Privacy Policy

1. Introduction

Muvibro ('we', 'our', or 'us') is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what information we collect when you use the Muvibro mobile application ('App'), how we use it, with whom we share it, and what rights you have regarding your data. By creating an account or using the App, you acknowledge that you have read and agree to this Policy. If you use the App as an anonymous guest (without registering an account), your use of the App is still subject to this Policy.

2. Information We Collect

We collect the following categories of information:

• Anonymous session identifier: When you use the App without registering, Supabase assigns a temporary anonymous identifier to your session. This identifier allows us to deliver AI recommendations and maintain your in-app state during the session. No name, email, or other directly identifying information is associated with this identifier unless you later create or sign in to an account.
• Account credentials: email address, username, and a securely hashed password when you register manually.
• Social authentication data: an authentication token and basic profile information (name, email) provided by Apple Sign-In or Google Sign-In. We do not receive or store your Apple or Google account password.
• Preference data: your mood selection, preferred movie genre, duration, production type (e.g., Hollywood, independent), and release year range that you input when requesting a recommendation.
• Activity data: the movie recommendations generated for your sessions, your star ratings for recommended films, and your personal watchlist.
• Crash and diagnostic data: error reports and performance metrics collected automatically via Firebase Crashlytics to help us identify and fix bugs.
• Usage analytics: anonymized, aggregated event data (e.g., screens visited, features used) collected via Firebase Analytics to help us improve the App. This data cannot be used to identify you personally.
• Push notification tokens: a device token collected via Firebase Cloud Messaging (FCM) when you grant notification permissions, used solely to deliver notifications from Muvibro.
• Remote configuration data: feature flags and configuration values retrieved from Firebase Remote Config to adjust App behavior without requiring an update.
• Purchase and credit data: your credit balance, transaction history, and purchase receipts processed via RevenueCat through the Apple App Store or Google Play.

3. How We Use Your Information

We use collected information for the following purposes:

• To create and authenticate your account and enable access to the App.
• To generate personalized AI-powered movie recommendations by sending your stated mood and preferences to our backend service.
• To store your recommendation history and ratings in our database so that the App can improve its suggestions over time.
• To manage your in-app credit balance and process credit purchases through RevenueCat.
• To send you push notifications about new features, account updates, or promotions. You may opt out at any time through your device settings.
• To monitor App stability, diagnose crashes, and improve performance using Firebase Crashlytics data.
• To understand how users interact with the App through anonymized analytics and to make informed product decisions.
• To adjust App features and content remotely via Firebase Remote Config.
• To provide AI-powered movie recommendations and local favorites and history functionality (up to 30 items each) to anonymous (guest) users without requiring account registration.
• To link your anonymous session data to your registered account if you choose to create an account or sign in during the same session, preserving any preferences or state accumulated as a guest.

4. Third-Party Services

We rely on the following third-party providers to operate the App. Each provider's own privacy policy governs their handling of data.

• Supabase (supabase.com): Provides our backend database and user authentication infrastructure. Your account information and recommendation history are stored on Supabase-managed servers protected by row-level security.
• Firebase Crashlytics (Google LLC): Automatically collects crash reports and stack traces when the App encounters an error. Data is anonymized and used solely for debugging.
• Firebase Analytics (Google LLC): Collects anonymized, aggregated usage events. This service does not use the Apple Advertising Identifier (IDFA) by default and does not collect personally identifiable information.
• Firebase Cloud Messaging (Google LLC): Manages delivery of push notifications to your device using a device-specific push token.
• Firebase Remote Config (Google LLC): Delivers configuration settings that allow us to adjust App behavior remotely without an app update.
• RevenueCat (revenuecat.com): Validates in-app purchase receipts, manages your credit balance, and provides purchase analytics. RevenueCat may collect your device type, app version, and anonymized purchase history.
• Apple Inc.: Processes App Store in-app purchases and provides Sign In with Apple authentication. Apple's privacy policy applies to all data it processes.
• Google LLC: Processes Google Play in-app purchases and provides Google Sign-In authentication. Google's privacy policy applies to all data it processes.
• AI Service Providers: We use one or more third-party AI services to generate movie recommendations. Your stated mood and preference data is sent to these providers solely to generate your recommendation. The AI providers used may change without prior notice. We do not share personally identifiable information such as your name or email with AI providers.

5. App Tracking and Analytics

Firebase Analytics, which we use for understanding App usage patterns, does not use Apple's Advertising Identifier (IDFA) by default. We do not engage in cross-app or cross-site tracking for advertising purposes. We do not use your data to serve targeted advertisements within the App or on third-party platforms.

6. Data Storage and Security

Your account data and recommendation history are stored on Supabase-managed servers with row-level security enabled, ensuring that each user can only access their own data. All data is transmitted using TLS (Transport Layer Security) encryption. Passwords are hashed using industry-standard algorithms and are never stored in plain text. While we implement reasonable safeguards, no method of internet transmission or electronic storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials. Anonymous sessions: Data associated with an anonymous session identifier is stored in Supabase with the same row-level security protections as registered accounts. Because no email or personal identifier is attached, anonymous session data cannot be attributed to you unless you link the session to an account.

7. In-App Purchases and Credits

Credit packages are purchased through the Apple App Store or Google Play, processed via RevenueCat. Muvibro does not collect or store your payment card details; all financial transactions are handled directly by Apple or Google. Credits are non-refundable except where required by applicable consumer protection law. If you believe a purchase was made in error, please contact Apple Support or Google Play Support directly. Unused credits remain associated with your account and do not expire as long as your account is active.

8. Data Retention and Account Deletion

We retain your personal data for as long as your account is active and as necessary to provide the service. You may permanently delete your account at any time through the Settings screen within the App. Upon account deletion, your personal data — including account credentials, preference history, and activity data — will be permanently removed from our servers within 30 days, except where retention is required by applicable law. Anonymized, aggregated analytics data may be retained indefinitely as it cannot be linked back to you. Anonymous (guest) sessions: If you use the App as a guest without registering, anonymous session data is retained for up to 90 days of inactivity and then automatically deleted. If you create or sign in to a registered account, your anonymous session data will be merged into your account and subject to the account retention policy described above.

9. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal data. Users in Turkey may exercise rights under the Personal Data Protection Law (KVKK, Law No. 6698), Article 11, including: (a) the right to learn whether your personal data is being processed; (b) the right to request information about how your data is processed; (c) the right to learn the purpose of processing and whether data is used accordingly; (d) the right to know the third parties to whom data is transferred domestically or abroad; (e) the right to request correction of incomplete or inaccurate data; (f) the right to request deletion or destruction of personal data; (g) the right to request notification of corrections or deletions to third parties; (h) the right to object to any adverse outcome arising from automated processing; (i) the right to claim compensation for damages due to unlawful processing. Users in the European Economic Area may also exercise rights under the GDPR, including the right to data portability. To exercise any of these rights, please contact us at the address below.

10. Children's Privacy

Muvibro is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us and we will promptly delete that information.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify you via a push notification or an in-app message. The 'Last Update' date at the top of this page indicates when the most recent revision was made. Your continued use of the App after the effective date of any changes constitutes your acceptance of the updated Policy.