Privacy Policy

Last updated: 07/03/2026

1. Overview

NexVid is designed to work primarily with data stored locally in your browser. If backend login/cloud sync is enabled for this deployment, selected account data is also processed by the configured backend API.

2. Data We Process

By default, data is stored in your browser's localStorage. If cloud auth is enabled, the backend stores only data necessary to run account, security, and moderation features.

  • Account data: nickname, password hash, account creation date
  • Session data: authentication tokens and token expiry data
  • App data: settings, watchlist, playback-related preferences
  • Security data: hashed anti-abuse identifiers (e.g. hashed IP/fingerprint signals)
  • Moderation/admin data: bans, audit logs, security events, timestamps

We do not require email verification to use accounts in the current deployment.

3. Purposes and Legal Basis (GDPR)

We process data for: (a) account login/session handling, (b) app functionality and optional sync, and (c) security and abuse prevention.

The legal basis is generally:

  • Article 6(1)(b) GDPR (performance of a contract) for account/service operation
  • Article 6(1)(f) GDPR (legitimate interest) for security, anti-abuse and moderation

Where local browser storage is strictly necessary for requested functionality, it is used on that basis.

4. Optional Cloud Sync

If NEXT_PUBLIC_API_URL is configured and you use backend login, NexVid can sync data with that backend. In that mode, data may be transmitted to endpoints such as /auth/me, /user/profile, /user/settings, and /user/watchlist.

This deployment may be self-hosted or operated by a third party. Data retention, geographic location, and infrastructure controls for synced data depend on that backend operator.

5. Third-Party Services

NexVid may connect to external services needed to render content and metadata:

  • TMDB API — movie/show metadata, posters, and search data
  • FebBox — streaming source/provider integration used by resolver flows
  • TheIntroDB — optional intro/outro segment metadata (skip-intro/skip-outro features)

These services operate under their own privacy policies and terms. We recommend reviewing the policies for TMDB, FebBox, and TheIntroDB directly if you use features that rely on them.

6. Cookies and Local Storage

NexVid uses only technically necessary client-side storage (primarily localStorage) and authentication/session mechanisms required to operate the service. We do not use advertising or tracking cookies.

If non-essential analytics or marketing cookies are introduced in a future release, this policy and consent flow will be updated accordingly.

7. Retention

We keep data only as long as needed for account operation, service reliability, and abuse prevention. Retention may vary by data type (e.g., session records vs. moderation logs) and may be adjusted where required by law or security obligations.

8. Analytics

This deployment does not use behavioral advertising trackers. If operational telemetry is enabled by the infrastructure provider, it is used for reliability/security, not ad profiling.

9. Your Rights (EU/EEA)

Subject to applicable law, you may request access, rectification, erasure, restriction, objection, and data portability where relevant. You may also object to processing based on legitimate interest.

10. Your Control

You can delete all stored data at any time by clearing your browser's localStorage, or by using the “Clear Everything” option in the Settings page.

For this deployment, data stored on our backend (Cloudflare D1) is deleted only when you use “Clear Everything” while logged into your account.

11. Contact

For privacy requests related to this deployment (including account deletion or access request), contact the service operator using the support/contact channel provided in this deployment.