Cinematic Icon
cinemania.io
Cinemania Heading

Privacy Policy

Last Updated: August 26, 2025

1) Who We Are & Scope

Cinemania ("Cinemania," "we," "our," or "us") operates a web platform that includes:

  • an NFT marketplace,
  • a film co-creation and investment platform, and
  • related community and support services.

This Privacy Policy explains how we collect, use, disclose, and protect information about you when you visit our websites, create an account, connect a wallet, invest in projects, purchase NFTs, participate in community activities, or otherwise interact with us (together, the "Services").

Controller: Cinemania.io

Primary contact: privacy@cinemania.com

By using the Services, you acknowledge that you have read and understood this Policy. If you do not agree, please do not use the Services.

2) What We Collect

2.1 Information You Provide

We collect personal information you voluntarily give us, for example when you:

  • Create an account or profile
  • Purchase, sell, or trade Access Passes (NFTs) or Tickets
  • Invest in or follow film projects
  • Participate in community features (events, challenges, forums)
  • Redeem an Access Pass or Popcorn Rewards
  • Subscribe to newsletters or marketing
  • Contact support or complete surveys

Typical data: name, display name/username, email address, postal address, phone (if provided), payment details (via third-party processors), blockchain wallet addresses, social handles/links, preferences, submissions (feedback, forms, applications), and any other information you choose to provide.

2.2 Google Auth (Google Sign-In)

If you choose to sign in with Google, we receive your Google Display Name and email address from Google to create or link your Cinemania account and authenticate you.

  • We do not receive your Google password.
  • We use this data only to authenticate you, create your account (or link it), and communicate with you about your account/Service updates.
  • You can revoke our access at any time in your Google Account > Security > Third-party access settings.
  • If you revoke access or delete your Cinemania account, we will cease using Google-provided data except where retention is required by law.
  • We do not use Google Auth data for targeted advertising unless we obtain your explicit consent.

2.3 Automatically Collected Information

When you use the Services, we automatically collect:

  • IP address and general location (country/region)
  • Device and browser type, operating system, language
  • Log data (pages viewed, time spent, referring URLs, clicks)
  • Diagnostic and performance data
  • Blockchain activity: public wallet address(es) you connect and on-chain transaction details relevant to your use of the Services

2.4 Cookies & Similar Technologies

We use cookies, local storage, and similar technologies to:

  • keep you signed in,
  • remember preferences,
  • improve performance and security.

Where required, we obtain consent via a cookie banner or preference center. You can manage or withdraw consent through your browser settings and (if provided) our cookie preferences tool. Disabling certain cookies may affect functionality.

2.5 Data from Third Parties

We may receive information from:

  • Identity/KYC providers if required for specific offerings or legal obligations
  • Public blockchains (transaction data tied to your wallet)

3) Why We Use Your Information (Purposes & Legal Bases)

3.1 Provide and Improve the Services

  • Account creation, login (including Google Auth), and profile management
  • Enabling NFT marketplace transactions and project investments
  • Wallet connection and transaction facilitation
  • Customer support and service communications

Legal bases: Contract performance; Legitimate interests (operate, secure, improve); Consent (where required).

3.2 Security, Fraud Prevention & Compliance

  • Authenticate users, detect/prevent fraud, abuse, or prohibited conduct
  • Enforce Terms of Service and policies
  • Satisfy legal obligations (e.g., tax, accounting, AML/KYC if applicable)

Legal bases: Legal obligations; Legitimate interests (security, fraud prevention).

3.3 Communications

  • Service and transactional notices (purchase confirmations, updates)
  • Responding to inquiries and support tickets
  • Marketing emails/newsletters with your consent (opt-out anytime)

Legal bases: Contract performance (service messages); Consent (marketing).

3.4 Personalization & Analytics

  • Understand usage patterns and improve the user experience
  • Personalize features and content (non-intrusive)

Legal bases: Legitimate interests; Consent (for certain analytics/cookies where required).

3.5 Legal Claims & Defence

  • Establish, exercise, or defend legal claims

Legal bases: Legitimate interests; Legal obligations.

4) Sharing & Disclosures

We do not sell your personal information. We may share limited data with:

  • Service Providers/Processors: hosting, authentication (Google), analytics, security, payment processing, communications, customer support. They must process data under our instructions and with appropriate safeguards.
  • Payment Processors & Financial Institutions: to process transactions and prevent fraud.
  • Film Project Teams/Producers: where necessary for your participation or investment and only with appropriate controls.
  • Legal and Regulatory Authorities: if required by law, subpoena, or to protect rights, safety, and security.
  • Business Transfers: in connection with a merger, acquisition, or asset sale, subject to this Policy's protections.
  • With Your Consent: where you explicitly agree to additional sharing.

5) Blockchain Transparency (Important Notice)

Public blockchains are inherently transparent. Transactions (including your wallet address, token/NFT transfers, and on-chain interactions) are publicly visible and cannot be altered or deleted by us. If you exercise privacy rights like deletion (Section 9), we will remove or minimize off-chain personal information we control and, where feasible, delink your off-chain identity from on-chain addresses we store—but on-chain records themselves remain public.

6) Your Choices

  • Google Auth: You can revoke Cinemania's access via your Google Account settings.
  • Cookies: Manage through browser settings and our cookie preferences (if provided).
  • Wallets: You may disconnect wallets in your account settings (where available).

7) International Data Transfers

We may process your information in countries other than your own. Where required, we use appropriate safeguards to protect transferred data. Details are available on request.

8) Security

We implement technical and organizational measures appropriate to the risk (e.g., encryption in transit, access controls, monitoring). However, no online service can guarantee 100% security.

9) Your Rights

9.1 EEA/UK (GDPR/UK GDPR)

You may have the right to access, rectify, erase, restrict, port, and object to processing, and to withdraw consent at any time (without affecting prior lawful processing). You also have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner's Office (ICO).

9.2 California (CPRA) & Certain US States

California residents may have rights to know/access, correct, delete, opt-out of sale/share, and limit use of sensitive personal information. We do not "sell" data as the term is commonly understood and do not "share" for cross-context behavioral advertising. We will honor applicable state privacy rights requests as required by law.

9.3 Exercising Your Rights

Submit requests to privacy@cinemania.com

We may need to verify your identity (and, for agent requests, your agent's authority). Some rights may be limited by legal obligations or compelling legitimate interests (e.g., financial records, security).

10) Retention

We keep personal information only as long as necessary for the purposes described in this Policy, including to comply with laws (e.g., tax and accounting) and to resolve disputes. Illustrative periods:

  • Account data (incl. Google Display Name & email): while your account is active and for a reasonable period thereafter if needed for recordkeeping or legal claims.
  • Transaction records: typically up to 7 years (tax/accounting), unless a longer period is required by law.
  • Support tickets: typically 24 months after closure.
  • Marketing preferences: until you opt-out or your account is deleted.
  • Blockchain records are public and persist indefinitely (see Section 5).

11) Children's Privacy

Our Services are not directed to children. We do not knowingly collect personal information from children under 16 in the EEA/UK (or under 13 elsewhere). If you believe a child has provided personal information, contact privacy@cinemania.com and we will take appropriate steps.

12) Automated Decision-Making & Profiling

We may use limited automated checks (e.g., fraud detection, security monitoring). We do not use automated decision-making that produces legal or similarly significant effects without human involvement. Where required by law, you may request human review.

13) Third-Party Links & Services

The Services may link to third-party sites or integrate third-party tools (including Google Auth, wallet providers, payment processors). Their privacy practices are governed by their own policies. We encourage you to review them.

14) Changes to This Policy

We may update this Policy periodically. We will post the updated version with a new "Last Updated" date and, where required, notify you via the Services or by email.

15) Contact Us

Questions, requests, or complaints: privacy@cinemania.com

16) Region-Specific Notices

16.1 California "Notice at Collection"

Categories collected: Identifiers (name, email, wallet address), commercial information (transactions), internet/network activity (device, logs), approximate geolocation (country/region), inferences (service personalization), and professional or employment information if you provide it (e.g., creator profiles).

Purposes: See Section 3.

Retention: See Section 10.

Sources: You, your devices, public blockchains, and service providers.

Disclosure: To service providers/processors and as described in Section 4.

Sale/Share: We do not sell or share personal information for cross-context behavioral advertising.

Sensitive information: We do not collect precise geolocation, racial/ethnic data, or similar sensitive categories unless you voluntarily provide them (e.g., in a profile field). We do not use sensitive info to infer characteristics.

16.2 EEA/UK Representative & DPO

If we are required to appoint an EU/UK representative or DPO, their contact details will appear here.

17) Key Definitions (Plain English)

Personal data / personal information: Information that identifies or can reasonably be linked to an individual.

Processor/Service Provider: A company that processes personal data on our behalf under contract.

Public blockchain data: Transaction and address information publicly recorded and viewable by anyone.

Sell/Share (California): Disclosing personal information for monetary or other valuable consideration / for cross-context behavioral advertising.