What we collect, and what we don’t.

Rate My Seat is run by a small team in India. The site operates from servers in India and reads are served over a Cloudflare-style edge when available. Our contact address for privacy questions is hello@ratemyseat.in.

When you sign in with Google, we store:

• Your Google account name (publicly displayed next to the ratings you leave).
• Your email address, encrypted at rest with AES-256-GCM and looked up internally via a one-way HMAC hash (emailHash) so we never scan plaintext emails when a session starts.
• Your Google avatar URL, used as your profile picture.
• The ratings, comments and favourites you add. Comments are encrypted at rest.
• A small audit log for sensitive actions: the action name, a timestamp, your IP address, and your browser user-agent. This exists so we can investigate abuse; it is not used for analytics and never shared.

• Your physical location. We never ask for geolocation permission.
• Your browsing history outside of Rate My Seat. We don’t embed pixels or social widgets that would report your visits elsewhere.
• Analytics via Google Analytics, Facebook, TikTok, or any similar third-party tracker. We simply don’t run them.
• Payment details. There is nothing to buy on Rate My Seat.
• Your phone number, your date of birth, or any government ID.

• NextAuth session cookie — an HTTP-only, secure cookie that keeps you signed in between visits. Deleted on sign-out.
• rms-city — a small preference cookie that remembers which city edition you last browsed, so the homepage opens in the right place. No personal data, no tracking ID.
• Google AdSense cookies — set by Google when an ad is served. These are governed by Google’s privacy policy and you can control them at adssettings.google.com.

The complete list of third parties that receive any data from Rate My Seat is:

• Google (OAuth) — handles the sign-in exchange and returns your name, email, and avatar URL.
• Google AdSense — serves the ads on listing and leaderboard pages. AdSense may drop its own cookies and do its own attribution per Google’s terms.
• Our hosting provider — processes requests on our behalf; sees standard server logs (IP, user-agent, URL requested). These logs rotate within a short window.

That’s the entire list. No marketing platforms, no data brokers, no “partner network”.

Under the Indian Digital Personal Data Protection Act 2023 and, where it applies, the EU GDPR, you can:

• Export everything we hold about you. Call GET /api/me/export while signed in (there is a button for this on your profile page) and you’ll get a JSON dump of every row tied to your account.
• Delete your account. Call DELETE /api/me (also a button on your profile page). This removes your user row, your ratings, your comments, your favourites, and your audit log entries. Aggregate seat statistics may retain the numeric contribution of your past ratings because the individual link to you has been severed.
• Correct something. Your display name comes from Google; update it there and it’ll refresh on your next sign-in. For anything else, email us.
• Withdraw consent. Signing out and deleting the account is the cleanest way to withdraw all consent for data processing.

Account data lives for as long as your account does. Delete the account and the data goes with it, typically within a few seconds, and at the outside within 30 days for any backup residue. Audit log entries for sensitive actions are retained for up to 12 months so we can investigate abuse, then pruned.

Rate My Seat is intended for people old enough to go to the cinema alone and old enough to hold a Google account in their own name. If you are under 18 and in India, or under 16 in the EEA, please use the site only with a parent or guardian.

If we change this policy in a way that materially affects how your data is handled, we’ll update the “last updated” date at the top and, where practical, put a notice on the homepage for at least a week. The full history of changes is in our git log.