🔒 Data Policy

How CouchVote handles your account, your couch, and your votes — and what we deliberately don't collect.

Privacy Policy

Last Updated: 2026-05-17

CouchVote ("we", "us", "our") provides a couch consensus engine that helps people decide what to watch together. This Privacy Policy explains what we collect, how we use it, and your rights. It applies to the CouchVote mobile app (iOS and Android) and the website at couchvote.com.

TL;DR

  • We collect the minimum data needed to run your account, your couch, and your voting sessions.
  • We do not sell your data. We do not run third-party advertising or tracking SDKs in the app.
  • Movie metadata comes from TMDB and OMDB. We send no user data to them.
  • Your data is hosted in the EU (Microsoft Azure, North Europe).
  • You can access, export, or delete your data at any time. Deleting your account erases your personal data.
  • Questions: legal@couchvote.com.

1. Who We Are

CouchVote is the data controller for personal data processed through the app and website. You can reach us at legal@couchvote.com.

2. Data We Collect

We only collect what we need to operate the service.

2.1 Account Data

  • Email address
  • Hashed password (we never store or see your plaintext password)
  • Display name
  • For Apple Sign-In or Google Sign-In: the OAuth subject identifier returned by Apple/Google, plus the email and name they share with us

2.2 Authentication Tokens

  • JWT access and refresh tokens issued by our backend
  • These are stored on your device in secure OS-level storage

2.3 Couch and Voting Preferences

  • Couch membership and roles
  • Voting rules, vetoes, content filters, and preference settings you configure

2.4 Session and Voting History

  • Records of voting sessions you start or join
  • Your votes, reactions, and the outcome of each session
  • Session configuration (e.g., card count, time per card)

2.5 Optional Watchlist

  • Titles you save to your personal or couch watchlist
  • Watch status if you choose to record it

2.6 Diagnostic Telemetry

  • Anonymized crash reports and performance metrics via Microsoft Application Insights
  • We do not include account identifiers, email, or content of votes in telemetry

We do not collect precise location, contacts, photos, microphone, or camera data.

3. How We Use Your Data

  • To create and secure your account
  • To run voting sessions and apply your couch's rules
  • To generate movie recommendations tailored to your couch
  • To sync, back up, and restore your preferences across your devices
  • To respond to support requests
  • To detect abuse, fraud, and security incidents
  • To meet legal and regulatory obligations

We do not use your data to train third-party AI models. We do not profile you for advertising.

4. Legal Bases (GDPR)

Where GDPR applies, we rely on:

  • Contract — to provide the service you signed up for
  • Legitimate interests — to keep the service secure, debug crashes, and prevent abuse
  • Consent — for anything optional we ask you to opt into
  • Legal obligation — when we must retain or disclose data by law

5. Third Parties

We share data with a small, deliberately limited set of providers.

ProviderPurposeWhat we share
Microsoft Azure (North Europe)Hosting, database, storage, secrets, monitoringAll service data, hosted in the EU
Apple Sign-InOptional sign-inAuth handshake; we receive the Apple subject ID, email, and name
Google Sign-InOptional sign-inAuth handshake; we receive the Google subject ID, email, and name
Application Insights (Microsoft)Anonymized crash and performance telemetryDiagnostic events without account identifiers
TMDBMovie metadata (titles, posters, overviews)No user data. We sync TMDB's public catalog via background jobs.
OMDBRatings lookupNo user data. We query public title metadata only.

We do not share data with advertisers, data brokers, or analytics networks.

6. International Transfers

Your data is stored in the EU (Microsoft Azure, North Europe region). If we ever process data outside the EU/EEA, we will rely on the European Commission's Standard Contractual Clauses (SCCs) and any additional safeguards required at that time.

7. Data Retention

  • We keep your data for as long as your account is active.
  • You can delete your account from within the app at any time.
  • Account deletion cascades to all personal data we hold about you, including your votes, sessions, couch memberships you own, and watchlists.
  • Backups containing your data are rotated and purged on a rolling schedule (typically within 30 days).
  • We may retain limited records longer where required by law (e.g., tax, fraud investigation).

8. Security

  • All traffic is encrypted in transit using TLS.
  • Data is encrypted at rest using Azure-managed encryption.
  • Secrets and API keys are stored in Azure Key Vault.
  • Authentication uses JWTs with short-lived access tokens and rotating refresh tokens.
  • Apple Sign-In identity tokens are verified with Apple's published RS256 keys.
  • Passwords are hashed with a modern, salted, slow hash function.

No system is perfectly secure. If we discover a breach affecting your data, we will notify you and the relevant authorities as required by law.

9. Your Rights

9.1 GDPR (EU/EEA, UK, and similar regimes)

You have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your data ("right to be forgotten")
  • Portability — receive your data in a machine-readable format
  • Restrict processing in certain cases
  • Object to processing based on legitimate interests
  • Not be subject to automated decision-making that produces legal or similarly significant effects (we do not perform such decision-making)
  • Lodge a complaint with your local supervisory authority

To exercise any of these rights, email legal@couchvote.com or use the in-app account tools.

9.2 CCPA (California)

California residents have the right to:

  • Know what personal information we collect and how we use it
  • Delete personal information we hold about you
  • Opt out of sale — we do not sell personal information, so there is nothing to opt out of, but the right is acknowledged
  • Non-discrimination for exercising your rights

10. Children

CouchVote is not directed at children. You must be at least 13 years old to use the service, or older where local law sets a higher age (for example, 16 in parts of the EU under GDPR-K). We do not knowingly collect data from anyone under the applicable minimum age. If you believe a child has created an account, contact us and we will delete it.

11. Cookies and Tracking

  • The marketing website at couchvote.com uses only functional cookies needed to make the site work.
  • The app does not include third-party advertising or analytics SDKs.
  • We do not use cross-site or cross-app tracking.

12. Changes to This Policy

We may update this policy from time to time. If changes are material, we will notify you in the app and/or by email before they take effect. The "Last Updated" date at the top of this page always reflects the current version.

13. Contact

Questions, requests, or complaints:

legal@couchvote.com

<!-- TODO Items to review with a qualified lawyer before public launch: - Confirm the legal entity name, registered address, and company number to insert as the data controller. - Confirm governing-law and supervisory-authority alignment with the entity's country of registration (currently assuming Czech Republic / ÚOOÚ). - If launching in the EU before establishing an EU entity, appoint and disclose an EU representative under GDPR Art. 27. - If launching in the UK, appoint and disclose a UK representative under UK GDPR Art. 27. - Confirm minimum age per jurisdiction (COPPA: 13, GDPR-K: 13–16 depending on member state, UK: 13, South Korea: 14, etc.) and whether parental consent flow is needed. - Confirm Apple App Store privacy "nutrition label" disclosures match this policy exactly. - Confirm Google Play Data Safety form matches this policy exactly. - Confirm Apple Sign-In requirements: must be offered if any third-party login is offered on iOS; private relay email handling disclosed. - Confirm TMDB and OMDB attribution wording satisfies their current ToS. - Confirm Application Insights configuration actually strips PII as described (sampling, redaction, IP masking). - Decide whether DPA is needed with Microsoft (Azure DPA already in place by default; reference it if required). - Add cookie banner / consent management on couchvote.com if any non-functional cookies are introduced later. - Decide retention window for security logs and document it explicitly. - Confirm breach notification SLAs (GDPR: 72 hours to authority). - If processing any special category data in the future (health, biometrics), revisit lawful basis. -->