Cineaste is built on the principle that your taste is yours. We collect the minimum data needed to run the platform, we do not sell it, and we do not use it for advertising. This policy explains what we collect, why, and what rights you have.
Cineaste ("we", "us", "our") operates the film discovery and taste intelligence platform available at cineaste.cc. For questions about this policy or your personal data, contact us at [email protected].
We collect only the data necessary to provide the platform. We do not sell your personal data, and we do not use it for advertising.
When you register via Google OAuth or email, we receive your email address and display name. Legal basis: performance of a contract (providing you with an account).
Films you log, rate, review, save, or add to lists. Legal basis: performance of a contract (the core service requires this data to function).
A 24-dimensional taste vector computed from your interactions by our ANIMA engine. This is a derived data product — not sold or licensed to third parties in any form that can identify you. Legal basis: performance of a contract (this is what the platform delivers).
IP address, browser type, OS, and session timestamps collected automatically for security and debugging. Legal basis: legitimate interest (preventing fraud and maintaining platform integrity).
If you subscribe to Auteur, your payment details are processed exclusively by Stripe. We never receive, store, or have access to your full card number, CVV, or bank credentials.
We use your data strictly to operate, improve, and secure the platform.
Generating your For You feed, Taste Match scores, DNA Blend, and mood-based recommendations.
Detecting and preventing abuse, enforcing terms, and maintaining database integrity via Supabase Row Level Security.
Sending transactional emails (login links, subscription receipts) and, if you opt in, a weekly film digest. You can unsubscribe at any time.
We derive aggregate, anonymised trend data from collective platform activity — for example, "most-resonant mood dimensions for films released in the last 90 days." This aggregate data does not identify any individual user and is used both for internal product development and for commercial partnerships with film industry partners (studios, distributors, research firms). Your personal watch history, reviews, and Mood DNA profile are never included in or derivable from this aggregate output.
We do not sell, rent, or trade your personal data. Data is shared only with the sub-processors below, each bound by appropriate data protection agreements.
Authentication, database, and file storage. Your data is stored on Supabase-managed infrastructure in the EU region.
Payment processing for Auteur subscriptions. Stripe is PCI-DSS certified. We never see your full card details.
Transactional email delivery (invite approvals, receipts, notifications).
We fetch film metadata (titles, posters, cast) from The Movie Database API. No personal user data is ever sent to TMDB.
Error monitoring and crash reporting. Error reports may contain technical data such as browser version and the URL that triggered the error. No review content or personal profile data is included.
We use a minimal set of cookies required to keep you logged in and to maintain your session securely. We do not use advertising cookies or third-party tracking pixels. See our full Cookie Policy at cineaste.cc/cookies for details and opt-out instructions.
We retain your personal data for as long as your account is active. When you delete your account:
Your profile, interaction history, reviews, lists, and computed Mood DNA vectors are permanently deleted within 30 days of account closure.
Stripe retains transaction records as required by financial regulations (typically 7 years). We retain receipts for the same period to comply with tax law.
Technical access logs are retained for up to 90 days for security and debugging, then automatically purged.
Depending on where you are located, you may have the following rights regarding your personal data. To exercise any of them, email [email protected].
Request a copy of the personal data we hold about you.
Ask us to correct inaccurate or incomplete data.
Request deletion of your account and all associated personal data ("right to be forgotten").
Receive your data in a structured, machine-readable format.
Object to processing based on legitimate interests. We will stop unless we can demonstrate a compelling reason.
If you believe we have not handled your data lawfully, you have the right to lodge a complaint with your local data protection supervisory authority (e.g. your national DPA under GDPR, or the KVKK under Turkish law).
We implement industry-standard technical measures to protect your data: all data in transit is encrypted with TLS, access to production databases is restricted by role-based policies and Row Level Security, and secrets are managed through environment-level secret storage — never hardcoded. In the event of a breach that affects your rights, we will notify you and the relevant authority within the legally required timeframe.
Where you are located in the European Economic Area or United Kingdom, we comply with the General Data Protection Regulation (GDPR). Where you are located in Turkey, we comply with the Turkish Personal Data Protection Law (KVKK, Law No. 6698). For all other jurisdictions, we apply equivalent protections.
We may update this policy as the platform evolves. Material changes will be communicated via in-app notice or email at least 14 days before they take effect.
For privacy-related enquiries, data access requests, or deletion requests: [email protected]. We aim to respond within 30 days.
We will never serve you ads. Your personal Mood DNA, individual watch history, and reviews will never be sold or shared in any form that identifies you. What we do license to film industry partners is aggregate, fully anonymised trend data — the kind of insight that describes the platform as a whole, never any individual within it.