Spinscreen

Version 2026-04-22 · effective 2026-04-22

Spinscreen Privacy Policy

Effective date: April 22, 2026 Version: 2026-04-22

This Privacy Policy describes how Protogy Labs ("Protogy Labs," "we," "us," or "our") collects, uses, discloses, and protects information when you use Spinscreen — including the Spinscreen consumer web app and Progressive Web App (PWA), the Spinscreen Chrome extension, the Spinscreen iOS and Android apps, and the Spinscreen organization console (collectively, the "Service").

We have written this policy to be honest, specific, and auditable against the actual code that runs on your device and our servers. Where the truth differs by platform (for example, between iOS and Android), we say so explicitly.

If you do not agree with this Privacy Policy, do not use the Service.

1. Who we are

  • Controller / business: Protogy Labs (the "Company")
  • Product: Spinscreen
  • Contact: support@spinscreen.io
  • Postal address: [Protogy Labs mailing address — to be filled in]

For users in the European Economic Area, United Kingdom, or Switzerland, we will designate an EU/UK representative under GDPR Article 27 if required based on user geography. Until then, please contact us at the address above.

2. Scope

This policy covers personal information we collect through the Service. It does not cover:

  • Third-party websites, streaming services, or retailers you reach by following links from the Service. Their own privacy practices apply.
  • Information you choose to share publicly within the Service (for example, public Watch Party messages — see Section 3).
  • Information collected by the operating system or browser you use to access the Service (Apple, Google, Microsoft, Mozilla, etc.).

3. What we collect

We segment this section by what part of the Service you use, because the data flows are very different.

3.1 Organization console accounts (advertisers, content owners, staff)

If you sign up for an organization console account, we collect and store, via Supabase Auth:

  • Your email address and a hashed password (Supabase manages the password hash; we never see your raw password).
  • Your display name and avatar URL, if you provide them.
  • Your organization membership and role (owner, admin, member, viewer).
  • Authentication session cookies that identify you to our backend on subsequent requests.

Source code reference: services/web/lib/supabase/, services/web/middleware.ts, and migrations under services/web/supabase/migrations/001_init.sql.

3.2 Pseudonymous viewer identities (consumer PWA and extension)

If you use the consumer experience without creating an organization account, we may create a pseudonymous identity that holds the minimum information needed to verify your session and to delete it on request:

  • A randomly generated UUID.
  • A user-chosen handle (treated as pseudonymous — please do not put your real name there).
  • An identity tier (1, 2, or 3) describing how strongly you have verified the identity.
  • The SHA-256 hash of your auth token. We never store the raw token; if you lose it, the identity is unrecoverable.
  • created_at and last_seen_at timestamps.

We do not store your email address, IP address, or any persistent device fingerprint with this identity.

Source code reference: services/web/supabase/migrations/024_phase45_identities.sql (renamed in 026_user_identities_rename_from_phase45.sql) and services/web/lib/auth/identities.ts.

3.3 Microphone access for content recognition

Spinscreen identifies what video or audio you are watching by listening, very briefly, to the sound coming out of your speakers (or, in the Chrome extension, the audio of the browser tab). We do this differently on different platforms, and the difference matters.

On iOS (Spinscreen iOS app):

  • The app shell hosts the same PWA as the web app in a WKWebView. When you use content recognition, the PWA captures about 4 seconds of audio in the foreground and processes it in the browser to produce acoustic landmark hashes and/or neural embeddings (same technology as Android and the Chrome extension).
  • Only those derived signals and timing data are sent to our registry — not raw audio files to a third-party broadcast-recognition vendor.
  • The microphone is only active while the app is in the foreground.

On Android (Spinscreen Android app) and on the Chrome extension:

  • We capture about 4 seconds of audio at 16 kHz mono into RAM, only while the app or extension is in the foreground.
  • We compute acoustic landmark hashes (numerical fingerprints derived from the audio) on your device using the open-source Panako algorithm.
  • Only those hashes, the corresponding timing data, and a session history of prior matches are sent over the network — to our registry endpoint and to our Supabase database for matching.
  • The audio itself is never written to disk and never transmitted off your device.
  • The microphone is never used in the background. On Android, capture stops in Activity.onPause() (see mobile/android/src/main/java/io/sidestream/app/MainActivity.kt and mobile/android/src/main/java/io/sidestream/app/detection/AcrSyncController.kt).

We never use the microphone in the background, on any platform.

3.4 User-generated content

Some features let you post content that other people will see. When you do, we collect what you post.

  • Watch Party chat messages. Text, images, video, or audio messages tied to a content_id (which show or video) and a timestamp_bucket (when in the show). You may attach a display name. These messages are publicly readable — anyone who knows the content_id and timestamp range can read them, by design (see services/web/supabase/migrations/014_watch_party_messages.sql). Do not post anything in Watch Party that you wish to keep private.
  • Experiences. If you author an Experience (interactive content tied to a moment in a video), we store the configuration, copy, images, and links you provide. Experiences are visible to other users of the Service who view the same content.
  • Profile data. Your handle, display name, and avatar URL.

Files you upload (images, video, audio) are stored in Cloudflare R2 object storage. Database rows live in Supabase Postgres.

3.5 Cookies and similar technologies

We use the minimum cookies needed to operate the Service:

  • Supabase session cookies (typically prefixed sb-). Essential, HttpOnly, used to keep you signed in.
  • ss_mode preference cookie (one year, not HttpOnly). Records whether you prefer the consumer surface or the organization console as your landing page. Source: services/web/lib/mode-cookie.ts.

We do not use third-party analytics SDKs, advertising pixels, or cross-site trackers. If we ever add product analytics, we will update this policy and the in-app disclosures.

3.6 Server logs

Our hosting provider records standard request logs (IP address, user agent, request path, timestamp, response status). We retain these logs for no more than 30 days for security, debugging, and abuse prevention.

3.7 Information from third parties

When you use shopping features, we may receive product data, deep links, and affiliate metadata from our affiliate partners (see Section 5). When you sync to a movie or show, we may receive title metadata from The Movie Database (TMDb).

4. What we do NOT collect

We want this to be unambiguous:

  • No advertising or marketing trackers.
  • No "selling" or "sharing" of personal information for cross-context behavioral advertising, as those terms are used in the California Consumer Privacy Act (CCPA/CPRA).
  • No microphone access in the background. Ever.
  • No persistent device fingerprinting beyond what is necessary for fraud prevention in standard server logs.
  • No raw audio leaving your device on Android, the Chrome extension, or the iOS PWA; only derived fingerprints or embeddings are sent to our systems.
  • No collection of your real name, age, or government identifiers for pseudonymous viewer identities.

5. Sub-processors and third-party services

We rely on a small number of vendors to deliver the Service. They process personal information only on our instructions, under contract.

Vendor Purpose Data they receive
Supabase, Inc. (US) Authentication, Postgres database, file storage Account data, pseudonymous identities, UGC, session cookies
Cloudflare, Inc. (US, global edge) R2 object storage, DNS, edge Files you upload (images, video, audio); standard request logs
Vercel, Inc. (US) (or successor host) Application hosting Standard request logs
Google LLC — Gemini API (US) Image and caption analysis for Experience generation and product matching Screenshots of streamed content, caption text, product image URLs
Anthropic, PBC (US) Vision endpoint (services/web/app/api/v1/vision/route.ts) Image data submitted to the vision endpoint
The Movie Database (TMDb) (US) Title and metadata lookup Title queries (no personal information)
Geniuslink (US) Affiliate deep-link generation Product URLs
Skimlinks (UK) Affiliate product matching Product URLs
Lykdat (Nigeria/UK) Visual product matching Product image URLs

We may add or change sub-processors as the Service evolves; if a change is material we will update this list before the change takes effect.

6. How we use information

We use the information described above to:

  1. Operate the Service (authenticate you, deliver Experiences, sync to your video, store and display Watch Party messages, etc.).
  2. Identify what you are watching, so we can present synchronized Experiences.
  3. Generate Experiences using AI (image and caption analysis via Google Gemini and Anthropic).
  4. Generate affiliate shopping links.
  5. Detect, prevent, and respond to abuse, fraud, security incidents, and Terms of Service violations.
  6. Comply with legal obligations and respond to lawful requests.
  7. Communicate with you about the Service.

We do not use your information for advertising or for training third-party AI models on your personal content beyond what is necessary to deliver the feature you requested.

7. Legal bases for processing (GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, we rely on the following legal bases under Article 6 of the GDPR:

  • Contract performance (Art. 6(1)(b)) — to provide the Service to you and to your organization.
  • Consent (Art. 6(1)(a)) — for microphone access, for posting user-generated content, and for any non-essential cookies we may add in the future.
  • Legitimate interests (Art. 6(1)(f)) — for security, fraud prevention, abuse detection, and basic product analytics derived from server logs.
  • Compliance with legal obligations (Art. 6(1)(c)).

You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

8. International transfers

We are based in the United States. Personal information may be processed in the United States, the European Economic Area, the United Kingdom, and other jurisdictions where our sub-processors operate. Where required, we rely on the European Commission's Standard Contractual Clauses (or the UK International Data Transfer Agreement, or other lawful transfer mechanisms) to protect transfers of personal information.

9. Your rights

Depending on where you live, you may have the following rights with respect to your personal information:

  • Access — confirm what we hold about you and obtain a copy.
  • Correction — fix inaccurate or incomplete information.
  • Deletion — request that we delete your information.
  • Portability — receive your information in a machine-readable format.
  • Objection / restriction — object to or restrict certain processing.
  • Withdraw consent — for processing based on consent.
  • Non-discrimination — we will not discriminate against you for exercising these rights.
  • Opt out of "sale" or "sharing" — currently not applicable because we do not sell or share personal information for cross-context behavioral advertising.
  • Lodge a complaint with your local data protection authority.

To exercise these rights, email support@spinscreen.io. For pseudonymous identities, deletion can be initiated from within the app or by emailing us; because we identify you only by hashed token, you will need access to your auth token to prove control of the identity.

We will respond within the timeframes required by applicable law (generally 30 days under GDPR; 45 days under CCPA, with one extension if reasonably necessary).

10. Children

The Service is intended for users 13 years of age or older in the United States and 16 years of age or older in the European Economic Area, the United Kingdom, and other jurisdictions with a higher digital-consent age (or such other age as the local age of digital consent requires). The Spinscreen iOS app is rated 17+ because Watch Party allows users to post messages publicly.

We do not knowingly collect personal information from children below these ages. If you believe a child has provided us with personal information, please contact support@spinscreen.io and we will delete it.

11. Security

We use industry-standard measures to protect your information, including:

  • TLS encryption in transit for all client-server traffic.
  • SHA-256 hashing of pseudonymous-identity auth tokens at rest (raw tokens are never persisted).
  • Supabase Row-Level Security policies on private tables.
  • Least-privilege service-role credentials for backend writes.

No security system is impenetrable. We cannot guarantee the security of information transmitted over the Internet or stored on any system. You are responsible for keeping your credentials and your auth token confidential.

12. Retention

We retain personal information only as long as necessary for the purposes described in this policy:

  • Account data — until you delete your account, plus up to 30 days in encrypted backups.
  • Pseudonymous identities — until you request deletion, or until 24 months of inactivity (whichever is earlier).
  • Watch Party messages — by default, indefinitely (because they are part of the public conversation around a video). You may request deletion of your own messages at support@spinscreen.io.
  • Experiences — until the author or organization deletes or archives them.
  • Server logs — no more than 30 days.
  • Audio samples — never persisted server-side beyond the matching transaction (iOS).
  • On-device PCM — never persisted; held in RAM only for the ~4-second capture window.

13. Automated decision-making

We do not use personal information to make decisions about you that produce legal or similarly significant effects without human involvement. Experience and product recommendations are generated by AI systems but are not legally significant decisions about you.

14. Do Not Track

Some browsers send a "Do Not Track" signal. There is no industry consensus on how to interpret this signal, and we do not currently respond to it. Because we do not engage in cross-site tracking, this should not matter to most users.

15. Changes to this policy

We may update this Privacy Policy from time to time. When we do:

  • We will revise the "Effective date" and "Version" at the top.
  • For material changes, we will notify organization-account users by email and post an in-app banner in the consumer PWA at least 14 days before the change takes effect.
  • A change history is maintained at docs/legal/CHANGELOG.md.

Your continued use of the Service after the effective date of an update constitutes acceptance of the updated policy.

16. Contact

Privacy questions, rights requests, and complaints:

For copyright matters, see the DMCA page.

Privacy Policy — Spinscreen