Privacy Policy
1. Who we are
InterFrame ("we", "us", "our") is a media-tracking mobile application for cinephiles. We operate from India. This Privacy Policy describes how we collect, use, and share information when you use the InterFrame app or interact with our services at interframe.app and api.interframe.app.
2. What data we collect
2.1 Data you provide
- Account details: email address, password (stored as a bcrypt hash), display name, and chosen username when you create an account.
- Sign-in with Google or Apple: if you use these options, we receive a verified email and (with Apple) an opaque user identifier from the respective provider. We do not receive your password.
- Profile content: avatar URL, pinned favorites, and other profile data you choose to set.
- Activity and content: films and TV shows you mark as favorite, watchlist, watched, watching, on-hold, or dropped; ratings; reviews; comments; lists; diary entries; replies to other users; follow relationships.
2.2 Data we collect automatically
- Device information: platform (iOS / Android), OS version, app version, device model, locale, and a randomly generated device identifier we create to count installations and detect abuse.
- Approximate location: we derive a country-level location from your IP address. We do not collect precise GPS location.
- Session data: when you open the app, including timestamp, IP address, and the app version in use.
- Push notification tokens: if you allow push notifications, your platform-issued push token so we can deliver reminders and announcements.
- Crash reports and performance data: stack traces and runtime context (no personal content) when the app crashes or errors. Processed by Sentry.
- Advertising identifier: if you grant App Tracking Transparency permission on iOS, or do not opt out on Android, the platform-provided advertising identifier may be sent to Google AdMob to deliver personalized ads. If you decline, AdMob serves non-personalized ads only.
2.3 Data we do NOT collect
- Precise GPS location
- Photos, contacts, calendar, microphone, or camera
- Health, biometric, financial, or government-ID information
- Browsing history outside the InterFrame app
3. How we use your data
- Provide the service: create your account, sync your watch list across devices, deliver push notifications you've opted into.
- Communicate with you: send verification emails when you sign up, password reset emails when you request them, and important account or service notices.
- Improve the product: aggregated usage analytics (active users, retention, app version distribution) to understand which features are used. Individual users are not identified in these reports.
- Show advertising: deliver ads via Google AdMob to keep InterFrame free. See Section 5.
- Maintain security: rate-limit abusive traffic by IP, detect duplicate or fraudulent accounts, ban accounts that violate our Terms.
- Comply with law: respond to lawful requests from authorities where required.
4. Third parties we share data with
We share the minimum data necessary with the following processors so the app can function. Each is bound by their own privacy policy and (where applicable) a data-processing agreement with us.
| Service | Purpose | What's shared |
|---|---|---|
| TMDB | Film + TV metadata, posters | Search queries; no personal data |
| Google AdMob | Advertising | Advertising identifier (if granted), device info, IP, app interactions |
| Google Sign-In | Authentication (only if you choose) | Your Google email + name, ID-token claims |
| Apple Sign-In | Authentication (only if you choose) | Opaque user ID, optional relay email |
| Sentry | Crash + error reporting | Stack traces, app version, OS version. No content of your account. |
| Resend | Transactional email | Your email address; subject + body of the message being sent |
| Neon | Database hosting (data processor) | All account data, stored encrypted at rest |
| DigitalOcean | Server hosting (data processor) | All requests pass through; no separate storage |
We do not sell your personal data. We do not share your data with advertisers, brokers, or social-media networks for their independent purposes.
5. Advertising
InterFrame is free and supported by ads served via Google AdMob. We use three formats:
- Banner ads: small ads at the bottom of some screens.
- Interstitial ads: full-screen ads shown infrequently after completion moments (e.g. marking a film watched, submitting a review). Hard-capped to 3 per session with at least 4 minutes between each, after a 90-second startup grace period.
- Rewarded ads: optional, only shown when you tap a clearly-labelled "Watch ad to support" button.
iOS users: we show Apple's App Tracking Transparency prompt before any ad SDK runs. If you decline, ads remain but are not personalized using your advertising identifier.
EU/UK users: we show Google's User Messaging Platform consent prompt on first launch and respect your choice. You can change your consent at any time from Profile → Privacy → Ad preferences inside the app.
To disable ads completely for your account: contact interframe.app@gmail.com from the email on your account and we will turn ads off for your account at no cost.
6. Your rights
You have the following rights with respect to your personal data, regardless of where you live:
- Access: request a copy of the data we hold on you. You can also export your data at any time from Profile → Privacy → Export my data inside the app.
- Rectification: correct inaccurate information. You can edit most of your profile data directly in the app.
- Erasure ("right to be forgotten"): delete your account at any time from Profile → Account → Delete account inside the app. Deletion is permanent and cascades to all your content (reviews, comments, lists, diary entries, watch history).
- Portability: receive your data in a machine-readable JSON format via the in-app export.
- Restriction and objection: ask us to stop processing your data for specific purposes; for example, disable analytics or ads.
- Withdraw consent: where processing is based on consent (such as personalized ads), you can withdraw it at any time.
- Complain to a regulator: EU/UK users have the right to complain to their local Data Protection Authority. Indian users may approach the Data Protection Board under the Digital Personal Data Protection Act, 2023.
To exercise any right, email interframe.app@gmail.com from the address on your account. We respond within 30 days.
7. Data retention
- Account data: kept while your account is active. When you delete your account, all your data is removed from the live database immediately.
- Database backups: may contain a residual copy for up to 30 days, after which it is overwritten in the normal backup-rotation cycle.
- Server logs: request logs (IP, timestamp, path) are retained for a maximum of 30 days for abuse-detection and rate-limiting purposes.
- Crash reports: retained by Sentry for up to 90 days per their default retention policy.
- Email logs: Resend retains transactional email metadata for up to 30 days.
8. Security
We take reasonable technical and organisational measures to protect your data, including:
- HTTPS / TLS 1.2+ for all client-server communication.
- Passwords stored as bcrypt hashes — never in plaintext.
- Refresh tokens stored as hashes; access tokens are short-lived (15 minutes).
- Database encrypted at rest by our hosting provider.
- Rate limiting, fail2ban, and a firewall on our server.
- Server access restricted to SSH key authentication; root login disabled.
No system is perfectly secure. If we ever discover a personal-data breach affecting you, we will notify you and the relevant authorities as required by law (within 72 hours under GDPR, where applicable).
9. International data transfers
We are based in India, but several of our processors (Sentry, AdMob, Resend, Neon) operate from the United States, the European Union, and other regions. By using InterFrame you understand that your data may be transferred to and stored in these locations. Where required, our processors rely on Standard Contractual Clauses or other approved mechanisms to ensure your data is protected under GDPR-equivalent standards.
10. Children
InterFrame is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided information, please contact interframe.app@gmail.com and we will delete the account.
11. Changes to this policy
We may update this policy from time to time. Material changes will be announced via an in-app notice and an email to your account address at least 14 days before they take effect. The "Last updated" date at the top of this page always reflects the current version. Continued use of InterFrame after the effective date constitutes acceptance of the updated policy.
12. Contact
Questions, requests, or complaints about this policy: interframe.app@gmail.com.
We aim to respond within 7 working days and always within 30 days.