Skip to content
Account information — email address and a hashed password you provide at sign-up, plus an optional first name, username, and profile photo, all shown to other group members. If you add a profile photo, the image you choose is uploaded to and stored on our servers.Taste data — the ratings you give to movies, which movies you save for later, and which movies you mark as watched.Group activity — the groups you create or join, who else is in them, and the choices you make in shared “Feeling Lucky” sessions (lobby joins, picks, results).Device push token — an anonymous identifier issued by Apple Push Notification service / Firebase Cloud Messaging so we can deliver push notifications to your device. We do not receive your phone number or contacts.Session metadata — a per-install identifier used to enforce that a single account is only signed in on one device at a time, plus standard technical metadata (sign-in time, app version) that comes with using a backend service.Crash & diagnostic data — when the app crashes or hits an error in a released build, Firebase Crashlytics records a crash report (stack trace, device model, operating-system version, and app version) tagged with your account’s pseudonymous user ID, so we can reproduce and fix the bug. This is not collected in development builds.
Sign you in and keep your account secure.Show you personalised recommendations on the For You tab based on your taste ratings.Learn from your taste to improve recommendations — we analyse the movies you rate, save, and mark as watched to build a taste profile, and we compare taste profiles across users (especially the members of a group you belong to) so we can suggest films that people with similar taste have enjoyed. Within a group this may surface aggregate hints such as “3 of you love this director,” but never another member’s individual rating on a specific film. This is done with our own algorithms and is not used to train external AI models.Power group features — letting people in your group see your first name, your “Feeling Lucky” picks, and shared decisions.Send push notifications related to your account and groups (group invitations, accepted invites, “Feeling Lucky” lobbies starting, and similar in-app events). We do not send marketing pushes.Diagnose bugs and improve the app. Crash reports from Firebase Crashlytics and short-lived server logs help us find and fix problems; they may include technical metadata but are used only for debugging, not to profile users.
Supabase — hosts our authentication system and database (account, taste, group, and session data). .Firebase Cloud Messaging (Google) — delivers push notifications. We send your push token and the message payload; Google does not see your account email through this service. .Firebase Crashlytics (Google) — receives crash and diagnostic reports (stack trace, device model, OS version, app version, and your pseudonymous user ID) when the app crashes, so we can fix bugs. .Apple TestFlight / App Store Connect — distributes the beta build and provides Apple’s standard crash and usage metrics if you opted in when installing TestFlight. .The Movie Database (TMDB) — provides movie metadata (titles, posters, descriptions). The app fetches movie data from TMDB; we do not send TMDB any information about you.
Account, taste, and group data — kept for as long as your account exists.Device push tokens — replaced whenever your device issues a new one; old tokens are removed when they are reported invalid by Apple/Firebase.Crash reports — retained by Firebase Crashlytics for up to 90 days, then automatically deleted.Server logs — kept for a short rolling window for debugging (typically less than 30 days) and then discarded.
Access the data on your account by signing in to the app — your profile, taste ratings, saved movies, and groups are all visible inside the app.Delete your account from within the app (in your profile settings), or by emailing from the address associated with your account. Either way, we will permanently delete or de-identify your personal data — your profile (name, username, photo, email), group memberships, push tokens, and session records — within 30 days. Your movie ratings, saves, and watched history are de-identified (detached from your name, email, and account) but may be kept in aggregate so recommendations keep working for other members; once de-identified they can no longer be traced back to you.Withdraw push notification consent by turning off notifications for mnite in iOS Settings → Notifications.Ask questions or raise complaints at the same email address. If you are in the EU/UK and you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.
Share
Explore
mnite — Privacy Policy
Last updated: 31 May 2026
This is the privacy policy for mnite (“the app”), a movie-discovery and group-decision app developed by Marton Biro. The app is currently in beta and distributed via Apple TestFlight.
1. What we collect
When you use mnite, the following data is stored on our servers:
We do not collect: your location, contacts, your photo library (beyond the single image you pick as a profile photo), microphone, calendar, health data, advertising identifiers, payment information, or browsing history outside the app.
2. How we use it
Your data is used only to operate the app’s features:
We do not sell your data, share it with advertisers, or use it to train AI models.
3. Third parties we rely on
mnite is built on a small number of trusted third-party services. Your data is stored or processed by:
Aside from Firebase Crashlytics' crash diagnostics, we do not use third-party analytics, advertising, or attribution SDKs.
4. Where data is stored
Data is stored on Supabase and Google Cloud infrastructure in the regions those providers operate. Transfers between your device and our backend use HTTPS/TLS.
5. How long we keep it
6. Your rights
You can:
7. Children
mnite is not directed at children under 13 (or the equivalent minimum age in your country). We do not knowingly collect data from children. If you believe a child has created an account, email and we will delete it.
8. Security
We use industry-standard practices: passwords are hashed by Supabase Auth, all transport is encrypted with TLS, and Supabase Row Level Security policies limit each user to reading and writing only their own rows (with explicit exceptions for shared group data that you have chosen to participate in).
9. Changes to this policy
If we make material changes to this policy, we will post the new version at the same URL and update the “Last updated” date. For material changes that affect existing users, we will also notify you in-app or by email before the change takes effect.
10. Contact
Marton Biro
Want to print your doc?
This is not the way.
This is not the way.
Try clicking the ··· in the right corner or using a keyboard shortcut (
CtrlP
) instead.