Privacy Policy

Effective date: 17 April 2026 · UK GDPR & EU GDPR compliant

This Privacy Policy explains how WatchTogether ("we", "us", "our") collects, uses, and protects personal data when you use our service at watchtogether.watch (the "Service"). It is written in plain English and aligned with the UK GDPR (retained EU law), the EU GDPR, and the UK Data Protection Act 2018.

1. Who We Are (Data Controller)

The data controller is the operator of WatchTogether, based in London, United Kingdom. Contact our privacy team at privacy@watchtogether.watch. The supervisory authority for UK users is the Information Commissioner's Office (ICO).

2. The Data We Collect

Category	Examples	Lawful basis
Account data	Email, display name, profile picture, authentication ID	Contract
Usage data	Rooms joined, friend connections, messages sent, reactions	Contract / Legitimate interest
Technical data	IP address, browser type, device type, anonymised connection metrics	Legitimate interest (security, abuse prevention)
Cookies & storage	Authentication tokens, preferences, session state	Strictly necessary / Consent for analytics
Communications	Support emails you send us	Legitimate interest

What we do NOT collect: we do not record, store, or process the contents of your screen share, video, or audio streams. WebRTC streams travel peer-to-peer and are end-to-end encrypted.

3. Why We Use Your Data

To create and operate your account and provide the Service.
To establish peer-to-peer connections (signalling only).
To prevent fraud, abuse, and enforce our Community Guidelines.
To respond to support requests.
To improve the product through aggregated, anonymised analytics.
To comply with legal obligations.

4. Who We Share Data With (Processors)

We use a small number of vetted third-party processors. None of them sell your data.

Processor	Purpose	Location
Google Firebase (Auth, Firestore, Hosting)	Authentication, real-time signalling, account storage	EU / US (SCCs in place)
Cloudflare Turnstile	Bot & abuse protection	Global edge
Google Analytics 4 (optional, consent-gated)	Aggregated usage analytics	EU / US
Google AdSense (where shown)	Advertising	EU / US

5. International Transfers

Where data is transferred outside the UK or EEA, we rely on Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, plus supplementary technical measures including encryption in transit and at rest.

6. Retention

Account data: kept while your account is active; deleted within 30 days of account deletion request.
Chat messages: deleted within 24 hours of room ending (rooms are ephemeral).
Server logs: 30 days for security and abuse investigations.
Support emails: up to 24 months for service-quality purposes.

7. Your Rights Under UK / EU GDPR

You have the right to:

Access the personal data we hold about you.
Correct inaccurate data.
Erase your data ("right to be forgotten").
Restrict or object to processing.
Receive a copy of your data in portable format.
Withdraw consent at any time.
Lodge a complaint with the ICO (UK) or your local supervisory authority.

Email privacy@watchtogether.watch to exercise any of these rights. We respond within 30 days.

8. Cookies & Local Storage

We use strictly-necessary cookies for authentication and session management — these do not require consent under PECR. Optional analytics and advertising cookies are only set after you give consent via the cookie banner. You can withdraw consent any time by clicking the cookie settings link in our footer.

9. Children

WatchTogether is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it.

10. Security

We use industry-standard security: TLS for all connections, encrypted authentication tokens, DTLS+SRTP encryption for WebRTC media, hashed authentication via Firebase Auth, and rate-limiting on sensitive endpoints. Read more on our Security & Data page.

11. Changes to This Policy

We will post any material changes here and update the "Effective date" at the top. For significant changes affecting your rights, we will email registered users.

12. Contact

Privacy queries: privacy@watchtogether.watch
Support: support@watchtogether.watch