Privacy
Policy

Cineroster (“we”, “us”, or “our”) operates the website at cineroster.com (the “Service”). This Privacy Policy governs how we collect, use, disclose, and safeguard your information when you visit or interact with our Service, including when you join our waitlist or create an account.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

Information you provide directly:

• First and last name
• Email address (submitted via waitlist form)
• Your role in the industry (e.g. Cinematographer, Director, Producer)

Information from Google Sign-In (OAuth):

If you choose to sign up or sign in using Google, we receive the following from Google’s servers with your permission: your name, email address, and profile photo. We do not receive your Google password.

Information collected automatically:

• IP address and approximate geographic location
• Browser type and version, operating system, device type
• Pages visited, time spent, referring URLs
• Session data stored in your browser’s localStorage

We use the information we collect for the following purposes:

• To add you to our early access waitlist and manage your spot
• To send you a waitlist confirmation email and platform launch updates via Loops.so
• To authenticate you securely using Google OAuth via NextAuth.js
• To tailor your onboarding experience based on your industry role
• To analyse usage patterns and improve the platform
• To comply with applicable legal obligations

We will never use your information for purposes incompatible with those listed above without first obtaining your explicit consent.

For users in the European Union and United Kingdom, we process your personal data under the following lawful bases as defined by GDPR/UK GDPR:

• Legitimate interests — Managing the waitlist, understanding how our platform is used, and operating our business. We have assessed that our legitimate interests are not overridden by your rights.
• Consent — Sending marketing emails and launch announcements. You may withdraw consent at any time by clicking “Unsubscribe” in any email we send.
• Contract — When you create a Cineroster account, processing your data is necessary to provide you with the Service.
• Legal obligation — Where we are required to process data to comply with applicable law.

We share your information only with the following trusted sub-processors, solely to provide the Service:

We may also disclose your information if required to do so by law, court order, or governmental authority, or to protect the rights and safety of Cineroster, its users, or the public.

EU / UK residents — GDPR & UK GDPR rights:

California residents — CCPA/CPRA rights:

• Right to Know — Know what personal information we collect, use, disclose, and sell (we do not sell).
• Right to Delete — Request deletion of your personal information, subject to certain exceptions.
• Right to Correct — Request correction of inaccurate personal information.
• Right to Opt-Out of Sale — We do not sell personal information. No action is needed.
• Right to Non-Discrimination — We will not discriminate against you for exercising any of these rights.

To exercise any of the above rights, please contact us at support@cineroster.com. We will respond within 30 days (or as required by applicable law).

By joining our waitlist, you consent to receive transactional emails (e.g., waitlist confirmation) and launch update emails from Cineroster. In compliance with the US CAN-SPAM Act:

• Every marketing email we send includes a clear, one-click unsubscribe link.
• We will honour unsubscribe requests promptly (within 10 business days).
• We do not send unsolicited commercial email.
• Our physical business address is included in all commercial emails: Cineroster, Los Angeles, CA, USA.

You may unsubscribe at any time by clicking the “Unsubscribe” link in any email we send, or by emailing us at support@cineroster.com.

Cineroster uses browser localStorage to maintain your authentication session (e.g., to keep you signed in). This data is stored locally on your device and is not transmitted to third parties for advertising purposes.

• Essential session data — Used to authenticate you and preserve your session state. Required for the Service to function.
• No advertising cookies — We do not use third-party advertising or tracking cookies.
• NextAuth.js session cookie — If you sign in with Google, a secure, HTTP-only session cookie is set to maintain your authentication state.

You can clear localStorage and cookies at any time via your browser settings. Doing so will sign you out of the Service.

• Waitlist data — Retained until the Cineroster platform publicly launches, or until you request deletion, whichever comes first.
• Account data — Retained for the duration of your account, and for up to 30 days following account deletion, after which it is permanently erased.
• Server logs — Automatically generated logs may be retained for up to 90 days for security and debugging purposes.

To request early deletion of your data, contact us at support@cineroster.com.

Cineroster is not directed at children under the age of 13. We do not knowingly collect personal information from anyone under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@cineroster.com and we will delete that information promptly.

If you are between 13 and 16 years of age and located in the EU/UK, we require parental or guardian consent before collecting your personal data.

Cineroster is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers and sub-processors are located.

For users in the EU or UK, any transfer of personal data to the United States is conducted in accordance with applicable GDPR safeguards. Our sub-processors Google LLC and Loops.so operate under Standard Contractual Clauses (SCCs) and/or other legally recognised transfer mechanisms approved by the European Commission and UK Information Commissioner’s Office (ICO).

We implement industry-standard technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These include:

• HTTPS/TLS encryption for all data in transit
• Secure, HTTP-only session cookies for authentication
• Access controls limiting who within our team can access personal data
• Hosting on Render’s SOC 2-compliant infrastructure

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security. In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by law (within 72 hours under GDPR).

Some browsers offer a “Do Not Track” (DNT) feature that signals to websites that you do not wish to be tracked across websites. We do not currently alter our data collection or use practices in response to Do Not Track signals, as there is no universally accepted standard for how sites should respond to such signals.

We do not engage in cross-site behavioural tracking or sell your data to advertising networks. If a future DNT standard is adopted that we are required to comply with, we will update this policy accordingly.

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you, as described in Article 22 of the GDPR.

Any personalisation of your experience on Cineroster (such as role-based onboarding) is based on information you voluntarily provide and does not constitute automated decision-making with legal effect.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (sent to the address associated with your account or waitlist entry) and/or by posting a prominent notice on our website prior to the change taking effect.

The “Last updated” date at the top of this page reflects when the policy was last revised. Continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please reach out:

EU/UK residents who are not satisfied with our response have the right to lodge a complaint with their local data protection supervisory authority.