Privacy Policy

1. Information We Collect
Account information: Username, email address, and bcrypt-hashed password (we never store your password in plaintext).
Profile information: Optional display name, biography, avatar, and banner image that you choose to provide.
Content you upload: Videos, thumbnails, titles, descriptions, tags, and comments.
Usage data: Watch history (stored as video IDs), likes, subscriptions, and friend connections.
Technical data: IP addresses are stored in one-way hashed form (SHA-256 with a server-side salt) for security purposes such as login history. We do not log or store raw IP addresses in our database.

2. How We Use Your Information
• To operate, maintain, and improve the platform
• To authenticate your account and keep it secure
• To send transactional emails (verification codes, password resets) — we do not send marketing emails
• To personalise your content feed based on your watch and interaction history
• To detect and prevent abuse, fraud, and policy violations
• To comply with legal obligations

3. Cookies & Session Storage
We use one session cookie, set at login, strictly for authentication. It expires when you sign out or after a period of inactivity. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. Local storage is used only to remember your UI preferences (e.g. content density setting).

4. Data Sharing
We do not sell, rent, or trade your personal information to any third party. We may share data with:
• Service providers strictly necessary to operate the platform (e.g. transactional email provider via SMTP), bound by confidentiality obligations
• Law enforcement when legally required by a valid court order, warrant, or applicable law
• NCMEC or similar organisations when required to report CSAM

5. Watch History & Retention
Your watch history is used to personalise your feed. You can configure how long it is retained (30 days, 90 days, 180 days, 1 year, or indefinitely) in your account settings. You can also clear your history at any time from your settings page.

6. Your Rights (GDPR / CCPA)
Depending on your jurisdiction, you may have the right to:
• Access — download a copy of all personal data we hold about you (available via Settings → Export Data)
• Rectification — correct inaccurate data via your profile settings
• Erasure — request deletion of your account and associated data via the Support page
• Portability — export your data in machine-readable JSON format
• Restriction / Objection — contact us via the Support page for any data processing concerns
We aim to respond to all valid requests within 24-48 hours.

7. Data Security
We implement industry-standard security measures including bcrypt password hashing, AES-256-GCM encryption for private messages, HMAC-signed session tokens, CSRF protection, Content Security Policy headers, and rate limiting. Despite these measures, no system is completely secure. In the event of a data breach affecting your personal information, we will notify affected users and relevant authorities as required by applicable law.

8. Children's Privacy
This platform is strictly for adults aged 18 and over. We do not knowingly collect personal information from anyone under 18. If we become aware that an account belongs to a minor, we will terminate it and delete associated data immediately.

9. Third-Party Links
The platform may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.

10. Changes to This Policy
We may update this Privacy Policy from time to time. We will display the updated date at the top of this page. Continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact
For privacy-related questions, data access requests, or deletion requests, contact us via the Support page.