🔒 Data Policy

How CouchVote handles your account, your couch, and your votes — and what we deliberately don't collect.

Privacy Policy

Last Updated: 2026-06-01

CouchVote ("we", "us", "our") provides a couch consensus engine that helps people decide what to watch together. This Privacy Policy explains what we collect, how we use it, and your rights. It applies to the CouchVote mobile app (iOS and Android) and the website at couchvote.com.

TL;DR

  • We collect the minimum data needed to run your account, your couch, and your voting sessions.
  • We do not sell your data. We do not run third-party advertising or tracking SDKs in the app.
  • Movie metadata comes from TMDB and OMDB. We send no user data to them.
  • Your account and app data are hosted in the EU (Microsoft Azure, North Europe). Sign-in code emails are sent via Resend, which may process your email address outside the EU.
  • You can access or delete your data at any time, and request an export. Deleting your account permanently erases your personal data.
  • Questions: legal@couchvote.com.

1. Who We Are

CouchVote is the data controller for personal data processed through the app and website. You can reach us at legal@couchvote.com.

2. Data We Collect

We only collect what we need to operate the service.

2.1 Account Data

  • Email address
  • Display name
  • How you signed in. CouchVote is passwordless — we never set, store, or see a password:
    • Email code — when you sign in with a one-time 6-digit code we email you, we store only a short-lived, hashed copy of that code so it can be verified once and then expires
    • Apple Sign-In or Google Sign-In — the OAuth subject identifier returned by Apple/Google, plus the email and name they share with us

2.2 Authentication Tokens

  • JWT access and refresh tokens issued by our backend
  • These are stored on your device in secure OS-level storage

2.3 Couch and Voting Preferences

  • Couch membership and roles
  • Voting rules, vetoes, content filters, and preference settings you configure

2.4 Session and Voting History

  • Records of voting sessions you start or join
  • Your votes, reactions, and the outcome of each session
  • Session configuration (e.g., card count, time per card)

2.5 Optional Watchlist

  • Titles you save to your personal or couch watchlist
  • Watch status if you choose to record it

2.6 Diagnostic Telemetry

  • Anonymized crash reports and performance metrics via Microsoft Application Insights
  • We do not include account identifiers, email, or content of votes in telemetry

We do not collect precise location, contacts, photos, microphone, or camera data.

3. How We Use Your Data

  • To create and secure your account
  • To run voting sessions and apply your couch's rules
  • To generate movie recommendations tailored to your couch
  • To sync, back up, and restore your preferences across your devices
  • To respond to support requests
  • To detect abuse, fraud, and security incidents
  • To meet legal and regulatory obligations

We do not use your data to train third-party AI models. We do not profile you for advertising.

4. Legal Bases (GDPR)

Where GDPR applies, we rely on:

  • Contract — to provide the service you signed up for
  • Legitimate interests — to keep the service secure, debug crashes, and prevent abuse
  • Consent — for anything optional we ask you to opt into
  • Legal obligation — when we must retain or disclose data by law

5. Third Parties

We share data with a small, deliberately limited set of providers.

ProviderPurposeWhat we share
Microsoft Azure (North Europe)Hosting, database, storage, secrets, monitoringAll service data, hosted in the EU
Apple Sign-InOptional sign-inAuth handshake; we receive the Apple subject ID, email, and name
Google Sign-InOptional sign-inAuth handshake; we receive the Google subject ID, email, and name
Resend (resend.com)Sending your one-time email sign-in codeYour email address and the 6-digit code, so we can deliver your sign-in email
Application Insights (Microsoft)Anonymized crash and performance telemetryDiagnostic events without account identifiers
TMDBMovie metadata (titles, posters, overviews)No user data. We sync TMDB's public catalog via background jobs.
OMDBRatings lookupNo user data. We query public title metadata only.

We do not share data with advertisers, data brokers, or analytics networks.

6. International Transfers

Your account and app data are stored in the EU (Microsoft Azure, North Europe region). The main exception is transactional email: when we send your one-time sign-in code, your email address is processed by our email delivery provider (Resend), which may process it outside the EU/EEA. Where personal data is processed outside the EU/EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs) and any additional safeguards required at that time.

7. Data Retention

  • We keep your data for as long as your account is active.
  • You can delete your account from within the app at any time.
  • Account deletion cascades to all personal data we hold about you, including your votes, sessions, couch memberships you own, and watchlists.
  • Backups containing your data are rotated and purged on a rolling schedule (typically within 30 days).
  • We may retain limited records longer where required by law (e.g., tax, fraud investigation).

8. Security

  • All traffic is encrypted in transit using TLS.
  • Data is encrypted at rest using Azure-managed encryption.
  • Secrets and API keys are stored in Azure Key Vault.
  • Authentication uses JWTs with short-lived access tokens and rotating refresh tokens.
  • Apple Sign-In identity tokens are verified with Apple's published RS256 keys.
  • CouchVote is passwordless — we never store passwords. One-time email sign-in codes are short-lived, single-use, and stored only as a salted hash.

No system is perfectly secure. If we discover a breach affecting your data, we will notify you and the relevant authorities as required by law.

9. Your Rights

9.1 GDPR (EU/EEA, UK, and similar regimes)

You have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your data ("right to be forgotten")
  • Portability — receive your data in a machine-readable format
  • Restrict processing in certain cases
  • Object to processing based on legitimate interests
  • Not be subject to automated decision-making that produces legal or similarly significant effects (we do not perform such decision-making)
  • Lodge a complaint with your local supervisory authority

To exercise any of these rights, email legal@couchvote.com or use the in-app account tools.

9.2 CCPA (California)

California residents have the right to:

  • Know what personal information we collect and how we use it
  • Delete personal information we hold about you
  • Opt out of sale — we do not sell personal information, so there is nothing to opt out of, but the right is acknowledged
  • Non-discrimination for exercising your rights

10. Children

CouchVote is not directed at children. You must be at least 13 years old to use the service, or older where local law sets a higher age (for example, 16 in parts of the EU under GDPR-K). We do not knowingly collect data from anyone under the applicable minimum age. If you believe a child has created an account, contact us and we will delete it.

11. Cookies and Tracking

  • The marketing website at couchvote.com uses only functional cookies needed to make the site work.
  • The app does not include third-party advertising or analytics SDKs.
  • We do not use cross-site or cross-app tracking.

12. Changes to This Policy

We may update this policy from time to time. If changes are material, we will notify you in the app and/or by email before they take effect. The "Last Updated" date at the top of this page always reflects the current version.

13. Contact

Questions, requests, or complaints:

legal@couchvote.com