MovieDuo Privacy Policy

1. Who we are

MovieDuo is a mobile application published by Adeeby Technologies LLC, a limited liability company organized under the laws of the State of Wyoming, United States of America (Wyoming Secretary of State filing 2026-001939133, dated April 2, 2026).

In this policy, “we”, “us”, and “our” refer to Adeeby Technologies LLC. “You” and “your” refer to the person using the MovieDuo mobile application (the “App”).

Registered office:

Privacy contact: contact@adeeby.com

We will respond to privacy-related requests within 30 days, in accordance with applicable law.

2. What this policy covers

This policy explains:

1. What information the App collects
2. Where that information goes (on your device, to our servers, to third parties)
3. Why we collect each type of information
4. How long we keep it
5. The rights you have over your information and how to exercise them
6. The security measures we use to protect it
7. How we will tell you if this policy changes

This policy applies only to the MovieDuo mobile application. It does not cover the Adeeby Technologies LLC corporate website (adeeby.com) or any other product. Those have their own policies.

3. The short version

If you only read one section, read this:

• Most of your data stays on your phone. Your watchlist, your swipes (left and right), and your nickname are stored locally on your device. We do not see them unless you connect with a partner.
• When you connect with a partner via a “couch code”, a small amount of data is shared. Specifically: your nickname, the codes of movies you swiped right on, and any matches between your right-swipes and your partner's right-swipes. This is the minimum data the matching feature needs to work.
• Four third-party services receive some data when you use the App:
  1. Google Firebase (Firestore database) hosts the couch-code matching data.
  2. The Movie Database (TMDB) provides movie information and images.
  3. RapidAPI (specifically the “AI Movie Recommender” service) processes your AI search queries.
  4. Google AdMob serves the rewarded video ads in the AI Search feature, but only if you have already chosen to watch an ad (see the next bullet).
• Ads are opt-in and only appear in the AI Search feature. You get one AI search per day for free. After that, if you want more, the App asks you to watch a rewarded video to unlock two additional searches. If you ignore the ad button, you simply do not see ads. The rest of the App (browse, swipe, match, watchlist, trailers) is and remains ad-free. We do not show banner ads, interstitial ads, or app-open ads anywhere.
• We do not run analytics or behavioural profiling. No marketing pixels, no cross-app tracking SDKs, no Facebook SDK, no Mixpanel, no Crashlytics. Google AdMob does receive the device advertising ID and standard ad-request signals when you choose to watch an ad — that is unavoidable and is the disclosure we are making here.
• We do not knowingly collect data from children under 13. The App is intended for adults.
• You can delete all your data on demand. See section 11.

The rest of this policy is the long, legally precise version of the same content.

4. Information we collect, where it goes, and why

We are honest about every category. If a category does not apply, we say so explicitly.

4.1 Information you give us directly

We do not collect: your real name, your email address, your phone number, your date of birth, your location, your photos, or any payment information.

4.2 Information we collect automatically about how you use the App

We do not collect your device’s IMEI/MAC address, your installed apps, your contacts, your call logs, or your SMS messages. Whether we collect your IP address and your advertising ID depends on whether you trigger the rewarded ad path described in section 4.3.

4.3 Information collected only if you choose to watch a rewarded ad

The AI Search feature gives you one free search per day. If you want more, the App offers you a button labelled with a play icon. If — and only if — you tap that button, the App requests a rewarded video ad from Google AdMob, and the AdMob SDK collects and transmits the following information for the duration of the ad request:

• Your device’s advertising identifier (Google Advertising ID on Android, IDFA on iOS, or, if those are unavailable or reset, an aggregated identifier Google generates internally).
• Standard ad-request signals that any ad SDK collects: device model, operating system version, language, screen size, network type (wifi vs cellular), coarse country derived from your IP address, the App’s package name, and a list of the SDK’s own version information.
• Your IP address, which Google’s ad servers see by virtue of receiving the request.
• The fact that you watched the ad to completion (so the App can grant you the unlock reward).

If you are in the European Economic Area, the United Kingdom, Switzerland, or California, the App will also show you a Google-issued consent dialog the first time you launch this version, asking whether you want personalised ads, non-personalised ads, or whether you would prefer not to be asked. Your choice is stored on your device and respected on every subsequent ad request. You can change it at any time by reopening the consent dialog — we will surface a “Privacy options” entry in the App’s settings for this purpose.

If you never tap the rewarded ad button, none of the above data leaves your device. The free daily AI search uses none of it.

4.4 Information we do NOT collect

We feel it is more useful to be explicit about what we do not collect than to leave you wondering. We do not collect:

• Your real name, postal address, email address, phone number, or date of birth.
• Any government-issued identifiers.
• Your location at any granularity (we use device locale for region settings, but never request, request access to, or store actual location coordinates).
• Photos, audio, video, or any media from your device.
• Health data, financial data, or biometric data.
• Your contacts, calendar, call logs, or SMS messages.
• Information about other apps installed on your device.
• Your advertising ID, except in the conditional rewarded-ad case described in section 4.3.
• Information for behavioural profiling, retargeting, or cross-app tracking that we control or operate ourselves. (Google may use the data the AdMob SDK collects for ad personalisation if you give consent — that is governed by Google’s own policy, linked in section 5.5.)

The App contains exactly one third-party advertising SDK (Google AdMob, used as described in sections 4.3 and 5.5), no third-party analytics SDK, no third-party crash reporting SDK, and does not request any operating-system permission beyond Internet access (which is required to talk to the third-party services described in section 5).

5. Third-party services

The App relies on the following third-party services. We have no control over their data practices beyond what their published policies promise.

5.1 Google Firebase (Firestore database hosting)

• What we send: Couch documents as described in sections 4.1 and 4.2: nicknames, couch codes, synthetic user identifiers, lists of right-swiped movie IDs, and lists of matched movie IDs.
• Why: Firestore is the database that powers the partner-matching feature.
• What Google sees: Everything we send to Firestore, plus standard server-side log information (IP addresses, request timestamps, device user-agent strings) that any internet service receives.
• Where it is stored geographically: The Firebase project is configured in the default region. We will update this section if we change region.
• Their privacy policies: firebase.google.com/support/privacy and policies.google.com/privacy

5.2 The Movie Database (TMDB)

• What we send: API requests for movie information (e.g. “details of movie ID 12345”, “trending movies right now”, “what is available to stream in region FR”). The requests carry our public TMDB API key but do not carry any nickname, couch code, or user identifier.
• What TMDB sees: Our requests, plus standard server-side log information.
• Their privacy policy: themoviedb.org/privacy-policy
• Their terms of use (which we have agreed to): themoviedb.org/terms-of-use

The App attribution credit “This product uses the TMDB API but is not endorsed or certified by TMDB” applies and is shown in the App where required.

5.3 RapidAPI (“AI Movie Recommender” service)

• What we send: The natural-language search query you type into the AI search bar (and only that). We do not send your nickname, your couch code, your watchlist, or any other data with the AI request.
• What RapidAPI sees: Your query text, our API key, plus standard server-side log information.
• Honest disclosure about the AI service: This is a third-party AI inference service. We do not operate the model. We do not know with certainty which underlying model the service routes to, what training data it was built on, or how long the operator retains your queries. If you are not comfortable with that uncertainty, do not use the AI search feature. The rest of the App (browse, swipe, match) works without it.
• Their privacy policy: rapidapi.com/privacy
• The specific service we use: “AI Movie Recommender” on the RapidAPI marketplace.

5.4 YouTube (trailer playback)

• What we send: When you tap “Watch trailer” inside a movie’s detail screen, the App opens a YouTube player widget loaded with the trailer’s YouTube video ID.
• What YouTube/Google sees: The standard set of information YouTube collects when its player is embedded in any application, including the video being watched, your IP address, your YouTube cookies (if any are present in the embedded WebView), and standard server-side log information.
• Their privacy policy: policies.google.com/privacy
• YouTube’s terms of service (which apply when their player is used): youtube.com/t/terms

If you do not want YouTube to receive any data, do not tap the “Watch trailer” button. The rest of the App works without it.

5.5 Google AdMob (rewarded video ads in the AI Search feature)

• When data is sent: Only when you tap the play-icon button in the AI Search bar to unlock additional searches in exchange for watching a rewarded video. If you never tap that button, no data is sent to AdMob.
• What we send (via the Google Mobile Ads SDK): the device advertising ID (Android Advertising ID / iOS IDFA, or Google’s aggregated equivalent if those are unavailable), standard ad-request signals (device model, OS version, language, screen size, network type, coarse country derived from IP address, App package name and version), the App’s AdMob ad unit ID, the user’s consent state captured by the Google User Messaging Platform (UMP) consent dialog, and the eventual outcome of the ad (load failure, dismissed, completed for reward).
• What Google AdMob sees: everything in the previous bullet, plus the IP address of the request and the standard server-side log information any internet service receives.
• Why we use it: The AI Search feature has a real per-query cost we pay to the AI provider. Rewarded ads let us offer the feature to users who want more than the daily free search without charging them money. AdMob is the largest mobile ad network and gives us the highest fill rate without integrating multiple SDKs.
• How Google uses what they receive: If you have given consent for personalised ads, Google may use the data to select which ad to show you and to bill the advertiser. If you have refused personalised ads (or you are in a jurisdiction where consent has not been obtained), Google serves a non-personalised ad based on coarse signals only. Google’s detailed practices are described in their own policy, linked below.
• Their policies: policies.google.com/technologies/ads, policies.google.com/privacy, and support.google.com/admob/answer/6128543 (AdMob & AdSense data use).

If you do not want any data sent to AdMob, do not tap the rewarded-ad button. The first AI search of each calendar day, and the rest of the App, do not contact AdMob and do not require it.

5.6 What about the Apple App Store, Google Play Store, and your device’s operating system?

When you download the App from the App Store or Google Play Store, those stores collect data according to their own policies, and your device’s operating system collects data according to Apple’s or Google’s policies. These are not within our control. We list them only so you know they are part of the picture.

6. Cookies, tracking pixels, advertising IDs, and the AdMob SDK

Browser cookies: not applicable. The App is a native mobile application, not a website, and does not use HTTP cookies for its own purposes. The embedded YouTube player (section 5.4) and the embedded AdMob ad-rendering surface (section 5.5) are independent of the App and may use storage mechanisms equivalent to cookies inside their own embedded views; that is governed by Google’s policies linked in those sections.

Tracking pixels: the App contains no tracking pixels of any kind.

Advertising IDs: the App does not read your advertising ID for its own purposes (we do not personalise content, we do not run analytics, we do not target you across other apps). The Google Mobile Ads SDK reads the advertising ID solely when you trigger a rewarded ad request, as disclosed in sections 4.3 and 5.5. If your operating system has “Limit Ad Tracking” (iOS) or “Reset advertising ID” (Android) controls enabled, those controls apply normally and Google’s SDK respects them.

Third-party SDKs we embed:

• Google Mobile Ads SDK (the AdMob client library) — for rewarded video ads only, in the AI Search feature only, opt-in only. See sections 4.3 and 5.5.
• Google User Messaging Platform (UMP) SDK — bundled inside the Google Mobile Ads SDK above, used solely to display the GDPR/CCPA consent dialog when applicable.
• Firebase Core and Firebase Cloud Firestore SDKs — for the partner-matching feature only. See section 5.1.

Third-party SDKs we do NOT embed: Facebook SDK, AppLovin, Unity Ads, ironSource, Vungle, Chartboost, AppsFlyer, Adjust, Branch, Singular, or any other ad mediation or attribution SDK. Google Analytics, Firebase Analytics, Mixpanel, Amplitude, Segment, PostHog, or any other product-analytics SDK. Sentry, Crashlytics, Bugsnag, Instabug, or any other crash-reporting SDK.

7. Children’s privacy

The App is not directed at children under the age of 13 (under the United States Children’s Online Privacy Protection Act, “COPPA”) or under the age of 16 (the default age of digital consent under the European Union’s General Data Protection Regulation, “GDPR”, though some EU member states set the age lower).

We do not knowingly collect any personal information from children. If we learn that we have inadvertently collected personal information from a child under the relevant age, we will delete it as quickly as we can. If you are a parent or guardian and you believe your child has used the App and provided us with personal information, please contact us at the address in section 1 and we will act promptly.

8. International transfers of data

We are a US-incorporated company. The third-party services we use (Firebase, TMDB, RapidAPI, YouTube) operate global infrastructure and may process data in countries outside your country of residence, including in the United States.

If you are in the United Kingdom, the European Economic Area, or any other jurisdiction that restricts cross-border transfers of personal data, please be aware that by using the App you are sending the data described in section 4 across borders to the operators of those third-party services. Each of those operators publishes its own approach to international transfer compliance (e.g. Standard Contractual Clauses, the EU-US Data Privacy Framework, etc.) in their respective privacy policies linked in section 5. We rely on those mechanisms; we do not transfer data on our own account beyond what those services receive.

9. Your rights under the GDPR (and the UK GDPR)

If you are in the United Kingdom or the European Economic Area, you have the following rights with respect to the personal data we hold about you (which, as section 4 makes clear, is a small amount: essentially your nickname and your couch-code activity if you use the matching feature):

• Right of access: the right to know whether we hold any personal data about you and to obtain a copy of it.
• Right to rectification: the right to have inaccurate or incomplete personal data corrected.
• Right to erasure (the “right to be forgotten”): the right to have your personal data deleted, subject to limited exceptions described in the GDPR. See section 11 for how we handle this.
• Right to restriction of processing: the right to limit how we use your personal data while we are evaluating one of your other requests.
• Right to data portability: the right to receive your personal data in a structured, commonly used, machine-readable format.
• Right to object: the right to object to certain types of processing, in particular processing based on legitimate interests.
• Right not to be subject to automated decision-making: we do not use automated decision-making in the App that produces legal or similarly significant effects on you.
• Right to lodge a complaint with your data protection authority. We are happy to help you with any concern, but if you would rather contact your national authority directly, you can.

Legal bases. We process your personal data on more than one legal basis depending on the activity:

• Performance of a contract — for the basic functioning of the App, including the partner-matching feature (which requires your nickname). You ask us to provide a movie-discovery service; we provide it.
• Performance of a contract — for the AI Search feature itself, with the third-party AI service acting as a separate controller / processor as set out in their own policy.
• Consent — for serving personalised rewarded video ads via Google AdMob (section 5.5). We collect your consent through the Google User Messaging Platform dialog the first time you launch the App in the EEA, the UK, Switzerland, or California. You can withdraw consent at any time, with no effect on the rest of the App. Withdrawing consent means Google will serve you non-personalised rewarded ads instead, or no rewarded ads at all if you select the strictest option.

To exercise any of these rights, please email us at contact@adeeby.com. To withdraw or change your ad-consent choice specifically, you can also use the “Privacy options” entry inside the App’s settings, which reopens the same Google consent dialog. We will reply to email requests within 30 days.

EU representative: Adeeby Technologies LLC does not currently have an appointed representative in the European Union under Article 27 of the GDPR, on the basis that our processing is occasional and does not include large-scale processing of special category data, in line with the exception in Article 27(2)(a). We will appoint a representative if our circumstances change such that the exception no longer applies.

10. Your rights under California law (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act):

• Right to know what personal information we collect, where we collect it from, and why.
• Right to delete the personal information we hold about you (see section 11).
• Right to correct inaccurate personal information.
• Right to opt out of the sale or sharing of your personal information for cross-context behavioural advertising. We do not sell your personal information for money. However, when you tap the rewarded-ad button in the AI Search feature and you have given consent for personalised ads, the data the Google Mobile Ads SDK transmits to Google AdMob (section 5.5) may qualify as “sharing for cross-context behavioural advertising” under the CCPA. You can opt out at any time in two equivalent ways: (a) decline personalised ads in the consent dialog the App shows on first launch, (b) reopen that dialog from the App’s “Privacy options” settings entry and change your selection. Choosing “non-personalised” or stricter means Google receives the data only for serving a generic ad, not for cross-context behavioural advertising.
• Right to limit the use of sensitive personal information. We do not collect sensitive personal information (as defined by the CCPA), so this right has no practical effect today.
• Right to non-discrimination for exercising any of the rights above.

To exercise any of these rights, please email us at contact@adeeby.com. We will reply within the timeframes the CCPA requires.

11. How to delete your data

You have three options. The first one is the easiest and covers most cases.

11.1 In-app: Settings → Delete my data (recommended)

This is the fastest and most complete option. Open the App, tap the gear icon in the top-right of the Couch tab to open Settings, scroll to the Danger zone, and tap Delete my data. After you confirm, the App will:

• Delete every piece of data stored on your device (your nickname, your watchlist, your swipe history, your match list, your AI search counters, and your couch session state).
• Anonymise your half of the shared couch document on our Firebase Firestore database. Your name is replaced with the placeholder “Deleted”, your synthetic user identifier is cleared, and your individual likes are wiped. The document itself remains so your partner can still see the matches you previously agreed on (we do not have your partner’s permission to delete their data, only yours).

This action is irreversible and takes effect immediately. The App will show you a confirmation message describing exactly what was removed.

If your phone is offline when you tap Delete my data, the local wipe still happens, but the server-side anonymisation may not. In that case use option 11.2 below to ask us to finish the job.

11.2 By email (backup option, useful if you have already uninstalled)

If you have already uninstalled the App, or if option 11.1 reported that the server-side step did not succeed, email contact@adeeby.com from the email address you would like us to reply to. Include the 6-character couch code you used (so we can find your data, since we have no other identifier for you) and tell us “please delete my MovieDuo data”. We will delete or anonymise the matching couch document and confirm by email within 30 days. We aim to act within five business days.

If you no longer have the couch code, we will not be able to identify your data on Firestore (this is a privacy benefit, not a bug — it means we cannot link your data to your real identity). In that case please tell us in the email and we will work with you to identify any couch document that may contain your record, on a best-effort basis.

11.3 To delete data stored on your device by uninstalling

If you simply want the App’s local data gone and do not care about the shared couch on our server, uninstalling the App from your phone is enough. Your operating system removes all locally stored App data when you uninstall.

This option does not remove your half of any shared couch on our server. To remove that, use option 11.1 before uninstalling, or option 11.2 after.

11.4 To request deletion from third parties

We cannot delete data on behalf of TMDB, RapidAPI, YouTube, or Google. If you want to ask them to delete what they hold about you, please use the contact details in their privacy policies linked in section 5. To withdraw or change your ad-consent choice with Google AdMob specifically, the Settings → Ad consent settings entry in the App reopens the Google consent dialog so you can change your selection at any time.

12. How long we keep your data

• On your device: until you delete it via Settings → Delete my data, or uninstall the App.
• In Firestore (on request): if you tap Settings → Delete my data, we anonymise your half of the couch document immediately (your name is replaced with the placeholder “Deleted”, your synthetic user identifier is cleared, and your individual likes are wiped). The document itself is not removed by your request — that would also remove your partner’s watchlist and shared matches without their consent.
• In Firestore (otherwise): we do not currently apply automated retention limits. A couch document remains in our database until at least one of its participants asks us to anonymise their half via Settings → Delete my data (or via the email path in section 11.2). Because each couch document only contains nicknames and lists of movie IDs (no real names, no contact details, no payment information), we have judged this to be acceptable for a casual movie-matching app. We will introduce automated retention if the data we hold ever changes shape, and we will update this section before doing so.
• About anonymised halves while your partner is still using them: your partner continues to see your prior matches and their own data on the shared couch. They will see the placeholder name “Deleted” where your name used to be, so it is clear which side of the couch was anonymised.
• At third parties: for whatever period each third party’s policy specifies.

13. How we secure your data

• The App talks to all our third parties over HTTPS (TLS), so the data in transit is encrypted.
• Firestore data is encrypted at rest by Google’s infrastructure, in accordance with Google Cloud’s security model.
• Data on your device is stored in the operating system’s default secure storage location for application preferences, which is sandboxed from other apps by iOS and Android.
• We do not currently apply additional encryption on top of the platform defaults. The data we hold (nicknames and movie IDs) is not sensitive in the regulatory sense.
• If we ever experience a personal data breach that meets the GDPR’s notification threshold, we will notify the relevant supervisory authority within 72 hours and notify affected users without undue delay.

14. Changes to this policy

We will update this policy when our data practices change. When we update it:

• We will change the “Last updated” date at the top.
• For material changes (changes that increase the data we collect, change who we share it with, or affect your rights), we will notify you in-app the next time you open the App, before the new version takes effect, and we will give you at least 30 days’ notice.
• For minor clarifications (typos, rewording for legibility, links updates), we will simply update the date.

15. Contact

If you have any question about this policy or about how we handle your data:

Email: contact@adeeby.com

Postal mail:

We aim to respond within 5 business days for general questions and within 30 days (or sooner where required by law) for formal data-rights requests.