Legal

cinrift is operated by an individual as a personal project. The site is hosted on Cloudflare Pages and runs Next.js 16 inside a Cloudflare Worker via the OpenNext adapter. The site domain is cinrift.me; preview environments use the *.cinrift.pages.dev alias assigned by Cloudflare.

For privacy questions, contact us at the address at the bottom of this policy. We do not have a separate Data Protection Officer.

We collect the minimum information needed to operate the site. We do not knowingly collect special-category data (health, religion, sexual orientation, etc.).

2.1 You give us

• Account information. When you create an account we collect your display name, email address, and password. The password is hashed with PBKDF2-SHA512 inside the better-auth library and is never stored in plaintext.
• Support correspondence. If you email us (including DMCA notices), we keep that correspondence.

2.2 We collect automatically

• Visitor ID. A random UUID stored in localStorage under the key cinrift_vid. It is used to attribute pageviews and play events across sessions on the same browser.
• Session ID. A random UUID stored in sessionStorage under the key cinrift_session. It is regenerated when the browser tab is closed.
• Sync session ID. A second UUID stored in localStorage under cinrift_session_id, sent to our API in the x-session-id header so the server can attribute watchlist and watch-progress events to a device.
• Page views, source switches, and playback events. A subset of these events are sent to /api/events and stored in the Cloudflare D1 events table with a name, path, visitor_id, and optional context payload. We track the following event names: pageview, play_start, play_pause, source_switch, embed_page_loaded, player_error, scroll_depth, web_vital, ad_toggle, share, and a small set of feature-specific events.
• Web Vitals. LCP, CLS, INP, FCP, and TTFB are measured locally in your browser and reported back to /api/events under the name web_vital with a 1% sampling rate. The sampling rate is fixed in src/lib/web-vitals.ts.
• Heartbeat. Once per page load we send your visitor ID to /api/heartbeat, which writes a row to the D1 presence table so the site can show a live "online now" counter. The last-seen timestamp is overwritten on every page load.
• Attribution. On the first pageview, we capture UTM and click-id parameters (utm_source, utm_medium, utm_campaign, utm_content, utm_term, ref, fbclid, gclid) and the document referrer. These are stored in the D1 attribution table, keyed by visitor_id.
• Search queries. The text of every search submission and the number of results is sent to /api/events under the name search_submit. We do not retain a personal history of your searches beyond the aggregated event log.
• Watch history. If you are signed in, the title, season, episode, percent progress, current time, and total duration of every playback action is stored in the D1 watch_events table.
• Watchlist. If you are signed in, the TMDB IDs of titles you have added to your watchlist are stored in the D1 watchlist table.
• IP address. Cloudflare forwards the client's IP in cf-connecting-ip. We do not store this value in any D1 table at the time of writing. We do use it in-memory inside the Worker to enforce a per-IP rate limit on the events and heartbeat endpoints.
• User agent and referrer. Sent to our API as part of standard HTTP requests. Captured into the events.context column only when the client explicitly sends context in a track call.

• We do not run any third-party analytics product on cinrift. There is no Google Analytics, no Plausible, no Mixpanel, no Segment. The "Cloudflare Web Analytics" pageview counter mentioned in our internal notes is, if enabled, served by Cloudflare's own first-party beacon and is configured in the Cloudflare dashboard, not in the application code.
• We do not enable Sentry at runtime. The @sentry/cloudflare package is present in package.json for future use, and a small wrapper exists at src/lib/sentry.ts, but at the time of writing it only calls console.error. It sends nothing off-site.
• We do not collect biometric, financial, or government identifier data.

cinrift itself does not set advertising or analytics cookies. It does set authentication cookies when you sign in or create an account. We also use browser storage for the device-only state described above. A complete list lives on the Cookies tab of this page.

We use the data above to:

• Render the site, including your watchlist and progress
• Determine which titles are being played so the trending list reflects current demand
• Diagnose playback failures (e.g. the player_error event captured in the worker)
• Measure aggregate site health via Web Vitals
• Comply with valid DMCA takedown requests

We do not sell your data. We do not share it with advertising networks beyond the implicit Monetag exposure described in §6.4.

The following third parties process cinrift user data. Each has its own privacy policy that governs its handling.

6.1 Cloudflare (Pages, Workers, D1, KV)

All of cinrift runs on Cloudflare. Cloudflare's privacy policy applies to data they process on our behalf. We use Pages for static delivery, Workers for compute, D1 (cinrift-db-v2) for the application database, and two KV namespaces (CACHE_KV and PROVIDER_HEALTH_KV) for ephemeral caches.Cloudflare Privacy Policy.

6.2 The Movie Database (TMDB)

All movie and TV metadata, posters, backdrops, logos, cast listings, and trailers come from TMDB. We proxy all TMDB requests through our server so your browser does not talk to TMDB directly. TMDB's privacy policy applies to data they collect from our server.TMDB Privacy Policy.

6.4 Monetag (advertising)

When ads are not suppressed, we load a third-party JavaScript from al5sm.com (Monetag, zone 11094537). Monetag may set cookies or use local storage on your device to select and serve ads, and to measure impressions. Their privacy policy applies to that data.Monetag Privacy Policy. You can suppress this script on a per-device basis by toggling "Ad-Free" in the top-right of the site; the choice is stored in sessionStorage and is not synced to a server.

6.5 Discord (community link)

The footer links to a Discord invite. Discord's privacy policy applies if you choose to join.Discord Privacy Policy.

6.6 Third-party embed providers

When you press play, the page loads a third-party embed frame whose source is one of several independent domains. The operator of that domain will see your IP address and the usual request headers. We do not control that third party's policies.

We retain data only as long as needed. Concretely:

• events: 90 days. A daily GitHub Actions cron calls /api/cron/cleanup?days=90.
• server_errors: not automatically deleted. We manually truncate it.
• watch_events: not automatically deleted.
• presence: rows are considered stale 90 seconds after the last heartbeat and are excluded from "online" counts at query time. Stale rows are not deleted by a cron; they accumulate.
• counters: page-view counter. Indefinite.
• attribution: not automatically deleted.
• user / session / account / verification: active for the lifetime of the account. Session rows are refreshed on each successful sign-in.
• progress, watchlist (D1): deleted on account deletion.

To request deletion, email the address below from the address on the account. We will action the request within 30 days. Deletion removes the user, account, verification, and (after a follow-up sweep) the session, progress, and watchlist rows for your account, and clears the attribution and events rows that carry your visitor_id. Aggregate counters and the events_daily rollup are not tied to an individual.

Depending on where you live, you may have some or all of the following rights:

• Access: ask for a copy of the personal data we hold about you.
• Correction: ask us to fix data we hold that is wrong.
• Deletion: ask us to delete your account and the data tied to it.
• Portability: ask for a machine-readable export of your watchlist and progress.
• Objection / restriction: ask us to restrict processing while we investigate.
• Withdraw consent: if we ever rely on consent, you can withdraw it.

Email the address at the bottom of this page. We will reply within 30 days.

cinrift is not directed at children under the age of 13 (the U.S. COPPA threshold) and we do not knowingly collect personal information from them. If you believe a child has created an account, contact us and we will delete the account.

We honor the browser-level Do Not Track header and the Global Privacy Control signal. If either is set, the events table is not written. You can also opt out manually by setting cinrift_analytics_optout to "true" in your browser's localStorage. The opt-out key is set from the privacy controls in the site footer, when present, or you can set it from your browser's devtools.

Cloudflare's network is global. When you load cinrift, your request is processed at the nearest Cloudflare data center. We do not currently have a mechanism to restrict processing to a specific region. If that is important to you, please contact us before using the site.

We will update this policy when we make material changes. The "Last updated" date at the top reflects the current version. Continued use of the site after an update constitutes acceptance of the updated policy.

For all privacy questions, deletion requests, and DMCA notices, contact: