Watchmeld
ENעב

Privacy Policy

Last updated 2026-04-26

What we collect

  • Account info from Google: your email address, name, profile picture, and Google account ID. Used to sign you in and personalize the app.
  • Demographics (optional): age band (5-year buckets, never an exact birth date) and gender. Used as soft features for the recommendation agent. Never displayed to other group members.
  • Taste signals: which movies you marked as loved, disliked, super-liked, vetoed, watched, willing to rewatch. Streaming services you have. Genres you picked. These shape your recommendations.
  • Group activity: which groups you belong to, your role, your votes, your post-watch reactions.
  • Technical data: IP address, user agent, referrer, and standard server logs (kept ≤30 days for security).

How we use it

  • To run the recommendation agent and generate group picks.
  • To send transactional emails: invites, post-watch reaction prompts, occasional weekly digests if you have an active group.
  • To improve the product: aggregated, de-identified analytics on which movies surface, how often groups conclude a session, error rates.
  • To prevent abuse: rate limits, fraud detection, security investigations.

What we don't do

  • We don't sell your data.
  • We don't share individual ratings, demographics, or message content with anyone outside Watchmeld.
  • We don't expose your demographics, vote history, or hated titles to other group members.
  • We don't use your taste signals to train third-party AI models.

Sub-processors we use

  • Google - sign-in (OAuth) only.
  • Anthropic- the Sommelier agent receives a de-identified taste summary (loved/hated titles, age band, role) but never raw rating logs or your name. Anthropic doesn't train on our API traffic.
  • Voyage AI - generates the embedding vectors used for similarity search on movie metadata. No personal data sent.
  • TMDB - movie metadata + watch-providers data. We send TMDB no personal data.
  • Resend - transactional email delivery (when you enable email notifications).
  • Vercel - hosting + CDN.
  • Neon - Postgres database hosting.
  • Sentry / PostHog / Google Analytics 4 - error monitoring + product analytics. PII (email, name) is not transmitted; only de-identified events.

Cookies

We use a small number of cookies: a session cookie for sign-in (essential), a locale preference cookie (essential), and analytics cookies (only if you accept the consent banner). No third-party advertising cookies.

Your rights

Under GDPR and Israel's Privacy Protection Law you have the right to access your data, correct it, export it (we provide a JSON download), and delete it. Email hello@watchmeld.com or use the in-app delete-my-account flow.

Retention

Account data is kept while your account is active. After deletion, personal data is purged within 30 days. Aggregated, de-identified analytics may be retained indefinitely.

Contact

Privacy questions: hello@watchmeld.com

Terms of service