Privacy Policy — myCinema

Last updated: 4 June 2026

This Privacy Policy explains how myCinema ("the App", "we", "us") collects, uses, and protects your information. myCinema helps you discover movies, showtimes, and nearby cinemas in Greece.

The data controller is CodeR, Athens, Greece, contact: coderdevelop@outlook.com.

By using myCinema you agree to this Policy. If you do not agree, please do not use the App.

1. Information we collect

a) Information you provide

• Account data: email address and password when you register or sign in (passwords are handled by our authentication provider and are never stored by us in readable form). If you sign in with Google or Apple, we receive your email and basic profile from that provider (Apple may provide a private relay email if you choose to hide your address).
• Profile data: username, optional avatar image, and optional favorite genres.
• User content: the movies you add to Favorites or Watchlist, and the ratings and review text you submit.

b) Information collected automatically

• Approximate/precise location (only while the App is in use, and only after you grant permission). Location is used on your device to centre the map, show cinemas near you, and calculate distances. We do not store your location on our servers, and the App works without location (the map defaults to Athens).
• Push notification token (a device identifier issued by the Expo push service) if you enable notifications, so we can send you alerts.
• Basic technical data necessary to operate the service (e.g. app version, request metadata, error logs).

c) Information we do NOT collect

• We do not sell your data. We do not run third-party advertising or ad-tracking SDKs. We do not knowingly collect data from children (see Section 8).

2. How we use your information

We use your information to:

• create and manage your account and authenticate you;
• store and display your favorites, watchlist, profile, and reviews;
• show cinemas near you and provide directions (location, on-device);
• send push notifications you have opted into;
• maintain security, prevent abuse, and fix bugs;
• comply with legal obligations.

Legal bases (GDPR). We process your data on the basis of: performance of a contract (providing the App and your account); consent (location access, push notifications — you may withdraw at any time in your device settings); legitimate interests (security, service improvement, preventing abuse); and legal obligation where applicable.

3. How your information is shared (processors and third parties)

We share data only with service providers that help us run the App, under appropriate agreements:

• Supabase — database, authentication, and image storage (stores your account, profile, and user content).
• Railway — hosting of our backend API.
• Expo — delivery of push notifications (processes your push token).
• Google — Google Sign-In (if you choose it) and Google Maps on Android (map rendering may process device/location and IP data per Google's policies).
• Apple — Sign in with Apple (if you choose it) and Apple Maps on iOS (map rendering).
• TMDB (The Movie Database) — provides movie metadata and posters. No personal data is sent to TMDB.
• Anthropic — used only on our servers to match cinema listing titles to movie database entries. Only public movie titles are sent; no personal or user data is sent to Anthropic.

We may also disclose information if required by law, to enforce our Terms, or to protect rights, safety, and security.

International transfers. Some providers process data outside the European Economic Area (e.g. in the United States). Where this happens, transfers are covered by appropriate safeguards such as the EU Standard Contractual Clauses.

4. Data retention

We keep account, profile, and user-content data for as long as your account is active. When you delete your account, we delete or anonymise your personal data within a reasonable period, except where we must retain it to meet legal obligations or resolve disputes. Error logs are kept only for a short period.

5. Your rights (GDPR)

If you are in the EU/EEA, you have the right to: access your data; rectify inaccurate data; erase your data ("right to be forgotten"); restrict or object to processing; data portability; and withdraw consent at any time. You also have the right to lodge a complaint with the Hellenic Data Protection Authority (Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα, www.dpa.gr).

You can exercise most rights directly in the App (edit your profile, manage favorites/watchlist/reviews, and delete your account from your account screen). For any other request, contact us at coderdevelop@outlook.com.

6. Security

We use industry-standard measures (encrypted transport via HTTPS, authentication tokens, access controls). No method of transmission or storage is 100% secure, but we work to protect your information and to notify you and the authorities of breaches where legally required.

7. Location data

Location permission is optional and used only while you use the App. It is processed on your device to find nearby cinemas and distances and is not stored on our servers. You can revoke location access at any time in your device settings; the map will simply default to a central location.

8. Children

myCinema is not directed to children under 15 (the age of digital consent in Greece). We do not knowingly collect personal data from children under this age. If you believe a child has provided us data, contact us and we will delete it.

9. Changes to this Policy

We may update this Policy from time to time. We will post the updated version with a new "Last updated" date and, where appropriate, notify you in the App. Continued use after changes means you accept the updated Policy.

10. Contact

Questions or requests: coderdevelop@outlook.com Data controller: CodeR, Athens, Greece