Privacy Policy
We take your privacy seriously. This policy explains what data Flixr collects, why, and how it is protected.
📖 About Flixr
Flixr is a mood-based movie discovery app for iOS, developed by Vitrum Labs. Users sign in with Google or Apple, discover films through AI-powered mood queries, save titles to a personal watchlist, and receive personalised recommendations.
This Privacy Policy applies to all users of the Flixr iOS application and governs data collected within the app. By using Flixr, you agree to the practices described here.
🗄️ Data We Collect and How We Use It
When you sign in with Google or Apple, Firebase Authentication receives your email address, display name, and profile photo URL directly from the identity provider. This information is used solely to create and identify your account and to personalise the in-app experience. We do not use this data for advertising purposes.
Your in-app activity — including saved preferences, watchlist entries, mood search history, and recommendation history — is stored in Google Cloud Firestore in the europe-west1 (Belgium) region. This data is used exclusively to power your personalised Flixr experience. It is never sold to or shared with third parties for commercial purposes.
Flixr displays advertisements served by Google AdMob. Google may collect your device's advertising identifier (IDFA) and usage data to serve relevant ads. This collection is governed by Google's Privacy Policy. You can opt out of personalised advertising at any time via iOS Settings → Privacy & Security → Tracking.
Flixr uses The Movie Database (TMDB) API to fetch movie titles, posters, and descriptions. No user data is sent to TMDB. TMDB is used solely as a read-only data source.
Flixr uses Apple's DeviceCheck and App Attest services to verify that requests originate from a genuine, unmodified installation of the app. No personal information is collected or transmitted through these services.
Firebase App Check tokens are exchanged between the app and our backend to confirm that incoming requests come from the legitimate Flixr app. These tokens do not contain or transmit any personal data.
We collect basic app usage events (e.g. screen views, feature interactions) and crash reports via Firebase to understand how Flixr is used and to diagnose technical issues. Analytics events do not include personally identifiable information. Crash reports may include device model and iOS version but are not linked to your account.
🤝 Data Sharing & Third Parties
We do not sell, rent, or trade your personal information. Data is shared only with the following third-party services as necessary to operate the app:
- Google / Firebase — authentication, database, analytics, crash reporting, and advertising. Google Privacy Policy
- Apple — Sign in with Apple, DeviceCheck, and App Attest. Apple Privacy Policy
- TMDB — movie metadata (no user data transmitted). TMDB Privacy Policy
Each third-party service operates under its own privacy policy. We encourage you to review those policies for details on their data practices.
🕐 Data Retention
Your account data — including authentication records, watchlist, preferences, and search history — is retained for as long as your account is active.
Analytics and crash report data is retained according to Google's standard retention policies (typically up to 14 months for analytics events).
Upon account deletion, all personally identifiable data held by Vitrum Labs is permanently deleted immediately (see Account Deletion below).
🗑️ Account Deletion
You can permanently delete your Flixr account and all associated data at any time from within the app:
- Open Flixr and navigate to the Settings tab
- Tap Delete Account
- Confirm the action when prompted
Deletion is processed immediately by a Cloud Function. Your account, watchlist, preferences, and search history are permanently and irreversibly removed from our systems. This action cannot be undone.
If you are unable to access the in-app deletion option, please contact us at privacy@vitrumlabs.com and we will process the request within 30 days.
🛡️ Your Rights (GDPR)
Vitrum Labs is based in Ireland and your data is subject to the General Data Protection Regulation (GDPR). Under GDPR you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your data (the in-app Delete Account feature fulfils this right immediately)
- Restriction — request that we limit how your data is processed
- Portability — request your data in a structured, machine-readable format
- Object — object to processing based on legitimate interests
To exercise any of these rights, contact us at privacy@vitrumlabs.com. We will respond within 30 days.
👦 Children's Privacy
Flixr is not directed at children under the age of 13 (or 16 in certain jurisdictions under GDPR). We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us at privacy@vitrumlabs.com and we will delete it promptly.
🔒 Security
All data transmitted between Flixr and our backend services is encrypted in transit using TLS. Data stored in Firestore is encrypted at rest by Google Cloud. We use Firebase App Check and Apple App Attest to prevent unauthorised access to our backend APIs.
While we take reasonable technical and organisational measures to protect your data, no method of electronic storage or transmission is 100% secure.
✉️ Contact Us
If you have any questions or concerns about this Privacy Policy or how your data is handled, please contact us:
- Email: privacy@vitrumlabs.com
- Website: vitrumlabs.com
- Governing law: Ireland (EU GDPR applies)
📝 Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via an in-app notice. The date at the top of this page always reflects when the policy was last revised. Continued use of Flixr after an update constitutes your acceptance of the revised policy.