PikPal ("the App," "we," "us," or "our") is operated by an independent developer. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the PikPal mobile application, web application, and WhatsApp chatbot (collectively, the "Service"). Please read this policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Information You Provide
- Account information: When you create an account, we collect your display name, username, avatar image, and authentication credentials (Google account email or phone number, depending on your sign-in method).
- Profile information: Any additional information you add to your profile, such as a bio or profile photo.
- Rankings and reviews: Movies and TV shows you rank, along with any reviews, quotes, or notes you write about them.
- Friend connections: Information about your friend connections within the Service, including friend requests sent and received.
- Imported data: If you choose to import your watch history from Letterboxd or IMDb, we process the CSV files you upload to populate your rankings.
- Communications: Messages you send through the WhatsApp chatbot integration and any support requests or feedback you submit.
1.2 Information Collected Automatically
- Device information: Device type, operating system, unique device identifiers, and push notification tokens (mobile only).
- Usage data: Pages visited, features used, time spent in the app, and interaction patterns.
- Log data: IP address, browser type, access times, and referring URLs when you access the web application.
1.3 Information from Third Parties
- Google OAuth: When you sign in with Google, we receive your name, email address, and profile picture from Google.
- TMDB (The Movie Database): We retrieve movie and TV show metadata (titles, posters, descriptions, cast information) from TMDB's API. This is publicly available information and does not involve your personal data.
2. How We Use Your Information
We use the information we collect to:
- Provide the Service: Operate your account, display your rankings and reviews, and enable friend connections.
- Personalize your experience: Calculate taste similarity scores between you and your friends, generate personalized recommendations, and curate your activity feed.
- Friend recommendations: Show you what your friends are watching, ranking, and recommending based on your connections and shared taste.
- Notifications: Send push notifications (mobile) and in-app notifications about friend activity, recommendations, and Service updates. You can manage notification preferences in your settings.
- WhatsApp integration: Process your messages through the WhatsApp chatbot to provide recommendations and manage your watchlist.
- Improve the Service: Analyze usage patterns to fix bugs, improve features, and develop new functionality.
- Safety and security: Detect and prevent fraud, abuse, and security incidents.
3. Third-Party Services
We use the following third-party services to operate the Service:
- Supabase: Cloud database and authentication platform. Your account data, rankings, and friend connections are stored in Supabase's PostgreSQL database with Row Level Security enabled. Supabase Privacy Policy.
- Google OAuth: Authentication provider for Google sign-in. When you sign in with Google, your authentication is handled by Google's OAuth 2.0 service. Google Privacy Policy.
- Twilio: Provides phone number verification via SMS OTP (one-time passwords) and powers the WhatsApp chatbot integration. Your phone number is shared with Twilio for these purposes. Twilio Privacy Policy.
- TMDB (The Movie Database): Provides movie and TV show metadata. We query TMDB's API on the server side; your personal data is not shared with TMDB. TMDB Privacy Policy.
4. Data Sharing and Disclosure
We do not sell your personal information. We may share your information in the following circumstances:
- With other users: Your display name, username, avatar, rankings, and reviews are visible to your friends (and potentially other users, depending on your privacy settings). Taste similarity scores are visible to users who are friends with each other.
- Service providers: With third-party service providers listed in Section 3, strictly to operate the Service.
- Legal requirements: If required by law, regulation, legal process, or governmental request.
- Safety: To protect the rights, property, or safety of our users or the public.
SMS/Mobile Information: Mobile information will not be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
5. Data Storage and Security
Your data is stored in Supabase's cloud infrastructure. We implement reasonable security measures including:
- Row Level Security (RLS) policies on all database tables to ensure users can only access authorized data.
- Encrypted connections (HTTPS/TLS) for all data in transit.
- Authentication tokens with secure expiration policies.
- Server-side API proxying to prevent exposure of third-party API keys.
While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.
6. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:
- Account data: Retained until you delete your account.
- Rankings and reviews: Retained until you delete them individually or delete your account.
- Imported data: CSV files uploaded for Letterboxd/IMDb import are processed and then deleted. The extracted ranking data is retained as part of your account.
- Log data: Retained for up to 90 days for security and debugging purposes.
7. Your Rights
You have the following rights regarding your personal information:
- Access: You can view all your personal data within the app (profile, rankings, reviews, friend list).
- Correction: You can edit your profile information, rankings, and reviews at any time.
- Deletion: You can delete individual rankings, reviews, or your entire account. Account deletion will remove all your personal data, rankings, reviews, and friend connections.
- Data portability: You can request a copy of your data by contacting us.
- Notification opt-out: You can disable push notifications through your device settings and manage in-app notification preferences.
To exercise any of these rights, contact us at the email address below.
8. Children's Privacy
The Service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.
9. International Users
The Service is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those of your jurisdiction.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy within the app and updating the "Last updated" date above. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:
Email: privacy@pikpal.app