cuemark.

Privacy Policy

Last updated: 2026-06-17

cuemark is built and operated by Mike Bradshaw (sole developer; reachable at [email protected]). This policy explains what data the app and backend collect, why, where it lives, and what your choices are.

It's written in plain English on purpose. If something isn't covered here, ask — we'll either tell you or update the policy.

1. What we collect

Account

• Your email address. Used for the magic-link sign-in flow (the one-tap email link) and to send transactional messages (welcome, ticket confirmations you forward to [email protected]).
• A device-generated install ID. Random, not tied to your identity. Used to sync your watchlist + history across devices when you sign in.

Activity you save in the app

• Watchlist. TMDb movie IDs you save, plus a timestamp.
• Itinerary. Showtimes you save, including theater name, start time, format, and the ticket link.
• History (logs). Tickets you've forwarded to [email protected] or added via the in-app camera capture. Includes title, theater, date.
• Theater preferences. Your starred theaters and home ZIP.
• Feedback + theater suggestions. Anything you submit via the "tell us" form or the "don't see your theater?" form.

Device + usage

• Approximate location (only when you grant "While Using" permission). Used to compute travel times between theaters when planning your day. Coordinates are not stored on our server; the location is held in the app process only.
• Notification token if you grant notification permission. Stored so we can ping you about presales / weekend openers / the daily game.
• App version + iOS version in error logs (only when something crashes; see §5).

What we do NOT collect

• We don't track you across other apps or websites.
• We don't collect your contacts, calendar events, or photo library contents. Calendar + camera permissions, when granted, only WRITE (calendar event for an itinerary item) or READ a single image you pick (a ticket receipt for the log).
• We don't sell your data. Ever. There is no advertising business model here to sell it to.

2. Where data lives

• Cloudflare D1 (UK + US regions) — authenticated user data (watchlist, itinerary, history, settings).
• Cloudflare KV — short-lived caches (showtimes, trailers, TMDb metadata). No personal data.
• Resend — outbound email delivery (magic links, welcome, receipts). Email addresses pass through Resend per their privacy policy.
• Apple Push Notification Service (APNs) — push tokens + the notifications we send through Apple. Apple's standard service.
• On your device — anything you haven't synced yet, plus preferences (home ZIP, format filters, etc.).

Third-party APIs cuemark calls but never sends your personal data to: TMDb (film metadata + posters), YouTube Data API (trailer playlists), SerpAPI (Google Showtimes results), and cinema chain sites / Fandango (showtime cross-checks). These see no user identifiers — just anonymous backend requests.

3. Sharing

We don't sell or rent your data. We share only when:

• Required by law — court order, subpoena, or similar legal process. We'd push back where reasonable and notify you when permitted.
• You ask us to — e.g., emailing your ticket history to yourself via the log forwarding address is, by definition, you sharing it with yourself.

4. Your choices

• Sign out — clears device-side caches. Your data on the backend stays for re-sync.
• Delete your account — email [email protected] from the email on file and we'll wipe your watchlist, itinerary, history, settings, and email within 7 days. No retention.
• Notification opt-out — flip notifications off in iOS Settings → cuemark. We re-check the permission state every launch and stop scheduling pings within minutes.
• Calendar opt-out — same, in iOS Settings. Future itinerary saves skip the calendar event silently.
• Location opt-out — same. Travel-time estimates degrade gracefully to "—".

5. Crash + diagnostic data

When the app crashes, we record: the stack trace, iOS version + device model, and the cuemark build number.

We do not record: the contents of your watchlist or itinerary, your email address, or your location at time of crash.

If we add a crash reporter (Sentry/Bugsnag), this policy will be updated to name it. As of this version, crash data is whatever TestFlight / App Store Connect exposes by default.

6. Children

cuemark is not directed at children under 13 and we do not knowingly collect data from them. If you believe a child has signed up, email [email protected] and we'll wipe the account.

7. International users

The cuemark backend runs on Cloudflare's network, which has data centers globally. By using cuemark from outside the US, you consent to your data being processed in the US and/or the UK.

If you're in the EU/UK and want to exercise GDPR rights (access, deletion, portability), email [email protected] and reference the email on your account. We'll respond within 30 days.

8. Changes

If we change this policy materially, we'll notify TestFlight + App Store users via in-app banner before the change takes effect.

---

Questions: [email protected]. We read every one.