Debriefr.fmDebriefr.fm

Privacy Policy

Last updated: May 2026

1. Information We Collect

When you create an account and use Debriefr, we collect:

  • Account information: your name and email address
  • Usage data: titles you track or discuss, lists you create, progress and history, profile visibility, follows, follow requests, and block-list settings
  • Communications: chat messages and notes you post within the app
  • Technical data: IP address, browser type, and device information collected automatically via session cookies
  • Payment data: billing information processed by Stripe (we do not store card numbers directly)

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service
  • Authenticate your account and keep it secure
  • Enable social features such as debriefs and chat
  • Process subscription payments via Stripe
  • Send transactional emails (e.g., password resets, email verification)
  • Monitor for errors and performance issues (see Section 4)
  • Monitor for abuse and enforce our Terms of Service

3. Information Sharing

We do not sell your personal information. We may share data with:

  • Service providers: third-party vendors who help us operate the Service (e.g., hosting, email delivery), bound by confidentiality obligations
  • Other users: your display name, profile slug, avatar, public lists, and public-profile activity are visible to other signed-in users when your profile is public. If you make your profile private, only approved followers can see your progress history, followers, and following, while public lists remain visible.
  • Legal requirements: when required by law or to protect the rights and safety of users

4. Profile Visibility, Follows, and Blocking

Debriefr profiles can be public or private. Public profiles allow other signed-in users to view your progress history, public lists, followers, and following. Private profiles require follow approval before those details are visible, but your public lists can still appear in public-list discovery.

You can approve or reject follow requests, remove followers, and block users from your profile settings. Blocking removes follow connections in both directions and hides profile/list discovery surfaces between the two accounts where supported. Blocking does not automatically remove either person from existing Debriefs or delete historical chat messages.

5. Third-Party Services

Debriefr uses the following third-party services, each with their own privacy policies:

  • The Movie Database (TMDb): used to retrieve media metadata, posters, and streaming provider information. TMDb Privacy Policy
  • TVmaze: used to retrieve TV episode air times and schedule data. TVmaze Privacy Policy
  • Open Library: used to retrieve book metadata, covers, and edition information. Internet Archive Privacy Policy
  • Google Books: used as a fallback source for book metadata, descriptions, ratings, and cover images. Google Privacy Policy
  • Podcast Index and public podcast feeds: used to retrieve podcast metadata, artwork, and episode information. Podcast Index Privacy Policy
  • Google OAuth: if you sign in with Google, we receive your name, email address, and profile picture from Google. Google Privacy Policy
  • Stripe: used to process subscription payments. Stripe may collect billing details, IP address, and device information. Stripe Privacy Policy
  • Sentry: used for error monitoring and performance tracking. Sentry may receive technical data such as stack traces and request metadata. We configure Sentry to minimise personal data in error reports. Sentry Privacy Policy
  • Umami Analytics (self-hosted): used for aggregate, anonymous usage statistics such as page views and feature adoption. Umami is hosted on our own servers, does not use cookies, does not collect IP addresses (only a daily-rotating hash to count unique visitors), and does not link analytics events to your account. We do not share this data with any third party. About Umami
  • Google AdSense: used to display advertising on ad-supported web pages. Google and its partners may use cookies or similar technologies to serve, measure, and improve ads. Google Advertising Policy

6. Cookies

Debriefr uses essential session cookies to keep you logged in and to protect against cross-site request forgery (CSRF). These cookies are strictly necessary for the Service to function and cannot be disabled. Our usage analytics provider (Umami, self-hosted) is cookieless and uses no persistent identifiers. Ad-supported web pages may include Google AdSense, which can use cookies or similar technologies for ad delivery, measurement, fraud prevention, and personalization where allowed.

Editorial digest emails such as Debriefr Horizon may include signed links and a small tracking pixel so we can measure opens and clicks and improve future recommendations. You can disable this email engagement tracking from your profile privacy settings while continuing to receive the emails.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, your personal information, progress history, and lists will be removed from our systems. Your chat messages will be anonymised (your name removed) but the message content will remain visible to other group members. Stripe may retain billing records as required by financial regulations.

8. Security

We implement reasonable technical and organisational measures to protect your information, including encrypted connections (HTTPS), hashed passwords, and access controls. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access & correction: view and update your profile information at any time in your account settings
  • Data portability: download a copy of all your personal data (progress history, lists, messages) as a JSON file from your profile settings
  • Deletion: delete your account and associated personal data at any time from your profile settings
  • Objection / restriction: contact us if you wish to restrict or object to processing of your data

To exercise any of these rights, visit your profile settings or contact us through the app.

10. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us so we can remove it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated date. Continued use of the Service after changes are posted constitutes your acceptance.

12. Contact

If you have questions or concerns about this Privacy Policy, or wish to exercise your data rights, please contact us through the app.

Terms of Service← Back to Registration