Back to Home
Privacy Policy
Last Updated: January 2025
Introduction
BingeBracket ("we," "our," or "us") respects your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our website and services.
Information We Collect
Information You Provide
- Account Information: Email address, display name (if you create an account)
- Tournament Data: Movie choices, tournament winners, completion times (stored anonymously unless you create an account)
- Custom Tournaments: Tournament names, descriptions, and movie selections you create
Information Collected Automatically
- Usage Data: Pages visited, features used, tournament sessions
- Device Information: Browser type, device type, IP address
- Cookies: Session cookies to maintain your login state
Third-Party Authentication
If you sign in with Google or Apple:
- We receive your email address and display name from the provider
- We do NOT receive or store your Google/Apple password
- Your use of these services is governed by their respective privacy policies
How We Use Your Information
We use your information to:
- Provide and improve our tournament services
- Maintain your account and tournament history
- Display your statistics and achievements
- Enable you to create and share custom tournaments
- Analyze usage patterns to improve the service
- Communicate important updates (if you opt in)
Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA), we process your personal data based on the following legal grounds under GDPR Article 6:
Consent (Article 6(1)(a))
We process the following data with your consent:
- Optional analytics cookies (via cookie banner choice)
- Email marketing communications (if you opt in)
You may withdraw consent at any time by contacting us or adjusting your cookie preferences.
Contract (Article 6(1)(b))
We process the following data to provide our service to you:
- Email address (for authentication and account recovery)
- Display name (for your profile and tournament history)
- Tournament data (to save your progress and display statistics)
- Session information (to keep you logged in)
Legitimate Interest (Article 6(1)(f))
We process the following data based on our legitimate business interests, which we have balanced against your privacy rights:
- Anonymous usage analytics (to improve the service and understand user behavior)
- Security logs and IP addresses (to prevent fraud, abuse, and ensure platform security)
- Error logs (to diagnose and fix technical issues)
You have the right to object to processing based on legitimate interest. Contact us to exercise this right.
Data Storage and Security
- Password Security: Passwords are hashed using bcrypt with strong salt rounds
- HTTPS: All data transmission is encrypted via SSL/TLS
- Database Security: User data is stored in secure PostgreSQL databases
- Session Security: Session cookies are httpOnly, secure, and use SameSite protection
Data Sharing
We DO NOT:
- Sell your personal information to third parties
- Share your email address with advertisers
- Use your data for purposes other than providing our service
We MAY share data:
- If required by law or legal process
- To protect our rights or prevent fraud
- With service providers (Heroku, TMDB API) who help operate our service
Your Rights
You have the right to:
- Access: Request a copy of your data
- Delete: Request deletion of your account and all associated data
- Export: Download your tournament history and statistics
- Opt-Out: Unsubscribe from any emails we send (except critical account notifications)
To exercise these rights, contact us at: kate@bingebracket.com
Data Retention
- Active accounts: Data retained indefinitely while account is active
- Deleted accounts: All personal data deleted within 30 days
- Anonymous tournament data: May be retained in aggregate for analytics
Cookies
We use cookies for:
- Session Management: Keeping you logged in
- Analytics: Understanding how users interact with our service (via anonymous usage tracking)
You can disable cookies in your browser, but this may limit functionality.
Children's Privacy
BingeBracket is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe we have collected such information, please contact us immediately.
Third-Party Services
We use:
- TMDB (The Movie Database): For movie data and images (subject to TMDB's privacy policy)
- JustWatch: For streaming provider information (subject to JustWatch's privacy policy)
- Heroku: For hosting (subject to Heroku's privacy policy)
- Google OAuth: For authentication (subject to Google's privacy policy)
International Users
Our service is hosted in the United States. If you access our service from outside the U.S., your information may be transferred to and processed in the U.S.
GDPR Compliance (EU Users)
If you are in the European Economic Area (EEA), you have additional rights:
- Right to rectification of inaccurate data
- Right to object to processing
- Right to data portability
- Right to withdraw consent
California Privacy Rights (CCPA)
California residents have the right to:
- Know what personal information is collected
- Know if personal information is sold or disclosed
- Opt-out of the sale of personal information (we do not sell data)
- Request deletion of personal information
- Not be discriminated against for exercising these rights
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Posting the new policy on this page
- Updating the "Last Updated" date
- Emailing users if changes are material (if you have an account)
Your continued use of BingeBracket after changes constitutes acceptance of the updated policy.
Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify affected users within 72 hours
- Provide details about what information was compromised
- Explain steps we're taking to address the breach
- Advise on steps you can take to protect yourself
Contact Us
If you have questions about this Privacy Policy or your data:
Email: kate@bingebracket.com
Website: https://bingebracket-app-40de905bb3e8.herokuapp.com
Attribution: This service uses TMDB API but is not endorsed or certified by TMDB.