Privacy Policy

Privacy Policy

AllStream — Gold Co

Effective Date: April 30, 2026

Also available in:

1. Introduction

Welcome to AllStream, a movie and TV series discovery platform developed by Gold Co ("we", "us", or "our"). AllStream lets you build watchlists, track what you've seen, rate content, share lists with friends, and get personalized recommendations based on your taste profile.

This Privacy Policy applies to our application available on the web and on Android via Google Play (as a Trusted Web Activity). It explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have over it.

By using AllStream, you agree to the practices described in this policy. If you do not agree, please discontinue use of the App. Questions? allstream.app.contact@gmail.com

2. Data We Collect

We only collect data that is necessary to provide the features of AllStream. The categories below match Google Play's Data Safety categories.

2.1 Personal Information — Account Data

AllStream lets you sign in with Google Sign-In (OAuth) or Facebook Login (provided by Meta). You choose one provider when you create your account. We receive only what that provider shares for sign-in; we do not receive your password for Google or Facebook.

Google Sign-In. When you sign in with Google, Google provides us with:

  • Email address — used to identify your account; never shared publicly
  • Google profile photo — used as your default avatar

Facebook Login. When you sign in with Facebook, Meta may provide us with:

  • Email address — if you grant the email permission; used to identify your account; never shared publicly
  • Name — as shown on your Facebook profile (we may use it to prefill your display name during onboarding)
  • Facebook profile picture — used as your default avatar

How Meta processes data when you use Facebook Login is described in Meta's Privacy Policy. Our use of information received from Meta complies with Meta's applicable terms and policies for developers.

During onboarding, you are asked to choose a username (required and publicly visible). You may optionally also provide:

  • Display name
  • Biography / bio text
  • Date of birth (used for age-appropriate content; not shared publicly)
  • Gender
  • Custom avatar image (uploaded by you; stored securely)

2.2 App Activity — Content Interactions

To provide watchlist, recommendation, and social features, we store the following activity data linked to your account:

  • Watchlist items and their watch status (to watch, watching, watched, abandoned)
  • Personal ratings (1–10 stars) assigned to movies or TV shows
  • Content likes and superlikes
  • Shared watchlists created or joined with other users
  • User-created curated movie/TV lists (public or private)
  • Taste profile — automatically computed affinities for genres, tags, cast members, and directors, derived from your activity. Used exclusively to generate recommendations within the App.

2.3 App Info & Performance — Analytics

We use the following services to monitor App performance and understand how it is used, in order to fix issues and improve features:

  • Google Analytics (GA4) — anonymized page views, session duration, and usage patterns. No personally identifiable information is linked to these events. Subject to Google's Privacy Policy.
  • Google Signals — a Google Analytics advertising feature that enables cross-device analytics. Google collects data from signed-in Google users who have enabled ads personalization, which may include cross-device session data and aggregated demographic and interest information (e.g., approximate age range, gender, interests). Google reports this to us only in aggregated, non-identifiable form; no individual-level data is shared with us. Google processes this data under its own Privacy Policy. To opt out, disable ads personalization in your Google Ads Settings.
  • Vercel Analytics & Speed Insights — anonymized, cookie-less page performance and traffic data. Subject to Vercel's Privacy Policy.
  • Firebase Analytics (Android app) — The Google Play Android build includes the Firebase Analytics SDK. On Android, Google may access the Advertising ID (Google Advertising ID) when the OS and your settings allow it, for analytics and measurement (not for AllStream showing third-party ads). Firebase processes this data under Firebase/Google's documentation and Google's Privacy Policy. We do not receive the raw Advertising ID into our own databases. You can reset the Advertising ID or limit ad personalization in your Android settings (e.g. Settings → Google → Ads).

2.4 Device or Other IDs — Approximate Location

  • Country code (approximate location) — inferred from your IP address via Cloudflare edge network headers. Used exclusively to display localized streaming availability (e.g., which services carry a title in your country). We do not request, store, or use GPS coordinates or any precise location data.
  • Google Advertising ID (Android app only) — may be processed by Google's Firebase Analytics SDK as described in §2.3. Not applicable to our website in the same way as the native Android permission model.
  • Device and browser type (web) — collected by analytics tools (see §2.3) for performance monitoring on the website. Combined with Firebase on Android as above.

3. What We Do NOT Collect

AllStream does not collect or use any of the following:

  • Precise GPS location
  • Camera or microphone access
  • Contacts, calendar, or files on your device
  • Health or financial information
  • Third-party ad networks or in-app ad inventory inside AllStream (we do not run banner, interstitial, or similar ads from ad networks in the App)
  • Biometric data
  • Payment information (the App is free)

4. How We Use Your Data

4.1 Purposes

  • Create and manage your account
  • Provide core features: watchlists, ratings, curated lists, content discovery
  • Generate personalized recommendations using your taste profile (processed entirely within our own infrastructure — not shared with advertisers)
  • Enable social features: shared watchlists, public lists viewable by other users
  • Display localized streaming availability based on your country
  • Monitor App performance and fix bugs (analytics)
  • Respond to your support requests

4.2 Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) or United Kingdom (UK), our legal basis for processing your personal data is:

  • Contract — processing your account data and content interactions is necessary to provide the service you signed up for.
  • Legitimate interests — analytics data is processed to improve the App. This interest does not override your rights.
  • Consent — optional profile information (bio, birthdate, gender) is processed only if you choose to provide it. You can remove it at any time.

5. Public Profile & Visibility

Some of your AllStream data is visible to other users or the public. Please be aware of what you share:

  • Username and avatar — visible to all AllStream users
  • Display name and bio — visible on your profile page if set
  • Public lists — any list you mark as "public" is visible to all users
  • Shared watchlists — content and watch status within a shared watchlist is visible to the user(s) you share it with

The following data is never visible to other users: your email address, date of birth, gender, taste profile affinities, private lists, and your watch history on private lists.

6. Third-Party Services

AllStream integrates with the following third-party services. Each has its own privacy policy. We only share the minimum data necessary for each service to function.

ServicePurposeData Shared
SupabaseDatabase, authentication, file storage (avatars)All user data is stored here (encrypted at rest)
Google OAuthSign-in authenticationEmail address, profile photo
Facebook Login (Meta)Sign-in authenticationEmail (if permitted), name, profile photo
Google Analytics (GA4)Usage analyticsAnonymized usage events (no PII)
Google SignalsCross-device analytics and aggregated audience insights (GA4 advertising feature)Aggregated demographic & interest data from signed-in Google users who enabled ads personalization; cross-device session data. No individual-level data is shared with us.
Firebase (Google)Mobile app analytics on Android (Firebase Analytics SDK)App instance and device data; on Android, the Advertising ID may be used by Google for measurement per Firebase/Google policies — not stored by us in Supabase
VercelHosting, analytics, performance monitoringAnonymized traffic data (cookie-less)
TMDBMovie & TV metadata, posters, cast infoNone — read-only content API, no user data sent
OMDBAdditional ratings metadata (IMDb scores)None — read-only content API, no user data sent
Rotten TomatoesCritic and audience scoresNone — read-only content API, no user data sent
CloudflareCDN delivery, DDoS protection, edge geolocationIP address (for country code derivation only)

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to any third party. We do not share your data with advertising partners for their marketing or ad campaigns. Google Analytics, Google Signals, and Firebase Analytics may process device identifiers (including the Android Advertising ID) for measurement and analytics as described in §2.3 and §6 — not so that we can buy or sell ad targeting lists. Data is shared only in the following limited circumstances:

  • Service providers — listed in §6, solely to operate the App
  • Other AllStream users — only the public profile and content data described in §5
  • Legal requirements — if required by applicable law, valid court order, or governmental authority, after assessing the legality of the request
  • Business transfers — if Gold Co is involved in a merger, acquisition, or asset sale, we will notify you before your data is transferred and becomes subject to a different privacy policy

8. Data Storage and Security

  • Storage — all user data is stored in Supabase's PostgreSQL database infrastructure, encrypted at rest using AES-256.
  • Transit encryption — all data transmitted between your device and our servers uses HTTPS (TLS 1.2+). All API calls to third-party services also use HTTPS.
  • Access control — Row Level Security (RLS) policies ensure each user can only read and modify their own data. No employee has routine access to your data.
  • File storage — avatar images are stored in Supabase Storage with access controls enforced at the infrastructure level.

While we apply industry-standard security measures, no system is completely immune to breaches. In the event of a data breach affecting your rights, we will notify you as required by applicable law.

9. Account and Data Deletion

How to delete your account:

Go to Profile → Settings → Delete Account in the App, or send a deletion request to allstream.app.contact@gmail.com.

When you delete your account, we permanently delete:

  • Your profile data (username, display name, bio, birthdate, gender, avatar)
  • Your watchlist and all watchlist items
  • Your ratings, likes, and superlikes
  • Your curated lists
  • Your taste profile
  • Your participation in shared watchlists
  • Your authentication record

Deletion is completed within 30 days of your request. Anonymized analytics data (which cannot be linked back to you) may be retained.

10. Your Rights

10.1 GDPR Rights (EEA / UK Users)

You have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Portability — receive your data in a machine-readable format
  • Restriction — request we limit how we process your data
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — at any time, for data processed on the basis of consent (optional profile fields)

You also have the right to lodge a complaint with your local data protection authority (e.g., your national DPA in the EEA, or the ICO in the UK).

10.2 CCPA Rights (California Residents)

  • Know what categories of personal information are collected and how they are used
  • Request deletion of your personal information
  • Opt out of the sale of personal information — we do not sell your data
  • Non-discrimination for exercising these rights

10.3 How to Exercise Your Rights

Email us at allstream.app.contact@gmail.com with the subject "Privacy Request". We will respond within 30 days (or as required by your applicable law). You may also update or delete profile data directly within the App's settings.

11. Children's Privacy

AllStream does not have an age restriction and is accessible to users of all ages. However, we do not knowingly collect personal information from children under the age of 13 (or the applicable minimum age in their country).

Sign-in is handled through Google OAuth or Facebook Login. Google and Meta each require users to meet their minimum age to use those accounts (typically at least 13 years old, or higher where local law requires). We do not offer a sign-in method intended for children below those providers' requirements.

If you are a parent or guardian and believe your child has created an account without your consent, please contact us at allstream.app.contact@gmail.com. We will delete the account and all associated data promptly.

12. Cookies and Tracking Technologies

AllStream uses the following cookies and tracking technologies:

  • NEXT_LOCALE (essential) — stores your language preference (Spanish or English). Required for the App to display in the correct language.
  • Supabase session token (essential) — a secure, HTTP-only token that keeps you signed in. Deleted when you sign out or the session expires.
  • Google Analytics (GA4) & Google Signals (analytics) — GA4 uses cookies and device identifiers to collect anonymized usage metrics on the web. On Android, Firebase Analytics may also use the Advertising ID for measurement (see §2.3). With Google Signals enabled, Google additionally uses cross-device identifiers to associate sessions across devices for signed-in Google users with ads personalization active. We receive only aggregated, non-identifiable data from this feature. Opt-out options:
  • Vercel Analytics (analytics) — cookie-less, privacy-friendly analytics. No personally identifiable information is tracked.

AllStream does not deploy advertising or retargeting cookies, and does not use cookies to track users across third-party websites. The Android app does not include third-party SDKs whose purpose is to display ads in the App; Firebase Analytics may still access the Advertising ID for measurement as described in §2.3.

13. Data Retention

We retain your personal data for as long as your account is active and as needed to provide you with the service. If you delete your account, your personal data is permanently deleted within 30 days (see §9 for full details).

Aggregated, anonymized analytics data (which cannot identify you) may be retained indefinitely for product improvement purposes.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Effective Date" at the top of this page will always reflect the date of the most recent version. For material changes, we will provide at least 30 days' notice — for example, via a notice in the App or an email to your registered address.

Your continued use of AllStream after a change takes effect constitutes your acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:

Gold Co
Email: allstream.app.contact@gmail.com

We aim to respond to all privacy-related inquiries within 30 days.

© 2026 Gold Co. All rights reserved.

Discover
Clips
Privacy Policy | AllStream | AllStream