Privacy Policy

1.1 Information You Provide Directly

• Account data — email address, username, password (stored as a bcrypt hash — we never store plaintext passwords)
• Profile data — display name, optional profile photo you upload
• Support messages — content of messages you send to our support team
• User-generated content — chat messages and emoji reactions sent in watch party rooms

1.2 Information Collected Automatically

• Usage data — watch history, watch party sessions you create or join, video URLs you share within the Service, room membership records
• Device identifiers — device type, operating system version, Expo / APNs / FCM push notification token (for notifications you opt into). We do not collect or use the Apple Advertising Identifier (IDFA) or any equivalent advertising identifier.
• Log data — IP address, request timestamps, HTTP status codes, error reports (retained 90 days for security and debugging)
• Interaction data — points, ranks, achievements, friend relationships, and gamification events
• In-app browser domain data — when you use the in-app browser to visit websites, we log the domain name (e.g., youtube.com) of sites visited, but not the full URL path or page content. This is used solely for abuse detection and blocked-domain enforcement. Third-party websites you visit through the in-app browser are governed by their own privacy policies, which WeWatch does not control.

1.3a Device Permissions We Request

The app requests the following device permissions. All are optional for core functionality unless noted:

• Photos / Media Library — requested only when you choose to upload a profile photo. We access only the image you select; we do not scan or access your full photo library.
• Microphone — requested only when you join a voice chat channel inside a watch party room. Audio is transmitted peer-to-peer via WebRTC and is not recorded or stored by WeWatch.
• Push Notifications — requested at account setup for watch party invites, friend requests, and other in-app events. You can withdraw this permission at any time via iOS Settings → Notifications → WeWatch or inside the app under Settings → Notifications.

1.4 Information from Third-Party Sign-In

When you sign in with Google or Apple, we receive:

• Your unique identifier from that provider (Google ID / Apple sub)
• Email address (if you have not hidden it)
• Display name and profile photo (if provided by the platform)

We do not receive your passwords from these providers. We do not store your Google or Apple OAuth access tokens or refresh tokens on our servers — only the provider's stable user identifier is stored to link your WeWatch account. Apple Sign In is available and supported — you may use a private relay email address.

• Create and authenticate your account; maintain session security
• Provide synchronized watch party experiences — streaming video playback state to all room participants
• Deliver push notifications you have opted into (new friend requests, watch party invites, etc.)
• Calculate and display points, ranks, streaks, and achievements
• Enable social features — friend lists, user search, public profiles
• Moderate content and enforce our Terms of Service (detect spam, abuse, illegal material)
• Respond to support requests and handle appeals
• Comply with legal obligations and respond to lawful requests from authorities
• Improve and develop the Service (aggregated, non-identifiable analytics only)

We do not use your data for behavioral advertising, cross-context tracking, or sell it to third parties.

WeWatch is a social watch party platform built around an integrated web browser (WebView). The core user flow is: a user opens a website inside the in-app browser, the website loads a video on the user's own device (exactly as it would in Safari or Chrome), WeWatch detects the video stream URL that the website has already loaded, and then facilitates synchronized playback of that URL for all participants in the same watch party room.

3.1 No Server-Side Proxying or Storing of Video

• WeWatch is not a video proxy or CDN. Video data travels directly from the source website's servers to the user's device. WeWatch servers never receive, buffer, cache, store, or retransmit video content.
• Client-side URL detection. The app detects media stream URLs (e.g., HLS/MPEG-DASH manifests) that the in-app browser has already loaded from the source website. This detection runs locally on the user's device — no video request is made by our servers. It is technically equivalent to copying the address bar URL of a video that is playing in a browser.
• No DRM circumvention. WeWatch does not bypass, decrypt, or circumvent any digital rights management (DRM) system, encryption, or technical protection measure (as defined under 17 U.S.C. § 1201). Content protected by DRM (Widevine, FairPlay, PlayReady) cannot be extracted or played by this method — only publicly playable streams accessible without DRM are detectable.
• No content downloading. The app does not provide any functionality to download, save, or permanently store video files on the user's device or our servers from third-party sources.

3.2 In-App Browser & Third-Party Websites

• The in-app browser is a standard WebView component. When you navigate to a third-party website, that website loads in its entirety on your device. WeWatch has no special access to the content of those websites beyond what a standard browser provides.
• Third-party privacy policies apply. When you use the in-app browser to visit any third-party website, that website's own privacy policy and terms of service govern how it collects and processes your data. WeWatch is not responsible for the data practices of third-party websites.
• WebView storage. Cookies and local storage set by third-party websites within the in-app browser are stored in an isolated WebView container on your device and are not shared with WeWatch or transmitted to our servers.

3.3 User Responsibility

• Users are solely responsible for ensuring they have lawful access to any content they share or watch via the Service, including compliance with the terms of service of any third-party website they visit through the in-app browser.
• Sharing URLs to copyrighted content without authorization violates our Terms of Service and applicable copyright law.

URLs shared within a watch party room are stored on our servers solely to maintain room state and enable session continuity for participants. We log the domain (not the full URL path) of sites visited for abuse detection and blocked-domain enforcement. Full URLs shared in rooms are retained for the lifetime of the room (auto-purged 30 days after the room ends).

We share personal data only in the following circumstances:

• Service Providers — third parties who help us operate the Service. Each provider is contractually bound to protect your data to at least the same standard described in this Privacy Policy and is prohibited from using your data for any purpose other than providing services to us:
  • MongoDB Atlas (MongoDB, Inc.) — database hosting (data stored in US region). Privacy Policy
  • Railway.app — cloud server infrastructure. Privacy Policy
  • Google Firebase (FCM) — push notification delivery. Only your FCM device token is shared, not message content. Privacy Policy
  • Sentry.io — error monitoring. Error reports contain no personal data by design (user identifiers and personal fields are scrubbed before transmission). Privacy Policy
• Legal Requirements — we disclose data when required by applicable law, court order, or governmental authority, or when necessary to protect our rights, users, or the public from harm.
• Business Transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you via in-app notice or email before your data becomes subject to a different privacy policy.
• With Your Consent — for any other purpose, only with your explicit consent.

We do not sell personal data. We do not share data with advertising networks. We do not share data with third-party AI services. We do not use data collected in WeWatch to target advertising in any other app or context.

• Active accounts — retained for the lifetime of the account
• Deleted accounts — all personal data removed within 30 days of deletion request; moderation records may be retained in anonymized form up to 1 year
• Access logs — retained 90 days for security
• Watch party room data — automatically purged 30 days after a room ends
• Chat messages — deleted when the watch party room is deleted
• Support tickets — retained for up to 2 years to maintain support history

Depending on your jurisdiction, you may have the following rights:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate or incomplete data
• Deletion — request deletion of your account and all associated personal data (available in-app under Settings → Account → Delete Account)
• Portability — receive your data in a machine-readable format
• Restriction — request we restrict processing of your data
• Objection — object to processing based on legitimate interests
• Withdraw Consent — withdraw consent for optional processing (e.g., push notifications) at any time

To exercise any of these rights, contact us at privacy@wewatch.app. We will respond within 30 days (as required by GDPR) or 45 days (as required by CCPA).

GDPR (EEA/UK users) — our legal bases for processing are: performance of contract (providing the Service), legitimate interests (security, abuse prevention), legal obligation, and consent (optional features). You may lodge a complaint with your local supervisory authority.

CCPA (California residents) — we do not sell or share personal information for cross-context behavioral advertising. You have the right to know, delete, and opt out. To submit a verifiable consumer request, email privacy@wewatch.app.

WeWatch is intended for users aged 17 and older. The app carries a 17+ age rating on the App Store due to user-generated content and the potential for mature video content shared by users in watch party rooms.

We do not knowingly collect personal information from anyone under the age of 13 (or 16 in the EEA/UK, per GDPR). If we discover that a person under 13 has provided us with personal data without verifiable parental consent, we will delete that data immediately in compliance with the Children's Online Privacy Protection Act (COPPA) and applicable law.

If you believe a minor has registered on the Service, please contact us immediately at privacy@wewatch.app and we will investigate and remove the account promptly.

• Passwords stored as bcrypt hashes (12 rounds) — never plaintext
• All API communication over TLS 1.2+
• RS256-signed JWT access tokens with 15-minute expiry
• Redis-backed rate limiting and brute-force protection (5 attempts → 15-minute lockout)
• MongoDB Atlas encryption at rest
• Internal service-to-service calls authenticated with a shared secret over private network

No system is 100% secure. If you discover a vulnerability, please disclose responsibly to support@wewatch.app.

• No cross-app tracking. WeWatch does not track your activity across other companies' apps or websites. We do not participate in cross-context behavioral advertising.
• No IDFA. We do not collect, access, or use the Apple Advertising Identifier (IDFA) or any equivalent advertising or device identifier for tracking purposes. We have not integrated any ad networks or tracking SDKs.
• App Tracking Transparency. Because WeWatch does not track users, we do not display an App Tracking Transparency (ATT) prompt. No tracking permission is requested or required.
• Cookies. The WeWatch mobile app does not use browser cookies. Our website may use technically necessary session cookies only. No advertising, analytics, or third-party tracking cookies are used.
• Push notification consent. You can withdraw consent for push notifications at any time via iOS Settings → Notifications → WeWatch or within the app under Settings → Notifications. Withdrawing this consent does not affect your ability to use any other feature of the Service.

Our servers are hosted in the United States via Railway.app. Database data is stored in MongoDB Atlas (US region). If you are located in the EEA, UK, or other jurisdictions with data transfer restrictions, by using the Service you acknowledge that your data is transferred to the US under standard contractual clauses or equivalent safeguards as applicable.

We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notification or email at least 7 days before the change takes effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after the effective date constitutes acceptance of the updated policy.