Privacy Policy.
Last updated 2026-05-04
Who We Are
Filmlovr is a service operated by Codecoded Limited, a company registered in England and Wales (company number 11558140) with registered office at C/O Glx, 69-75 Thorpe Road, Norwich NR1 1UA. Codecoded Limited is the controller of personal data processed through https://filmlovr.com. For privacy and data-protection questions you can reach us at legal@filmlovr.com.
What This Policy Covers
This policy explains what information Filmlovr collects when you use our website and services, how we use that information, who we share it with, and the rights you have over it under the UK GDPR, the Data Protection Act 2018, and — where applicable — the EU GDPR. It applies to everyone who creates an account, browses public pages, or otherwise interacts with Filmlovr.
Information You Provide
When you create an account we collect your email address and a display name. If you sign in with Google or Apple, your email and basic profile information are passed to us by those providers. As you use Filmlovr, you may add a bio, a profile picture, a cover image, your location, a website link, and a list of favourite films. Any review, list, lovebite, comment, question, or answer you write is information you provide. If you generate a profile avatar using our AI feature, the character name and film context you submit are sent to a third-party AI provider to generate the image (see "AI-Powered Features" below).
Information We Collect Automatically
When you sign in we record the user agent string of your browser in an authentication-events log so that we can detect suspicious sign-ins. We do not collect or store your IP address, advertising identifiers, or location beyond what you voluntarily provide. We do not use behavioural analytics, advertising trackers, or third-party tags. As you log films into your library, write reviews, follow other users, and otherwise contribute, we record that activity so that the product can do its job — surfacing your taste profile and the people whose taste matches yours.
How We Use Your Information
Your data powers your taste profile, your recommendations, the social graph that drives Filmlovr, and the moderation systems that keep contributions usable. We use your email to send you transactional messages (sign-in magic links, account-related notices, optional digests you opt into). Aggregate, anonymized statistics about overall platform activity may be used to improve the service or inform product decisions. We do not sell your personal data, run behavioural ads, or share your data with advertising networks.
Service Providers and Third Parties
We rely on the following processors to run Filmlovr. Each handles only the data necessary for its function and is bound by a data processing agreement or equivalent contractual protection. Google Firebase (Authentication, Realtime Database for notifications, Cloud Storage for avatars and cover images) — operated by Google LLC. ArangoDB hosting — our primary application database. The Movie Database (TMDB) — film and person metadata; user data is not sent to TMDB. OpenRouter — relays prompts for the Lens search and Avatar Gen features to upstream AI providers (currently Google Gemini and xAI Grok). OpenAI — receives the text content of every user submission for automated moderation. Resend — delivers transactional email. We will name additional processors here as they are added.
AI-Powered Features
Two Filmlovr features send your input to third-party AI providers via OpenRouter. The first is Lens, our natural-language film search — the search query you type is sent to Google Gemini for interpretation and matching. The second is Avatar Gen — the film character and film title you select are sent first to xAI Grok to generate a visual prompt, then to Google Gemini Image to generate the avatar image. The generated image is stored in our Firebase Storage bucket under your account. Per the current terms of OpenRouter and the upstream providers, these prompts are not used to train future models. We will update this section if those terms change. If you do not want your input sent to these providers, do not use the Lens or Avatar Gen features.
Moderation
Every review, list, comment, lovebite, question, answer, and avatar prompt you submit is sent to OpenAI's moderation endpoint for automated screening. The screening identifies content that may violate our rules — harassment, sexual content, self-harm, hate speech, threats — and may automatically block submission, hide the content, or flag it for human admin review. There is no opt-out: moderation is the price of running a clean public discussion surface. Repeated submissions that fail moderation may result in account suspension. You can appeal moderation decisions and account actions by contacting legal@filmlovr.com.
Public and Private Content
Reviews, lists, lovebites, Q&A contributions, and your follower / following relationships are public by default and visible to other Filmlovr users and indexable by search engines. Reviews and lists support a per-item visibility setting (everyone / followers / private) and only "everyone" content is indexed. Your library actions (loved, watched, bookmarked, ignored) are visible on your public profile unless you disable discoverability in account settings. Direct messages and email correspondence are private and not indexed.
Cookies and Local Storage
Filmlovr sets a session cookie that authenticates you across page loads. We do not set advertising cookies, analytics cookies, or third-party tracking pixels. Your browser may store small preferences locally — sort order on browse pages, recently-viewed films, and similar UI state. Clearing your browser cookies will sign you out; clearing local storage will reset your preferences.
When You Block Another User
Blocking is a structural action: it removes any follow relationship between you and the blocked user in both directions, hides their content from your feeds and recommendations, hides your content from theirs, and clears existing notifications between you. Likes you placed on each other's reviews, lists, and comments are removed. Unblocking does not restore the prior follow relationships — you would each need to follow again.
Data Retention
Account data is retained for as long as your account is active. When you delete your account, all of your data is permanently removed from our systems — personal information, library actions, reviews, lists, lovebites, comments, and Q&A contributions. Deletion is hard delete: nothing is anonymized, nothing is preserved. Authentication-event logs are retained for up to 90 days for security-incident investigation, then deleted automatically. Backups containing your data are retained for up to 30 days after deletion before they cycle out of storage.
Data Export
You can request a full export of the data Filmlovr holds about you from your account settings. Exports include your profile, library actions, reviews, lists, lovebites, Q&A contributions, and follower / following relationships, packaged as a downloadable JSON archive. Exports are typically prepared within seven days of request and remain available to download for seven days after generation. There is a one-export-per-week throttle to prevent abuse.
Your Rights
Under UK GDPR (and EU GDPR if you are an EEA resident) you have the right to access the personal data we hold about you, correct inaccuracies, request deletion, restrict or object to certain processing, withdraw consent for processing that relies on consent, and request a portable export of your data. The account-settings surface lets you view, edit, export, and delete your data directly without contacting us. For other requests, contact legal@filmlovr.com — we respond within one calendar month as required by UK GDPR. You also have the right to lodge a complaint with the Information Commissioner's Office (ico.org.uk) or your local data protection authority if you believe we have mishandled your data.
Children
Filmlovr is intended for users aged 13 and older and is not directed at children. We do not knowingly collect personal data from children under 13. By creating an account you confirm that you meet the minimum age requirement. If we learn that an account holder is under 13, we will delete the account and any associated data. The Information Commissioner's Office Age Appropriate Design Code informs how we treat younger users; if you are a parent or guardian and believe a child has created an account, contact legal@filmlovr.com.
International Data Transfers
Filmlovr is operated from the United Kingdom. Several of our processors (Google Firebase, OpenAI, OpenRouter, Resend) are based in the United States or operate from US infrastructure, which means your data may be transferred outside the UK and EEA in the course of running the service. Where the destination country is not covered by a UK or EU adequacy decision, transfers are protected by the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or equivalent legal safeguards as appropriate. You can request a copy of the transfer mechanism in place for any specific processor by contacting legal@filmlovr.com.
Security
We use industry-standard security measures including TLS in transit, encrypted storage at rest (where supported by our processors), authenticated administrative access, and the principle of least privilege for internal access. No system is perfectly secure; we will notify affected users without undue delay if a breach materially affects your data, in accordance with applicable law.
Changes to This Policy
We may revise this policy as the service evolves. Material changes will be communicated via in-app notice or email at least 14 days before they take effect. The current version is always available at this URL. Continued use of Filmlovr after a change takes effect constitutes acceptance of the revised policy.
Contact
Questions about this policy, the data we hold about you, or your rights can be sent to legal@filmlovr.com.