Back to NightPick

Privacy Policy

Last updated: March 4, 2026

1. Who We Are

NightPick is a group entertainment platform that helps friends vote on what to watch or play together. We are an independent, non-commercial project. For privacy-related enquiries, contact us at nightpickofficial@gmail.com.

2. What Data We Collect

We collect only the minimum data necessary to operate the service:

  • Account dataUsername, display name, email address, and a hashed password (if you register with email). OAuth users (Google, Discord) share a profile identifier from those services instead.
  • Linked accountsSteam ID and/or Discord user ID, only if you choose to link them in your profile settings.
  • Usage dataRoom activity, session history, votes, watchlist items, and chat messages you send.
  • Technical dataIP address (logged when you accept the Terms of Service and in standard server access logs), browser user-agent, and timestamps.

3. Why We Collect It (Legal Basis)

  • Contract performance: to create and maintain your account and provide the service you signed up for.
  • Legitimate interests: to prevent abuse, secure the platform, and debug technical issues.
  • Legal obligation: to maintain records of Terms of Service acceptance where required.

4. Cookies

We use a single authentication cookie to keep you logged in. This cookie is strictly necessary for the service to function and does not track you across other websites. We do not use advertising cookies, analytics cookies, or any third-party tracking scripts.

5. Third-Party Services

NightPick integrates with the following external services to deliver features:

  • TMDB: movie and TV show metadata. No personal data is sent.
  • RAWG: game metadata. No personal data is sent.
  • Steam API: game library lookups using your Steam ID, only if linked.
  • Google OAuth / Discord OAuth: sign-in only. We receive a profile ID and email; we do not receive passwords.
  • Amazon Web Services: our servers and file storage run on AWS infrastructure in the United States.

6. How Long We Keep Your Data

Your account data is retained for as long as your account exists. Server access logs are rotated and deleted automatically after 30 days. If you request account deletion (see Section 7), we will delete your personal data within 30 days, except where retention is required by law.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the data we hold about you.
  • Rectification: ask us to correct inaccurate data.
  • Erasure: request deletion of your account and associated data.
  • Portability: request your data in a machine-readable format.
  • Objection: object to processing based on legitimate interests.

To exercise any of these rights, email us at nightpickofficial@gmail.com. We will respond within 30 days.

8. Data Security

Passwords are stored as bcrypt hashes. We never store plain-text passwords. All traffic is encrypted in transit via HTTPS/TLS. Access to production systems is restricted and authenticated. No system is 100% secure, but we take reasonable precautions to protect your data.

9. Children's Privacy

NightPick is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top of this page when changes are made. Continued use of NightPick after changes are posted constitutes your acceptance of the revised policy.

11. Contact

For any privacy questions, data requests, or complaints, contact us at nightpickofficial@gmail.com. If you are in the EU/EEA and believe we have not addressed your concern, you have the right to lodge a complaint with your local data protection authority.

Terms of Service·nightpickofficial@gmail.com

© 2026 NightPick. All rights reserved.