Privacy Policy
Last updated: January 6, 2026
Your privacy matters. This policy explains what data konsumr collects, how we use it, and your rights regarding your personal information.
1. Information We Collect
1.1 Information from Authentication Providers
konsumr supports multiple sign-in methods. Depending on which you use, we collect different information:
Discord
- Discord User ID — A unique identifier used to link your account and send notifications
- Username — Your Discord username (used as the default for your konsumr username)
- Email address — Used for account identification
- Profile picture — Your Discord avatar (used as your default profile image)
- Google Account ID — A unique identifier used to link your account
- Name — Your Google profile name (used to generate your konsumr username)
- Email address — Used for account identification
- Profile picture — Your Google profile picture (used as your default profile image)
Email Magic Link
- Email address — Used for account identification and sending magic link emails
You may link multiple authentication methods to a single account. Accounts with the same email address are automatically linked.
1.2 Information You Provide
As you use konsumr, you may provide:
- Username — A custom username for your profile
- Profile banner — An image you upload for your profile
- Media tracking data — Which shows, movies, and manga you're tracking, your progress, and watch/read status
- Ratings — Your thumbs up/down ratings on media
- Notes — Personal notes you add to media items
- Lists — Curated lists of media you create, including titles, descriptions, and notes on list items
1.3 Automatically Collected Information
We automatically collect:
- Activity timestamps — When you mark episodes as watched or volumes as read
- Streak data — Your daily activity streak for the achievement system
- XP and level — Points earned through tracking activity
- Achievement unlocks — Which achievements you've earned
2. How We Use Your Information
We use your information to:
- Provide and operate the media tracking service
- Display your tracking progress and statistics
- Calculate and display achievements, XP, and streaks
- Send Discord notifications about releases (if you opt in)
- Display your public profile to other users (if you opt in)
- Improve the Service based on usage patterns
We do not sell your personal information or use it for advertising.
3. Third-Party Services
konsumr uses the following third-party services:
3.1 Discord
Used for authentication and optional notification delivery. When you enable Discord notifications, we use Discord's API to send you direct messages about upcoming releases. Your Discord ID is stored to enable this feature.
3.2 Google
Used for authentication via Google OAuth. We receive your Google profile information (name, email, profile picture) when you sign in with Google.
3.3 Resend
Used to send magic link authentication emails. Your email address is shared with Resend solely for the purpose of delivering sign-in emails.
3.4 TMDB (The Movie Database)
We fetch TV show and movie information from TMDB. No personal user data is sent to TMDB — we only request media information using their public API.
3.5 AniList
We fetch manga information from AniList. No personal user data is sent to AniList — we only request media information using their public API.
3.6 UploadThing
Used to store images you upload (profile banners and avatars). Images are stored on UploadThing's servers and served via their CDN.
3.7 Vercel
konsumr is hosted on Vercel. Vercel may collect basic analytics and performance data.
3.8 Railway
Your data is stored in a PostgreSQL database hosted on Railway.
4. Cookies and Local Storage
konsumr uses:
- Session cookies — To keep you logged in (managed by NextAuth.js)
- Security cookies — Short-lived cookies (5 minutes) used during account linking to prevent unauthorized access
- Local storage — To store UI preferences (like theme settings) and temporary login context for magic links
We do not use tracking cookies or third-party analytics cookies.
5. Data Sharing
We share your data only in these circumstances:
- Public profiles — If you enable public profile visibility, your tracking data, statistics, and achievements will be visible to anyone with your profile link
- Public lists — Lists you mark as public will be visible to anyone with the list link and may be indexed by search engines. Private lists are only visible to you
- Service providers — With the third-party services listed above, only as necessary to operate the Service
- Legal requirements — If required by law or to protect our rights
We do not sell, rent, or trade your personal information to third parties.
6. Data Retention
We retain your data for as long as your account is active. If you delete your account, your data will be permanently deleted from our systems, including:
- Your profile information
- All tracking data and progress
- Notes, ratings, and achievements
- All lists you created
- Uploaded images
Some data may persist in backups for a limited time before being purged.
7. Your Rights
7.1 For All Users
You have the right to:
- Access your data (view your profile and tracking history)
- Correct your data (edit your profile and notes)
- Delete your data (request account deletion)
- Control visibility (toggle public/private profile settings)
- Opt out of notifications (disable Discord notifications anytime)
7.2 European Union Residents (GDPR)
If you are located in the European Union, you have additional rights under the General Data Protection Regulation:
- Right to access — Request a copy of your personal data
- Right to rectification — Request correction of inaccurate data
- Right to erasure — Request deletion of your data ("right to be forgotten")
- Right to data portability — Request your data in a machine-readable format
- Right to object — Object to processing of your data
- Right to withdraw consent — Withdraw consent at any time by deleting your account
Legal basis for processing: We process your data based on your consent (by creating an account) and our legitimate interest in providing the Service.
7.3 California Residents (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
- Right to know — Request information about what personal data we collect and how it's used
- Right to delete — Request deletion of your personal data
- Right to opt-out — We do not sell personal information, so this right does not apply
- Right to non-discrimination — We will not discriminate against you for exercising your privacy rights
8. Data Security
We implement reasonable security measures to protect your data, including:
- Encrypted connections (HTTPS) for all data transmission
- Secure authentication via OAuth (Discord, Google) or cryptographically signed magic links
- Database encryption at rest
- Limited access to personal data
However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
9. Children's Privacy
konsumr is not directed at children under 13. We do not knowingly collect personal information from children under 13. Users must be at least 13 years old (or the minimum age in their country) to use konsumr. Users who sign in with Discord or Google must also comply with those services' age requirements.
10. International Data Transfers
Your data may be transferred to and processed in countries other than your own, including the United States, where our hosting providers operate. By using konsumr, you consent to this transfer.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or want to exercise your data rights, please contact us at:
For GDPR-related inquiries, you may also contact your local data protection authority.