Legal Framework

Privacy Policy

GDPR-compliant privacy policy // Data protection notice // Last updated: January 6, 2025

1. Data Controller

The data controller responsible for your personal data is:

Diamond Dog Film (BV)

BE 1008.209.783

Jules Van Biesbroeckstraat 156

9050 Gent, Belgium

Email: julien@enigmareleasing.com

For questions about your personal data, privacy rights, or this policy, please contact us at the email address above.

2. What Data We Collect

2.1 Account Information

  • Real name (verified using AI)
  • Email address (verified)
  • Username (auto-generated)
  • Date of birth (age verification - 18+ required)
  • Gender (optional)
  • Location, city, country (optional)
  • Bio/About text (optional, max 500 characters)
  • Avatar/Profile image (optional)

2.2 Film Interaction Data

  • Film ratings (1-5 stars)
  • Film reviews and comments
  • Watchlist and favorite films
  • Custom film lists (public/private)

2.3 Email Marketing Data

  • Newsletter subscription status
  • Email open tracking (with consent)
  • Link click tracking (with consent)
  • Device and browser information
  • Email bounce and delivery status

2.4 AI Verification Data

  • Name verification results (real vs. fake name detection)
  • Fame verification (famous person detection)
  • Verification attempt logs via Perplexity AI

2.5 Analytics and Tracking

  • QR code scans (device type, browser, OS, hashed IP)
  • Website analytics via Vercel Analytics (with cookie consent)
  • Login timestamps and activity logs

2.6 Content Moderation Data

  • Flagged content reports
  • Moderation actions and warnings
  • Account suspension history

3. Legal Basis for Processing

Under GDPR, we process your data based on the following legal grounds:

Contract Performance (GDPR Article 6(1)(b))

Processing necessary to provide our film distribution and social platform services

Consent (GDPR Article 6(1)(a))

AI name verification, email tracking, analytics cookies, marketing communications

Legitimate Interest (GDPR Article 6(1)(f))

Security, fraud prevention, service improvement, analytics

Legal Obligation (GDPR Article 6(1)(c))

Content moderation logs, compliance with EU regulations

4. Third-Party Services

We use the following third-party services to operate our platform:

Supabase (Database & Authentication)

Purpose: Data storage, user authentication, database management

Location: EU servers (data stays in EU)

DPA: ✓ Data Processing Agreement in place

Vercel (Hosting & Analytics)

Purpose: Website hosting, performance analytics

Location: Global CDN with EU data residency options

DPA: ✓ Data Processing Agreement in place

Resend (Email Delivery)

Purpose: Newsletter delivery, transactional emails

Location: US with EU data protection safeguards

DPA: ✓ Data Processing Agreement in place

Perplexity AI (Name Verification)

Purpose: AI-powered real name verification, fame detection

Consent: ✓ Explicit consent required at signup

TMDB (The Movie Database)

Purpose: Film metadata, images, trailers

Data: Public API, no personal data shared

5. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right of Access (Article 15)

View all personal data we hold about you

Right to Data Portability (Article 20)

Download your data in JSON format

Right to Erasure (Article 17)

Request permanent deletion of your account

Right to Rectification (Article 16)

Correct inaccurate personal data

Right to Restrict Processing (Article 18)

Limit how we use your data

Right to Object (Article 21)

Object to certain types of processing

Right to Withdraw Consent (Article 7(3))

Withdraw consent at any time

Right to Lodge a Complaint

File a complaint with Belgian DPA

Exercise Your Rights

Manage your privacy settings and exercise your GDPR rights:

→ Privacy Dashboard

6. Data Retention

We retain your data according to the following policies:

Active Users:Data retained indefinitely while your account is active
Inactive Users:After 2 years of no login, personal data is anonymized (GDPR data minimization)
Email Logs:Automatically deleted after 1 year
QR Scans:Automatically deleted after 6 months
Moderation Logs:Retained for 3 years (legal compliance)
Deleted Accounts:30-day grace period, then permanent deletion (cannot be undone)

7. Security Measures

We implement the following security measures to protect your data:

  • End-to-end encryption for data in transit (HTTPS/TLS)
  • Encrypted data at rest (Supabase encryption)
  • Row Level Security (RLS) to prevent unauthorized data access
  • Password hashing using industry-standard algorithms
  • Signed URLs for file downloads (temporary, single-use)
  • IP address hashing for privacy-preserving analytics
  • Regular security audits and updates
  • Supabase SOC 2 Type II compliance

8. Cookies & Tracking

We use cookies and similar tracking technologies. See our Cookie Policy for details.

Strictly Necessary Cookies

Required for authentication and core functionality (no consent required)

Analytics Cookies

Vercel Analytics for performance monitoring (consent required)

You can manage your cookie preferences at any time via our Cookie Settings.

9. International Data Transfers

Some of our service providers (Resend, Perplexity) may process data outside the European Economic Area (EEA). In such cases, we ensure adequate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements (DPAs) with all processors
  • Compliance with EU-US Data Privacy Framework where applicable
  • Technical and organizational security measures

10. Children's Privacy

Our platform is intended for users aged 18 and over. We do not knowingly collect data from children under 18.

If we discover that a user under 18 has created an account, we will immediately delete their account and all associated data.

11. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Belgian Data Protection Authority within 72 hours (GDPR Article 33)
  • Notify affected users without undue delay (GDPR Article 34)
  • Provide details about the breach, affected data, and remediation steps
  • Take immediate action to contain and remedy the breach

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

When we make significant changes, we will notify you via email or prominent notice on our platform. Continued use of our services after changes constitutes acceptance of the updated policy.

Last Updated: January 6, 2025

13. Contact & Complaints

For Privacy Questions:

Email: julien@enigmareleasing.com

We will respond to your inquiry within 30 days (GDPR requirement)

Lodge a Complaint with Belgian DPA:

Belgian Data Protection Authority (APD/GBA)

Rue de la Presse 35, 1000 Brussels, Belgium

Phone: +32 (0)2 274 48 00

Email: contact@apd-gba.be

Website: www.dataprotectionauthority.be

← Back to About