This Privacy Policy explains how Gripul Inc., a Texas corporation ("Gripul", "we", "us", "our"), collects, uses, shares, and protects your personal information when you use FindMyVideos (the "Service") at findmyvideos.com, myowntitles.com, and any related services we operate.
This policy is designed to comply with:
If you have questions, contact us at [email protected].
The entity responsible for the personal information processed under this policy is:
Gripul Inc.
A Texas corporation
Email: [email protected]
For users in the EU/EEA, UK, or Switzerland, the same contact serves as the point of contact for data protection matters. We have not appointed a Data Protection Officer (DPO) at this time, as we do not meet the mandatory appointment threshold under GDPR Article 37.
For Republic of Korea users, the same contact serves as the personal information protection officer under PIPA Article 31.
When you sign in via Google or Apple, we receive the following:
| Data | Source | Purpose |
|---|---|---|
| Email address (verified or relayed) | OAuth provider | Account identification, communication |
| Display name | OAuth provider | Profile display (you may change this later) |
| Profile picture URL | OAuth provider | Initial avatar (downloaded once and stored in our infrastructure) |
| Locale / language code | OAuth provider | Default UI language preference |
| Unique account identifier | OAuth provider | Linking your sessions to a stable identity |
CF-IPCountry header) at sign-up ("signup region") and at the time you submit ratings ("watched region"). We do not store your IP address itself.We do not purchase user data from third parties.
Under the California Consumer Privacy Act, the categories of personal information we collect are:
We do not collect: sensitive personal information (as defined by CPRA), biometric data, financial information, or precise geolocation.
| Purpose | Legal basis |
|---|---|
| Authenticating you and maintaining your session | Contract (necessary to provide the Service) |
| Displaying your profile, reviews, ratings, public content | Contract |
| Showing region-specific availability information | Legitimate interest (operating a region-aware catalog) |
| Computing taste-match scores and recommendations | Legitimate interest |
| In-app notifications | Contract |
| Email notifications (when activated and opted in) | Consent |
| Diagnosing technical issues and security | Legitimate interest |
| Detecting and preventing abuse, fraud, and spam | Legitimate interest, legal obligation |
| Aggregated analytics for product improvement | Legitimate interest |
| Responding to legal requests | Legal obligation |
| Identifying demand for unsupported features or regions | Legitimate interest |
You may withdraw consent at any time where processing is based on consent (e.g., by toggling off email notifications). Withdrawal does not affect the lawfulness of processing before withdrawal.
We collect and store country-level information derived from your IP address ("signup region" and "watched region"). This region data is used internally only. It is never:
We use region data for:
If you manually set "interest regions" in your settings, that data is also stored and used only as described above.
We use cookies and equivalent local storage for the following purposes:
| Purpose | Description | Required? |
|---|---|---|
| Strictly necessary | Authentication tokens, session cookies, security cookies | Yes (cannot be disabled while logged in) |
| Functional | Remembering your settings | No |
| Analytics | Aggregated usage metrics (Google Analytics 4 or similar) | No |
We do not use cookies for advertising or cross-site tracking.
For users in the European Economic Area, the United Kingdom, or other jurisdictions requiring consent for non-essential cookies, we display a cookie consent banner on first visit. You can change your cookie preferences at any time through the in-app settings.
Global Privacy Control (GPC): For users in jurisdictions that recognize GPC (including California, Texas, Colorado), we honor GPC browser signals as opt-out of sale/sharing/targeted advertising. We do not engage in any of these practices, but the signal is acknowledged.
The following are public by default:
Your personal watchlist (saved titles you have not rated) is private unless you explicitly make it public.
You may mark individual reviews as private through account settings.
We share information with the following service providers, strictly to operate the Service. Each acts under contractual obligations to protect your data:
| Provider | Purpose | Data shared |
|---|---|---|
| Google (OAuth) | Authentication | OAuth sign-in flow |
| Apple (OAuth) | Authentication | OAuth sign-in flow |
| Cloudflare (Workers, R2, KV, D1, Image Transformations, Access) | Hosting, infrastructure, content delivery | All Service data |
| Resend (when email is activated) | Transactional email delivery | Recipient address, email content |
| OpenAI / Anthropic (when AI moderation is activated) | Automated content moderation | Submitted comments and reviews |
| Google Analytics 4 (if active) | Aggregated analytics | Pseudonymized event data |
These providers are bound by contracts limiting how they may use your data. We never share information with third parties for their own marketing or advertising purposes.
We do not "sell" your personal information as defined by U.S. state privacy laws (including CCPA/CPRA, TDPSA, Virginia CDPA, Colorado CPA, Connecticut CTDPA, and Utah UCPA).
We do not "share" your personal information for cross-context behavioral advertising as defined by CPRA.
We do not engage in targeted advertising, profiling for legal/significant effects, or processing of sensitive personal information for which opt-in consent is required by U.S. state laws.
We may disclose information when:
In the event of a merger, acquisition, reorganization, or sale of assets, user information may be transferred as part of that transaction. We will notify users in advance and provide options where required by law.
| Data category | Retention period |
|---|---|
| Active account profile (email, display name, OAuth identifier) | While account is active |
| Public User Content (reviews, ratings, comments) | While account is active or until you delete |
| Watchlist, likes, follows | While account is active |
| Avatar files in R2 storage | While account is active or until replaced |
| Region data (signup region, watched region) | While account is active |
| Session data and authentication tokens | Up to 30 days after last use, or until you sign out |
| Analytics event data (pseudonymized) | Up to 14 months |
| Cookie consent records | Up to 13 months from collection |
| Deleted account data | Soft-deleted for up to 30 days, then permanently deleted |
| Banned account record (for abuse prevention) | Up to 2 years from ban date, then permanently deleted |
| Backup snapshots | Up to 30 days |
| Audit logs (admin actions, security events) | Up to 1 year |
| Legal records (DMCA notices, regulatory requests) | As required by law (typically 3–7 years) |
Aggregated, anonymized data that cannot be linked to you may be retained indefinitely.
Gripul Inc. is based in the United States (Texas). Our primary infrastructure provider (Cloudflare) operates globally, and your data may be processed in countries other than your own.
For transfers from the European Economic Area, United Kingdom, or Switzerland to countries without an adequacy decision, we rely on:
For transfers from the Republic of Korea, we comply with PIPA's cross-border transfer requirements.
You may request more information about specific transfer mechanisms by contacting us.
The rights below apply based on your jurisdiction. To exercise any right, use the in-app tools (where provided) or contact [email protected]. We will respond within the timeframes required by applicable law (typically 30–45 days). We may request identity verification before fulfilling certain requests.
You have the right to:
You have the right to:
We will respond within 45 days (with a possible 45-day extension if necessary, with notice).
You may designate an authorized agent to make requests on your behalf, with appropriate written authorization.
If you are a Texas resident, you have the right to:
If you reside in a state with applicable privacy laws (Virginia, Colorado, Connecticut, Utah, Oregon, Montana, New Jersey, Delaware, Iowa, Indiana, Tennessee, and others), you have substantially similar rights as listed above. We honor these rights regardless of which state you reside in.
You have the following rights as a data subject:
For children under 14, a legal representative may exercise these rights on their behalf.
For disputes, you may contact:
If you are not in the listed jurisdictions, you may still have rights under your local law. Contact us at [email protected].
The Service is not intended for users under the age of 13, in compliance with the U.S. Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will delete it promptly and terminate the associated account.
For jurisdictions requiring higher minimum ages for online services (e.g., 16 in some EU member states under GDPR Article 8), users must meet the locally applicable threshold.
If you are a parent or guardian and believe your child has provided personal information to us, please contact [email protected]. We will work with you to remove the information.
In the Republic of Korea, processing of personal information of children under 14 requires consent of a legal representative. By signing in via Google or Apple OAuth, users represent that they meet the applicable age requirements.
We use automated systems for the following purposes:
These systems do not produce legal or similarly significant effects on you within the meaning of GDPR Article 22 or U.S. state privacy laws. You have the right to request human review of any moderation decision by contacting [email protected].
We implement reasonable technical and organizational measures to protect your personal information, including:
No system is 100% secure. In the event of a personal data breach affecting your rights, we will notify you and applicable supervisory authorities within the timeframes required by law (within 72 hours of awareness under GDPR; without unreasonable delay under U.S. state laws).
The Service may contain links to third-party websites (e.g., Netflix watch pages, IMDb pages). Once you leave our Service, this Privacy Policy no longer applies. We are not responsible for the privacy practices of other sites.
Gripul Inc. and FindMyVideos are not affiliated with Netflix, Inc. or IMDb.com, Inc. Trademarks and content remain the property of their respective owners.
We may update this Privacy Policy from time to time. When we make changes:
This policy is published in English. Where translations are provided for user convenience, the English version controls in case of any inconsistency.
For all privacy-related questions, requests, or concerns:
Email: [email protected]
Operator: Gripul Inc., a Texas corporation
Personal Information Protection Officer: Gripul Inc.
This Privacy Policy is effective as of the date stated at the top of this document.