Privacy Statement

Last updated: March 15, 2026

1. Information We Collect

When you use TrailerHub, we may collect the following types of information:

  • Account Data: If you register or log in (including via Google or Apple sign-in), we collect your email address, display name, and authentication identifiers necessary to maintain your account.
  • Watchlist Data: If you use the watchlist feature, we store a record of the titles you add as part of your account.
  • Usage Data: Information about how you interact with our website, including pages visited, trailers watched, search queries, and time spent on the site.
  • Device Information: Browser type, operating system, screen resolution, IP address, and device identifiers.
  • Cookies and Local Storage: Small data files stored on your device to maintain your session, remember your consent preferences, and — with your permission — measure site usage.

2. Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

  • Contract performance: Account creation, login, and watchlist functionality.
  • Legitimate interest: Site security, fraud prevention (brute-force protection, CSRF checks), and service improvement.
  • Consent: Analytics and marketing cookies are loaded only after you grant explicit consent via our cookie banner.
  • Legal obligation: Where we are required to retain data by law.

3. How We Use Your Information

We use the collected information to:

  • Provide and maintain our trailer discovery service, including search, collections, and watchlist
  • Authenticate your identity and manage your account
  • Improve and personalise your experience
  • Analyse usage patterns and measure Core Web Vitals performance (when analytics consent is granted)
  • Ensure the security and integrity of our platform
  • Comply with legal obligations

4. Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share information in the following circumstances:

  • With service providers who help us operate our website (hosting, analytics)
  • With authentication providers (Google, Apple) when you choose to sign in via OAuth
  • When required by law or to protect our rights
  • In connection with a business transfer or merger

5. Third-Party Services

Our website integrates with the following third-party services:

  • The Movie Database (TMDB): We use the TMDB API for movie and TV show metadata, images, and streaming-provider information (via JustWatch data included in the TMDB API).
  • YouTube: Trailer videos are embedded from YouTube and are subject to Google's Privacy Policy.
  • Google Analytics (GA4): Loaded only when you grant analytics consent; used to measure site performance and usage. GA4 anonymises IP addresses by default.
  • Google Tag Manager (GTM): Loaded when analytics or marketing consent is granted; orchestrates tag firing according to your consent choices.
  • Google / Apple Sign-In: If you choose to log in with Google or Apple, we receive only the data you authorise (typically email and name) via the OpenID Connect protocol.
  • Google Gemini AI: Used server-side to generate content enrichment (mood tags, taglines, content warnings). No personal user data is sent to Gemini.

6. Cookies, Local Storage, and Consent

We use a Cookie Consent Management Platform (CMP) that asks for your explicit consent before loading optional cookies or scripts. Consent categories:

Strictly Necessary (always active)

  • PHPSESSID — PHP session identifier
  • SESS_USER — Authentication state
  • th_cmp_consent — Your cookie consent preferences (also stored in Local Storage)

Analytics (requires your consent)

  • Google Analytics 4 measurement cookies (_ga, _ga_*)
  • Core Web Vitals performance events (LCP, CLS, INP) sent to GA4

Marketing (requires your consent)

  • Google Tag Manager ad-related tags (ad_storage, ad_user_data, ad_personalization)
  • Remarketing and conversion tracking pixels (if configured in GTM)

You can change or withdraw your consent at any time via the Manage Cookies link in the website footer.

7. Data Retention

  • Account data: Retained for as long as your account is active. You may request deletion at any time.
  • Session cookies: Deleted when you close your browser or after session expiry.
  • Consent cookie: Stored for 180 days, after which re-consent is prompted.
  • Analytics data: Retained according to Google Analytics default retention settings (up to 14 months).
  • Audit logs: CMS operational logs are retained for administrative and security purposes.

8. Data Security

We implement appropriate security measures to protect your information, including:

  • HTTPS encryption for all traffic
  • Bcrypt password hashing
  • CSRF protection on state-changing requests
  • Brute-force and rate-limit protections on login endpoints
  • Role-based access control in the CMS

However, no internet transmission is 100% secure, and we cannot guarantee absolute security.

9. Your Rights (GDPR / ePrivacy)

If you are located in the European Economic Area, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Request that we restrict processing of your data.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interest.
  • Withdraw consent: Withdraw analytics/marketing consent at any time via the cookie banner.

To exercise any of these rights, contact us using the details in section 12 below.

10. Children's Privacy

Our service is not intended for children under 16 years of age (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Material changes may also be communicated via the website.

12. Contact Us

If you have any questions about this privacy policy or wish to exercise your data rights, please contact us at: