Privacy Policy

Watchlo is a personal media tracking application operated at watchlo.tv. For GDPR purposes, the operator of this service acts as the data controller for all personal data processed through the platform.

Questions about this policy can be directed to [email protected].

We collect the information needed to provide the features you use.

• Account data — your email address, username, display name, profile image, verification status, account settings, and whether your profile is public.
• Authentication data — password hashes if you set a password, passkey public keys and counters if you add passkeys, verification/reset tokens, sign-in sessions, and Google OAuth account identifiers/tokens when you connect Google sign-in.
• Watch history — movies and TV episodes you log manually or import from services you connect, including Trakt, Plex, Jellyfin, and Stremio.
• Ratings and reviews — ratings, reviews, private/public notes, and related timestamps.
• Lists and watchlists — custom lists, watchlists, imported lists, list privacy, list item order, and list source metadata.
• Playback and library data — now-playing state, playback progress, Plex library metadata, and optional physical media collection data you import or enter.
• File imports — Watchlo JSON export files uploaded through Settings, plus Blu-ray.com CSV data pasted through Library. Imported physical library data may include titles, UPC/EAN/ASIN identifiers, studio, country, release date, disc counts, casing, slipcover and digital-copy flags, watched status, comments, retailer, price, technical specs, artwork URLs, and import status.
• Connected-service data — tokens, API keys, webhook tokens, server identifiers, library choices, sync settings, and last-sync status for optional integrations you enable.
• Settings and preferences — timezone, country, default page, display preferences, snoozed shows/seasons/collections, anime display mode, and feature toggles.
• Social connections — friend requests and friendships you initiate within the app.
• Technical data — server logs, request metadata, error details, and rate-limit records needed to keep the app secure and reliable.
• Deletion audit records — when account or user data is deleted, we may retain a minimal audit record with the deleted account's email/username snapshot, the actor who performed the deletion, timestamp, confirmation text, and aggregate before/after counts. These records do not copy your watch history, ratings, lists, notes, comments, or connected-service tokens.

We do not collect payment information, advertising identifiers, or precise location. We do not intentionally fingerprint your device for advertising or cross-site tracking.

Your data is used exclusively to power the features you use. Specifically:

• To authenticate you and maintain your session.
• To display your watch history, progress, and statistics.
• To sync data with third-party services you explicitly connect.
• To process file imports and match imported media to metadata.
• To surface friend activity when you opt into social features.
• To send account verification and password reset emails.
• To protect the app from abuse, failed sign-in attempts, and webhook misuse.
• To diagnose errors and improve reliability.

We do not sell, rent, share, or monetise your data in any form. We do not use your data for advertising. We do not build profiles to sell to third parties.

The legal basis for processing is performance of a contract (GDPR Art. 6(1)(b)) — processing is necessary to provide the service you signed up for.

Watchlo currently supports Google sign-in, username/email plus password, and passkeys.

• Google sign-in — if you connect Google, we receive your Google account identifier and basic profile information needed to sign you in. We never receive your Google password.
• Password sign-in — if you set a password, we store a password hash, not the plain-text password. Email verification and password reset tokens are stored temporarily and expire.
• Passkeys — if you add a passkey, we store the public credential data needed to verify future sign-ins. Your biometric data, device PIN, or private passkey material stays on your device or passkey provider and is not sent to Watchlo.

Watchlo connects to external services only where needed for sign-in, media metadata, or integrations you enable. Each service operates under its own privacy policy.

• Google — used only if you choose Google sign-in or connect Google to your account.
• Trakt — if you connect Trakt, we store encrypted OAuth tokens and your Trakt username to sync watch history, ratings, lists, and comments where enabled.
• Plex — if you connect Plex, we may receive webhook playback events, observed Plex account/server identifiers, library metadata, watch history, ratings, watchlist data, and an encrypted Plex server token for server sync.
• Jellyfin — if you enable the Jellyfin webhook, Jellyfin sends playback events to Watchlo so we can update now-playing state, playback progress, and watch history.
• Stremio — if you install the Watchlo Stremio addon, your Watchlo lists can appear in Stremio. If you save a Stremio auth key, Watchlo can request your Stremio library/watch-state data to sync watched items back into your history.
• MDBList — Watchlo can fetch public MDBList lists. If you save your own MDBList API key for private lists, it is stored server-side and encrypted.
• TMDB — we fetch movie and TV metadata such as titles, posters, descriptions, release dates, episode guides, and ratings. Requests are based on media identifiers, not your account identity.
• Blu-ray.com, Amazon, and UPCitemdb — used for optional physical library imports and enrichment. Watchlo may send a title, Blu-ray.com product URL, UPC, EAN, or ASIN to find edition details, cover art, disc specs, and packaging metadata.
• AniList and TVDB — used for anime metadata, mappings, episode/series information, and artwork where available. Requests are based on media identifiers, not your account identity.
• Email provider — used to send account verification and password reset messages.

You can disconnect optional integrations from Settings where the app provides a disconnect control, or contact us if you need help removing stored integration data.

We retain your data for as long as your account is active. If you delete your account, Watchlo immediately deletes your user account from the active database. User-owned records that are linked to that account — including sessions, password/passkey data, watch history, ratings, lists, notes, connected-service tokens, webhook endpoints, playback progress, import jobs, physical media entries, and social connections — are deleted with it.

Administrators may also delete an account when handling a user request, abuse report, support issue, or legal/privacy obligation. Admin deletions use the same account-data deletion path and create a minimal audit record so we can show when the deletion happened and who performed it.

Import jobs are retained as account data while your account exists. Settings imports may retain the parsed Watchlo export payload until the import job is removed or your account is deleted. Physical library CSV imports are stored as physical media records after parsing.

Account deletion does not delete data already held by external services such as Google, Trakt, Plex, Jellyfin, Stremio, MDBList, TMDB, AniList, or TVDB. Backups and server logs may also retain deleted data for a limited period until normal rotation.

Minimal deletion audit records may be retained for accountability, security, legal compliance, and the establishment, exercise, or defence of legal claims. They are limited to deletion metadata and aggregate counts rather than the deleted user content itself.

Anonymised, aggregated statistics (e.g. total number of users) may be retained indefinitely, as they cannot be traced back to any individual.

If you are located in the European Economic Area, you have the following rights regarding your personal data:

• Access — request a copy of all data we hold about you.
• Rectification — correct inaccurate data. Most data can be updated directly in Settings.
• Erasure — request deletion of your account and all associated data.
• Portability — export your watch history and data in a machine-readable format.
• Restriction — request that we limit processing of your data in certain circumstances.
• Objection — object to processing based on legitimate interests.

To exercise any of these rights, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

Watchlo uses cookies and browser storage only where they are needed to run the service or remember app preferences. These include:

• Authentication session cookies to keep you signed in.
• Security and sign-in flow cookies for OAuth and passkeys.
• Temporary connection cookies for Trakt and Plex authorization flows.
• Timezone and interface preferences stored locally in your browser.
• Recent searches, table/view preferences, calendar filters, and retry flags stored locally in your browser.

These cookies are HttpOnly where appropriate, Secure in production, and not used for advertising, profiling, or cross-site tracking.

Watchlo uses self-hosted, cookie-free analytics to understand broad usage patterns and product health. Analytics events are aggregated and do not include user IDs, emails, search text, media titles, access tokens, or advertising identifiers.

We do not use third-party tracking cookies, advertising cookies, ad retargeting pixels, or cross-site behavioral profiling. No consent banner is required for strictly necessary cookies or cookie-free, privacy-preserving analytics.

We may update this policy as the service evolves. When we make material changes, we will update the date at the top of this page. For significant changes, we may notify you via email or an in-app notice. Continued use of the service after changes constitutes acceptance of the updated policy.

For privacy questions, data requests, or concerns about this policy, contact us at [email protected].