Privacy notice

Last updated: 2026-04-27

What Kinoteka is

Kinoteka is a personal movie library and AI chat companion. It is currently invite-only beta software run as a hobby project, not a commercial service.

What we store about you

  • Account: email address and a hashed password (Argon2id — we never see your plaintext password). Optional name and country.
  • Library: the movies you add, your ratings, hearts, status (wishlist / watched / dropped), and any notes you type.
  • Chat: the messages you send to the AI and its replies, including any tool-call results referenced inline.
  • Calendar & notifications: watch plans you create, release-notification preferences, and a record of which notifications fired.
  • Operational logs: when an abuse-protection cap is hit (rate limit, daily cap, oversized message), we log the event, your user id, and your IP for audit. We do not log your message content.

Where it's stored

All data is stored in a PostgreSQL database. Backups, if any, are kept by the database hosting provider per their retention policy. Data is not sold or shared with advertisers.

Third parties we send data to

  • Google (Gemini API): when you chat with the AI, your message and a compressed summary of your library are sent to Google's Gemini API to generate the response. Google's data-handling for the free tier allows them to use prompts to improve their models. If this concerns you, do not include sensitive information in chat messages.
  • TMDB: movie titles you search and tmdbIds you act on are sent to The Movie Database to fetch metadata and posters.
  • OMDb: IMDb IDs of movies you import are sent to OMDb to fetch IMDb ratings.
  • Resend (email): if email notifications are enabled, your address is sent to Resend to deliver the message. Disabling email notifications in Settings stops this.

Cookies

We set a single first-party authentication cookie when you sign in (managed by Auth.js). No analytics or advertising cookies.

How long we keep your data

For as long as your account exists. Deleting your account in Settings → Privacy & Data permanently removes your account and all data we hold about you, usually within seconds. Operational logs (cap hits, etc.) are retained for 90 days for abuse investigation, then deleted.

Your rights

  • Export: download a JSON copy of your data at any time from Settings → Privacy & Data.
  • Correct:edit any field through the app UI; if a field isn't editable, ask and we'll fix it.
  • Delete: permanently delete your account from the same Settings page.
  • Object / restrict: tell us and we'll comply.

Contact

Privacy questions: reply to the invite email, or email hello@kinoteka.io. Kinoteka is operated by an individual hobby developer; responses may take a few days.