Privacy

What we store

• Your account info (email, display name, username).
• Your ranked list, friendships, and comparisons.
• Billing identifiers from Stripe / RevenueCat / Apple App Store / Google Play (customer ID, subscription ID, original transaction ID) — we never see your card details.
• Sign-in tokens from Apple / Google, only long enough to verify you.
• Your IP address and User-Agent string for the lifetime of your session (stored on the session row for security forensics, deleted when the session is revoked or expires).
• Hashed (SHA-256) email and phone-number digests if you use Find Friends. We never store the raw values, and we never share the hashes with anyone.
• If you connect Trakt: your Trakt access token (stored server-side, never exposed to the client) and the ratings / watched / watchlist data we pull to seed your rankings. Disconnecting revokes the token and stops further pulls.

Third parties we share data with

• Stripe — web payments. We send your user id and email when you start a subscription.
• RevenueCat— cross-platform Pro entitlement source-of-truth. We send a stable user id when a subscription event fires; RevenueCat verifies receipts with Apple / Google and tells our server whether you're entitled.
• Apple App Store / Google Play — IAP processing on iOS / Android. The store handles your card details; we receive a transaction id we use to keep your Pro state in sync.
• Resend — transactional email. Your email address, only when we need to send you a message.
• Sentry — backend + Android + web crash and error reporting. Stack traces, request route, and your user id (no email, no rankings) are sent so we can fix bugs that hit you. iOS does not currently ship Sentry.
• TMDB — movie metadata. Title / poster / runtime lookups. Anonymous; no account data leaves us.
• Trakt— only if you opt in to the Trakt sync. We read your ratings / watched / watchlist; we don't write back unless you ask us to.
• OMDb — supplementary ratings (IMDb / Rotten Tomatoes / Metacritic). We query by IMDb id; nothing about you leaves our server.
• Google Books — book metadata. Title / author / ISBN lookups. Anonymous; no account data leaves us.
• AdMob(mobile, free tier only) — Google ad serving for the free tier of the iOS and Android apps. AdMob may use device identifiers for frequency capping per Google's policy; Pro removes ads entirely. Disclosed in the App Store / Play Store listings as required.

What we don't

• Sell your data. To anyone. Ever.
• Track you across other sites.
• Run third-party behavioral analytics, fingerprinting, or cross-site advertising beyond the AdMob ad-serving integration disclosed above.

Retention

Account data is retained until you delete your account. Sessions are pruned 30 days after their last refresh. Crash reports in Sentry are retained 90 days. Email logs with Resend are retained 30 days. Hashed contact digests from Find Friends are kept for 7 days then automatically deleted.

Delete your data

Profile → Settings → Delete account removes everything: your rankings, friendships, comparisons, subscription. It is immediate and irreversible.

Questions

Email hello@therankd.com. A human reads every one.