TV Show Tracker

Privacy Policy

Valid from 27. März 2026

Controller

Responsible for data processing:

Stefan Bodenauer

Example Street 1

1010 Vienna, Austria

Email: stefan.boedenauer@gmail.com

General Information

We process personal data to operate and improve TV Show Tracker.

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance) and lit. f (legitimate interest in platform operation).

Data Collection and Processing

Account Data

Collected data:

  • Email address
  • Username (optional)
  • Display name (optional)
  • Profile image URL (optional)

Purpose: Provide and manage your account.

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance).

Storage duration: Until account deletion.

Usage Data (watch history)

Collected data:

  • Watched shows and episodes
  • Show status (Watching, Completed, Dropped)
  • Ratings and notes
  • Timestamps of activity

Purpose: Tracking your progress, statistics, and recommendations.

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance).

Storage duration: Until account deletion or deletion of individual entries.

Authentication (Magic Link)

Collected data: Email address for login links.

Purpose: Send magic links for authentication.

Legal basis: Art. 6 para. 1 lit. a GDPR (consent when requesting login).

Email provider: Resend (USA) – transfer based on SCCs.

Storage duration: Login links valid for 15 minutes.

Disclosure to Third Parties

TMDB API (The Movie Database)

Purpose: Retrieving show metadata (titles, descriptions, images).

Transmitted data: Only TMDB IDs (no personal data).

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest).

Privacy policy: TMDB privacy policy

Hosting (Vercel)

Provider: Vercel Inc., USA

Purpose: Hosting of website and API.

Collected data: Server logs (IP, timestamp, user agent).

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest).

Privacy policy: Vercel privacy policy

Database (Neon)

Provider: Neon, EU region

Location: EU (Frankfurt/Amsterdam)

Purpose: Store account and usage data.

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance).

Prisma Accelerate

Provider: Prisma Data Platform (USA/Global)

Purpose: Connection pooling and caching for optimal database performance.

Collected data: Encrypted database connections, temporary query caches.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest).

Error Monitoring (Sentry)

Provider: Functional Software Inc., USA

Purpose: Monitor errors and performance to improve application stability.

Collected data: Error logs, browser information, anonymized IP addresses.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest).

Privacy policy: Sentry privacy policy

AI Services

OpenAI (GPT-4)

Provider: OpenAI, USA

Purpose: Generate personalized recommendations, summaries, and content improvements.

Transmitted data: Show metadata, user preferences (no names or emails).

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest), Art. 6 para. 1 lit. a GDPR (for explicit AI feature usage).

Privacy policy: OpenAI privacy policy

Google Gemini (Fallback)

Provider: Google LLC, USA

Purpose: Alternative AI for recommendations if OpenAI is unavailable.

Transmitted data: Show metadata, user preferences (no names or emails).

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest).

Privacy policy: Google privacy policy

Automated Processing

GitHub Actions

Purpose: Automated background tasks (metadata updates, notifications, statistics calculation).

Transmitted data: No personal data transmitted to GitHub, only internal API calls.

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance).

Cookies and Local Storage

Technically necessary cookies

Session cookie: Maintain login session.

Legal basis: Art. 6 para. 1 lit. f GDPR (technically required).

Storage duration: Until end of browser session.

Functional cookies

Theme settings: Store light/dark mode preference.

Legal basis: Art. 6 para. 1 lit. a GDPR (consent).

Storage duration: 1 year.

Analytics

Vercel Analytics: Aggregated usage statistics without cookies.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest).

See our cookie policy for details. Cookie Policy.

Your GDPR Rights

You have the following rights at any time:

  • Right of access: Request a copy of your stored data.
  • Right to rectification: Correct inaccurate data.
  • Right to erasure: Request deletion of your data.
  • Right to restriction: Request restriction of processing.
  • Right to data portability: Export your data in a structured format.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Withdraw consent at any time.

How to exercise your rights:

  • Delete account via settings.
  • Export data via settings.
  • Other requests by email.

Right to lodge a complaint

You may complain to a supervisory authority.

Supervisory authority:
Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna, Austria
+43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data Security

We apply technical and organizational measures to protect your data.

  • HTTPS encryption
  • Passwordless authentication (magic link)
  • Regular security updates
  • Database backups

Changes to this policy

We may update this policy; the current version is available on this page.

Contact

For privacy questions, contact us:

Email: stefan.boedenauer@gmail.com