scorecards you have submitted
• Your friend relationships
• Your share links
• Your profile avatar

Deletion is immediate and irreversible. Backup copies may persist for up to 7 days before being overwritten.

7. Your Rights

You have the right to:

• Access your data — all your film ratings and account information are visible within the app
• Correct your data — you can update your display name and avatar at any time from your profile
• Delete your data — you can permanently delete your account from the profile settings
• Contact us — if you have questions or requests about your data, email noreply@reelgradr.com

8. Children's Privacy

Reel Gradr is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly.

9. Cookies and Local Storage

Reel Gradr does not use cookies. We use your browser's localStorage to store your session token and preferences (such as light/dark mode). This data never leaves your device and is not accessible to us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the date at the top of this page. For significant changes, we will make reasonable efforts to notify users by email.

11. Contact

For any privacy-related questions or requests, please contact us at noreply@reelgradr.com.

---

This privacy policy was written for Reel Gradr and reflects our actual data practices. It does not constitute legal advice.