Privacy Policy
Effective date: 26 March 2026
1. About CineTrade
CineTrade is a fantasy stock market game. You trade virtual movie stocks using $100,000 of virtual cash — no real money is deposited, wagered, or withdrawn. The only exception is the optional Pro subscription, which is a real payment for extra features (not for virtual currency).
2. Data We Collect
| Data | Source | Why |
|---|---|---|
| Email address | Registration / Google OAuth | Account identity, password reset, price alert emails |
| Display name | Registration (optional) | Shown on leaderboard and profile |
| Profile picture URL | Google OAuth (optional) | Avatar in the header |
| Hashed password | Credentials sign-up only | Authentication — stored as bcrypt hash, never plaintext |
| Trade history | Your in-app actions | Portfolio tracking, leaderboard ranking, charts |
| Holdings & portfolio value | Your in-app actions | Portfolio page and leaderboard |
| Price alert thresholds | Your in-app actions | Sending notifications when price crosses your target |
| Watchlist | Your in-app actions | Showing your saved movies |
| Session token (cookie) | Login | Keeping you signed in across page loads |
| Device push token | Mobile app (optional) | Sending push notifications for price alerts |
| Subscription status | Stripe (if you subscribe) | Gating Pro features |
| Error and performance data | Sentry (automatic) | Diagnosing crashes and performance issues |
We do not collect payment card details. All billing is handled directly by Stripe, who process and store your card data under their own privacy policy.
3. How We Use Your Data
- Authenticate you and maintain your session
- Display your portfolio, holdings, and trade history
- Calculate your leaderboard ranking
- Send email notifications for price alerts and account events (verification, password reset)
- Send push notifications to your mobile device if you opt in
- Process your Pro subscription via Stripe
- Monitor and fix errors via Sentry
- Comply with legal obligations
We do not sell your data, use it for advertising, or share it with third parties except as described in Section 4.
4. Third-Party Services
- StripeSubscription billing. Stripe stores your card details; we only store your subscription status and period end date.
- Google OAuthOptional sign-in. Google authenticates you and we receive your email and profile picture URL only.
- ResendTransactional email delivery (price alerts, email verification, password reset).
- SentryError monitoring and session replay. May capture page content and interactions when an error occurs. Errors are retained for 90 days.
- TMDB (The Movie Database)Movie metadata (titles, posters, ratings). No personal data is sent to TMDB.
- Azure (Microsoft)Cloud hosting for the application and database. Your data is stored in the Australia East region.
5. Cookies & Session Storage
We use a single HTTP-only session cookie (next-auth.session-token) to keep you signed in. This cookie is strictly necessary for the service to function and does not track you across other websites.
We do not use advertising cookies, analytics cookies, or any third-party tracking pixels.
6. Data Retention
- Active accounts: Data is retained for as long as your account exists.
- After account deletion: Your personal information (name, email, password, profile picture) is anonymised immediately. Your anonymised trade history is retained for audit purposes, then permanently deleted within the platform retention window (default 30 days).
- Transactional emails: Retained by Resend per their own retention policy.
- Error logs: Sentry retains error events for 90 days.
7. Your Rights
Depending on where you live (including GDPR in the EU/UK and Australian Privacy Principles), you may have some or all of the following rights:
- Access: Request a copy of the personal data we hold about you
- Correction: Update your display name in Account Settings
- Deletion: Delete your account in Account Settings → Danger Zone. Your PII is anonymised immediately and all remaining data is purged within the retention window.
- Portability: Contact us to request an export of your trade history
- Objection / restriction: Contact us if you wish to restrict processing beyond what account deletion provides
To exercise any of these rights, email us at support@cinetrade.app. We will respond within 30 days.
8. Children
CineTrade is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has registered, please contact us and we will delete the account promptly.
9. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via the email address on your account. The effective date at the top of this page reflects the latest revision.
10. Contact
Questions or requests regarding this policy: