Privacy Policy
Last updated: April 14, 2026
1. Introduction
What I Am Watching ("we", "our", or "us") operates the What I Am Watching website and mobile application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Information You Provide
- Account information: email address, username, display name, and password when you register.
- Profile information: bio, location, website, and profile photo that you choose to add.
- Content activity: movies and TV shows you add to your watchlist, your watch status, ratings, and reviews.
- Social activity: posts, comments, likes, follows, group memberships, and messages you send within groups.
- Recommendations: content you recommend to other users.
2.2 Information Collected Automatically
- Device information: device type, operating system, and app version.
- Push notification token: a device token used to deliver push notifications (stored only if you grant notification permission).
- Log data: IP address, browser type, pages visited, and timestamps when you access the Service.
2.3 Information from Third Parties
- Google Sign-In: if you use Google to sign in, we receive your name and email address from Google.
- The Movie Database (TMDB): we use the TMDB API to retrieve movie and TV show metadata. No personal data is shared with TMDB.
3. How We Use Your Information
- To create and manage your account.
- To provide the core features of the Service (watchlists, posts, social feeds, group chats).
- To send push notifications about activity relevant to you (likes, comments, follows, group messages, recommendations) — only if you have granted notification permission.
- To generate personalised content recommendations.
- To send transactional emails such as group invitations.
- To detect, investigate, and prevent abuse, fraud, and violations of our Terms of Service.
- To improve and develop the Service.
4. How We Share Your Information
We do not sell your personal data. We share it only in the following circumstances:
- With other users: your profile, posts, watchlist activity (where marked public), and social interactions are visible to other users as part of the Service.
- Service providers: we use the following third-party services to operate the platform:
| Provider | Purpose |
|---|---|
| Neon (AWS) | Database hosting |
| Vercel | Application hosting |
| Expo / Expo Push | Mobile push notification delivery |
| Authentication (Google Sign-In) | |
| TMDB | Movie & TV show data |
| Nodemailer / SMTP | Transactional email (group invites) |
- Legal requirements: we may disclose your data if required to do so by law or in response to valid requests by public authorities.
- Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.
5. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. You may delete your account at any time via Settings, which will permanently remove your profile, posts, and associated data. Some data may be retained in backups for up to 30 days after deletion.
6. Push Notifications
We use Expo's push notification service to deliver alerts to your mobile device. A device-specific push token is stored on our servers when you grant notification permission. You can withdraw this permission at any time through your device's notification settings. Revoking permission does not affect your account in any other way.
7. Children's Privacy
The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it promptly.
8. Security
We implement industry-standard measures to protect your data, including encrypted passwords (bcrypt), HTTPS transport encryption, and JWT-based authentication with short-lived access tokens. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
9. Your Rights
Depending on your location, you may have the following rights:
- Access: request a copy of the data we hold about you.
- Correction: update incorrect or incomplete information via your profile settings.
- Deletion: delete your account and associated data via Settings.
- Portability: request an export of your data.
- Objection: object to certain processing of your data.
To exercise any of these rights, contact us at the address below.
10. Third-Party Links
The Service may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.
12. Contact Us
If you have any questions about this Privacy Policy, please contact us: