Privacy Policy

Last updated: March 28, 2026

1. Introduction

MediaShelf is a personal media tracking application operated by Viggo Lekdorf ("I", "me", "my"). It lets you catalog movies, TV shows, and games. This Privacy Policy explains how I collect, use, and protect your information when you use the website and iOS app.

2. Information I Collect

Account Information

When you create an account, I collect:

Username
Email address
Password (stored securely hashed)
Date of birth (used for age verification only)

If you sign in with Google or Apple, I receive your name, email address, and profile picture (Google only) from the provider. This information is used to create or link your account. I do not receive or store your Google or Apple password.

Profile Information

You may optionally provide:

Display name, bio, and location
Profile picture and header image

Media & Activity Data

I store data you provide about your media consumption, including:

Movies, TV shows, and games you track
Ratings, reviews, and play time
Lists you create
Activity and social interactions (follows, comments, messages)

Third-Party Platform Links

If you choose to link third-party accounts (Google, Apple, Steam, or PlayStation Network), I store the necessary identifiers or credentials to enable sign-in or sync your library. Steam and PlayStation credentials are encrypted at rest and are only used to fetch your library data. Google and Apple account links store only a provider identifier used for authentication.

Device Information

If you enable push notifications, I store your device token to deliver notifications. I do not directly collect device identifiers, IP addresses, or analytics data beyond what is necessary to operate the service.

Advertising Data

MediaShelf displays advertisements provided by Google AdMob. Google's advertising SDK may collect certain information from your device, including:

Device identifiers (such as the Identifier for Advertisers, or IDFA)
IP address and general location data
App usage data and interaction with ads

This data is collected and processed by Google in accordance with Google's Privacy Policy. You may opt out of personalized advertising by adjusting your device's tracking settings or by denying the App Tracking Transparency prompt. If you purchase the "Remove Ads" in-app purchase, the advertising SDK will no longer display ads or collect advertising data.

Purchase Information

If you make an in-app purchase (such as "Remove Ads"), the transaction is processed entirely by Apple through the App Store. I do not collect or store your payment information, credit card details, or Apple ID. I receive a cryptographically signed transaction record from Apple to verify your purchase and activate the purchased feature on your account.

3. How I Use Your Information

I use your information to:

Provide, maintain, and improve the MediaShelf service
Authenticate your identity and secure your account
Send you email verification and password reset emails
Deliver push notifications you have opted into
Display your public profile and activity to other users
Sync your game libraries from linked platforms

4. Information Sharing

I do not sell, rent, or share your personal information with third parties for their own marketing purposes. Your data is only shared in the following circumstances:

Public profile data: Your username, display name, avatar, and public activity are visible to other MediaShelf users.
Third-party APIs: I send requests to TMDB, IGDB, Steam, and PSN to fetch media metadata and sync your libraries. I only share the minimum data needed for these requests.
Advertising: Google AdMob may collect device-level data for the purpose of serving and measuring advertisements, as described in the Advertising Data section above. You can opt out of personalized ads through your device settings.
Purchase verification: When you make an in-app purchase, Apple's signed transaction data is sent to my server to verify the purchase. No payment details are shared.
Legal requirements: I may disclose information if required by law.

5. Data Security

I take reasonable measures to protect your data, including:

Passwords are hashed using bcrypt
Third-party tokens are encrypted at rest using AES-256-GCM
Authentication uses JWT with secure httpOnly cookies
Two-factor authentication (2FA) and passkey support are available
API rate limiting is enforced to prevent abuse

6. Data Retention

I retain your data for as long as your account is active. If you delete your account, your personal data will be permanently removed. Some anonymized or aggregated data may be retained for service improvement purposes.

7. Your Rights

You have the right to:

Access the personal data I hold about you
Update or correct your personal information
Delete your account and associated data
Unlink third-party accounts at any time
Disable push notifications at any time

8. Children's Privacy

MediaShelf is not intended for children. If you are located in the European Economic Area (EEA), the United Kingdom, or any other region that requires a higher minimum age for digital consent, you must be at least 16 years old to use MediaShelf. In all other regions, you must be at least 13 years old. I require date of birth and country verification during registration.

I do not knowingly collect personal information from children under these age thresholds. If a parent or guardian becomes aware that their child has provided me with personal information without their consent, they should contact me at support@media-shelf.com. If I become aware that a child under the applicable minimum age has provided me with personal information, I will promptly delete the account and associated data.

9. Changes to This Policy

I may update this Privacy Policy from time to time. If I make significant changes, I will notify users through the app or via email. Continued use of MediaShelf after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy or your data, contact me at support@media-shelf.com.