Back to Home

Privacy Policy

Last updated: June 7, 2026

Your privacy matters. This policy explains what data konsumr collects, how we use it, and your rights regarding your personal information. It applies to both the konsumr website and the konsumr iOS app (together, "the Service").

1. Information We Collect

1.1 Information from Sign-In Providers

konsumr is fully passwordless: we never ask for or store a password. You sign in with Discord, Google, Apple (iOS app only), or your email address. Depending on which method you use, we collect different information:

Discord

  • Discord User ID: A unique identifier used to link your account and deliver optional Discord notifications
  • Username: Your Discord username (used as the default for your konsumr username)
  • Email address: Used for account identification
  • Profile picture: Your Discord avatar (used as your default profile image)

Google

  • Google Account ID: A unique identifier used to link your account
  • Name: Your Google profile name (used to generate your konsumr username)
  • Email address: Used for account identification
  • Profile picture: Your Google profile picture (used as your default profile image)

Apple (Sign in with Apple, iOS app)

  • Apple User ID: A stable identifier Apple provides for your account
  • Email address: Used for account identification. If you choose Apple's "Hide My Email", this is a private relay forwarding address, and we store the relay address Apple provides
  • Name: Provided by Apple only on your first sign-in and used once to generate your konsumr username; it is not stored separately
  • Revocation token: A token issued by Apple that we store solely so we can revoke the Sign in with Apple connection when you delete your account

Email

  • Email address: Used for account identification and for sending sign-in emails. On the website we send a magic link; in the iOS app we send a 6-digit one-time code. Codes are stored only as cryptographic hashes, expire after 10 minutes, are single-use, and are limited to a small number of attempts

You may link multiple sign-in methods to a single account. Accounts with the same verified email address are automatically linked, including across the website and the iOS app. We store the sign-in tokens issued by these providers in order to operate authentication; they are deleted with your account.

Your initial username is automatically derived from your provider profile (or your email address) and your initial avatar comes from your provider profile picture (or a generated placeholder). You can change both at any time.

1.2 Information You Provide

As you use konsumr, you may provide:

  • Username: A custom username for your profile
  • Profile images: An avatar and banner you upload for your profile
  • Media tracking data: Which shows, movies, and manga you're tracking, your progress, and watch/read status
  • Ratings: Your thumbs up/down ratings on media
  • Notes: Personal notes you add to media items
  • Lists: Curated lists of media you create, including titles, descriptions, and notes on list items. Lists are public by default; you can make any list private
  • Collection photos: Up to 10 photos of your manga collection with optional captions, displayed on your manga collection page if your profile is public
  • Feedback: Feedback you submit to us through the app
  • Content requests: Requests for missing volumes or editions and suggestions for media connections, including any messages you attach (reviewed by our editors)
  • Reports: If you report a user or list, we store the reason and any details you provide
  • Imported data: If you import your library from AniList, Trakt, or Letterboxd, the watch/read history and ratings contained in those accounts or files become part of your konsumr library

When you set an avatar, banner, or collection photo in the iOS app, you choose images through the system photo picker. We only receive the photos you explicitly select; the app does not otherwise access your photo library and does not use your camera.

1.3 Automatically Collected Information

We automatically collect:

  • Activity timestamps: When you mark episodes as watched or volumes as read
  • Streak data: Your daily activity streak for the achievement system
  • XP and level: Points earned through tracking activity
  • Achievement unlocks: Which achievements you've earned
  • Social graph: Who you follow, who follows you, and which users you have blocked
  • Push notification token (iOS): If you enable push notifications in the iOS app, a device push token is registered with your account so we can deliver notifications. It is removed when you sign out or delete your account

We do not collect IP address logs, device fingerprints, precise location data, or advertising identifiers, and the iOS app contains no third-party analytics or tracking SDKs.

2. How We Use Your Information

We use your information to:

  • Provide and operate the media tracking service
  • Display your tracking progress and statistics
  • Calculate and display achievements, XP, and streaks
  • Send notifications you've enabled: in-app notifications, iOS push notifications, emails (welcome series, weekly release digest, and updates on your requests, feedback, and reports), and Discord direct messages. Every notification category can be turned off in your settings
  • Display your public profile to other users (if you opt in; profiles are private by default)
  • Review reports and moderate the Service
  • Improve the Service based on usage patterns

We do not sell your personal information or use it for advertising.

3. Third-Party Services

konsumr uses the following third-party services:

3.1 Discord

Used for authentication and optional notification delivery. When you enable Discord notifications, we use Discord's API to send you direct messages about upcoming releases. Your Discord ID is stored to enable this feature, and the messages we send through Discord include the names of the releases you track. Receiving Discord notifications requires being a member of the konsumr Discord server.

Discord Privacy Policy

3.2 Google

Used for authentication via Google OAuth. We receive your Google profile information (name, email, profile picture) when you sign in with Google.

Google Privacy Policy

3.3 Apple

Used for Sign in with Apple (iOS app) and for delivering iOS push notifications via the Apple Push Notification service. Apple receives your device push token and the content of notifications we send, which can include the names of titles you track or the username of a new follower.

Apple Privacy Policy

3.4 Resend

Used to send sign-in emails (magic links on the website, one-time codes in the iOS app) and the notification emails you have enabled, such as welcome emails, the weekly release digest, and updates on your requests, feedback, and reports. Resend processes your email address and the content of these emails, which can include your username and the names of releases you track.

Resend Privacy Policy

3.5 TMDB (The Movie Database)

We fetch TV show and movie information from TMDB. No personal user data is sent to TMDB; we only request media information using their public API.

TMDB Privacy Policy

3.6 AniList

We fetch manga and anime information from AniList's public API. For this, no personal user data is sent to AniList.

Separately, you can optionally connect your AniList account to konsumr. If you do, we store your AniList ID, AniList username, and an AniList access token, we import your AniList library (titles, statuses, ratings, progress, and dates) into konsumr, and, if you use the sync feature, we write your konsumr tracking updates back to your AniList account on your behalf. You can disconnect AniList at any time in your settings, which deletes the stored token.

AniList Terms of Service

3.7 UploadThing

Used to store images you upload (avatars, profile banners, and collection photos). Images are stored on UploadThing's servers and served via their CDN.

UploadThing Privacy Policy

3.8 Vercel

konsumr is hosted on Vercel in the European Union (Frankfurt, Germany). Cookieless Vercel Analytics runs only on our public marketing pages, not inside the app itself.

Vercel Privacy Policy

3.9 Railway

Your data is stored in a PostgreSQL database hosted on Railway in the European Union.

Railway Privacy Policy

4. Cookies, Local Storage, and On-Device Data

On the website, konsumr uses:

  • Session cookies: To keep you logged in (managed by NextAuth.js, backed by server-side sessions)
  • Security cookies: Short-lived cookies (5 minutes) used during account linking to prevent unauthorized access
  • Local storage: To store temporary login context for magic links and UI preferences (like your preferred view mode)

In the iOS app:

  • Session token: Stored securely in the iOS Keychain. App sessions last up to 90 days and are revoked when you sign out
  • Widget data: A snapshot of your upcoming releases and streak is stored on your device in a shared container so home-screen widgets can display it. It is cleared when you sign out and is never transmitted anywhere by the widgets

We do not use tracking cookies, third-party analytics cookies, or advertising identifiers.

5. Data Sharing

We share your data only in these circumstances:

  • Public profiles: Profiles are private by default. If you enable public profile visibility, anyone with your profile link can see your username, avatar, banner, join date, level and XP, streaks, library statistics (titles tracked, episodes watched, watch time), follower and following lists, unlocked achievements, public lists, your tracked titles with ratings and favorites, your manga collection page including collection photos, and share images generated from this data
  • Public lists: Lists are public by default and visible to anyone with the list link, and may be indexed by search engines. Lists you set to private are only visible to you
  • Share images: Publicly accessible share images (for example profile cards and monthly recaps) are generated only from data that is already public under your visibility settings; private content renders a placeholder instead
  • Moderation and editors: When you submit feedback, a report, or a content request, the konsumr team reviews it together with your username and avatar. For reports, the team also sees the reported account or list and the details you submitted
  • Service providers: With the third-party services listed above, only as necessary to operate the Service
  • Legal requirements: If required by law or to protect our rights

We do not sell, rent, or trade your personal information to third parties.

6. Data Retention and Deletion

We retain your data for as long as your account is active. You can delete your account at any time in the iOS app under Settings > General > Delete Account, or by contacting us by email. Deletion is permanent and removes:

  • Your profile information and sign-in connections
  • All tracking data and progress, notes, ratings, and achievements
  • All lists you created
  • Uploaded images (avatar, banner, and collection photos), including removal from our storage provider
  • Follows, blocks, and reports involving your account
  • Notifications, push tokens, and all active sessions
  • Stored provider tokens, including your AniList token

If you signed in with Apple, we also revoke the Sign in with Apple connection with Apple. A small number of records may be retained in anonymized form with your identity removed, for example moderation records and notifications you triggered for other users. Some data may persist in backups for a limited time before being purged.

7. Your Rights

7.1 For All Users

You have the right to:

  • Access your data (view your profile and tracking history)
  • Correct your data (edit your profile and notes)
  • Delete your data (delete your account in the iOS app or by contacting us)
  • Export your data (download your library, lists, and achievements as JSON from the Import & Export section of your profile on the website)
  • Control visibility (toggle public/private profile settings and per-list visibility)
  • Opt out of notifications (each category of email, push, in-app, and Discord notifications can be disabled in your settings)

7.2 European Union Residents (GDPR)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation:

  • Right to access: Request a copy of your personal data
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your data ("right to be forgotten")
  • Right to data portability: Request your data in a machine-readable format (see the self-serve JSON export above)
  • Right to object: Object to processing of your data
  • Right to withdraw consent: Withdraw consent at any time by deleting your account

Legal basis for processing: We process your data based on your consent (by creating an account) and our legitimate interest in providing the Service. Your data is stored in the European Union.

7.3 California Residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to know: Request information about what personal data we collect and how it's used
  • Right to delete: Request deletion of your personal data
  • Right to opt-out: We do not sell personal information, so this right does not apply
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights

8. Data Security

We implement reasonable security measures to protect your data, including:

  • Encrypted connections (HTTPS) for all data transmission
  • Passwordless authentication: we never store passwords. OAuth sign-ins (Discord, Google, Apple) are verified server-side, and email sign-in codes are stored only as hashes, expire after 10 minutes, are single-use, and are protected against brute-force attempts
  • Server-side sessions that can be revoked at any time; signing out immediately invalidates the session
  • Secure on-device storage in the iOS app (session token in the iOS Keychain)
  • Database encryption at rest
  • Limited access to personal data

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

9. Children's Privacy

konsumr is not directed at children under 13. We do not knowingly collect personal information from children under 13. Users must be at least 13 years old (or the minimum age in their country) to use konsumr. Users who sign in with Discord, Google, or Apple must also comply with those services' age requirements. Adult (18+) content is hidden by default and only available behind an explicit opt-in setting restricted to adults, as described in our Terms of Service.

10. International Data Transfers

Your data is primarily stored and processed in the European Union. Some of the service providers listed above (such as Discord, Apple, Resend, and UploadThing) may process data in the United States or other countries. By using konsumr, you consent to these transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, please contact us at:

aldodumitrescu@gmail.com

For GDPR-related inquiries, you may also contact your local data protection authority.