Privacy Policy

FilmConnector is operated by [LEGAL ENTITY NAME] (referred to as "FilmConnector", "we", "us", "our").

We act as the data controller for the personal data we process about our subscribers, the people they invite as collaborators, our website visitors, and the people who contact us. In some cases (described in Section 7), we act as a data processor on behalf of our subscribers.

This policy applies to:

• The FilmConnector website (filmconnector.app and any subdomains).
• The FilmConnector web and mobile applications (subscriber accounts, the strategy creator, submission tracker, project workspaces, and related features).
• Communications between you and us (email, customer support, calendar bookings).

It does not cover third-party services we link to but do not operate (for example, the websites of the festivals you submit your film to). Those services have their own privacy policies — please consult them directly.

We collect the data described below. For each category we explain the kind of information involved and where it comes from.

We collect data through three routes:

• Directly from you — when you sign up, complete your profile, create projects, invite collaborators, build a strategy, contact support, or book a call.
• Automatically through your use of the service — analytics, cookies, technical logs, AI feature inputs.
• From third parties — Stripe for billing confirmations; VIES for VAT validation; festival platforms for submission decision data when our integrations support it; and, where you grant explicit permission, public film databases (TMDB, Letterboxd) for catalogue enrichment.

We process personal data only when we have a clear lawful basis under GDPR. The summary below maps each purpose to its basis.

Where we rely on legitimate interests, we have balanced our interest against your rights and concluded that the processing does not override them. You can ask us about that balancing test at any time — write to integrations@filmconnector.app.

Where we rely on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

We do not process special category data (health, racial or ethnic origin, religious beliefs, biometric data) in the ordinary course of providing FilmConnector. Please do not include such data in project notes, synopses, or submission records unless it is essential to the film and you have a clear lawful basis to share it.

To run FilmConnector we rely on a small number of carefully chosen subprocessors. Each is contractually bound by GDPR-compliant data processing terms.

We may share data with festival platforms when you instruct us to forward a submission. The data shared is the data the festival requires (typically: film title, runtime, synopsis, contact email, screener link). Each festival's privacy policy then governs what they do with it.

We may also share data with our professional advisors (lawyers, accountants, auditors) under confidentiality, and with public authorities when required by law (court order, regulatory request, fraud or security investigation).

We do not sell your personal data. We do not allow our subprocessors to use your data for their own marketing.

A current, full list of subprocessors is maintained at [/legal/subprocessors] and updated when changes occur. Material changes are announced in advance by email to active subscribers.

This section is important. FilmConnector projects support up to 5 collaborators per project (more available as paid add-ons). Collaborators are typically the producer, director, director's assistant, a national promotion agency, a funder, a co-producer, or a publicist.

When you invite a collaborator, you make a decision about another person's personal data. In legal terms:

• You are the data controller for the relationship with that collaborator.
• FilmConnector is your data processor for that collaborator's personal data, acting on your instructions.

This means a few practical things:

• You should only invite collaborators who have a legitimate reason to see the project's information and who have a reasonable expectation that they would be invited.
• You should inform the collaborator that the project is hosted on FilmConnector and how their data will be used.
• If a collaborator asks us to delete their data, we will route the request to you (the controlling subscriber) and act on your instruction. We will only act unilaterally if the collaborator has a clear right that supersedes your instruction (for example, GDPR-grounded erasure that you fail to act on).
• When your subscription ends or you remove a collaborator, the collaborator loses access to the project. We retain the audit trail (who was invited, when, by whom) for the period set out in Section 9.

The Subscription Terms include a Data Processing Addendum that formalises this controller/processor relationship.

Most of our processing happens within the European Economic Area. Some of our subprocessors (notably Stripe's group entities, the email provider, and AWS for redundancy) may process data outside the EEA, primarily in the United States.

For any transfer outside the EEA we rely on one or more of the following safeguards:

• Standard Contractual Clauses approved by the European Commission.
• Adequacy decisions where they apply (for example, the EU-US Data Privacy Framework where our subprocessor is certified).
• Supplementary technical measures such as encryption in transit and at rest.

If you'd like a copy of the safeguards that apply to a specific transfer, write to integrations@filmconnector.app and we will provide it.

We keep your data only as long as we need it. Broadly:

Where data must be kept for legal reasons beyond the period you would prefer, we restrict access and stop using it actively as soon as we can.

We take security seriously without making promises we cannot keep. The measures we have in place include:

• Encryption in transit for all communication with the FilmConnector application (TLS).
• Encryption at rest for the application database (Supabase / AWS-managed encryption).
• Hashed and salted passwords — we never store, log, or transmit your plaintext password.
• Access controls — only authorised members of the FilmConnector team have administrative access, and access is logged.
• Subprocessor selection — we only work with vendors that meet our security and GDPR-compliance criteria.
• Data minimisation — we collect only what we need.
• Incident response procedure — we have a written process for detecting, containing, and notifying data breaches in line with GDPR Art. 33-34 (notification to the Belgian DPA within 72 hours of becoming aware of a personal data breach where required, and notification to affected users where the breach is likely to result in a high risk to their rights).

No security system is perfect. If a breach affects your data and is likely to create a high risk to your rights, we will tell you what happened, what we are doing about it, and what you can do.

Under GDPR you have the following rights, exercisable at any time and free of charge in most cases.

How to exercise your rights: write to integrations@filmconnector.app with a clear description of your request. We will respond within one month (extendable by two months if the request is complex, with notice to you within the first month).

Right to complain to the Belgian Data Protection Authority:

You can also complain to the data protection authority of your country of residence within the EU.

FilmConnector is a professional tool for filmmakers, sales agents, and festival strategists. It is not directed at people under 18 and we do not knowingly create accounts for them.

Belgian law sets the digital age of consent at 13. We choose 18 as our threshold because the platform involves contractual relationships, payments, and rights management that are most appropriately handled by adults.

If we learn that we have inadvertently collected personal data from a person under 18, we will delete it as soon as practicable. If you believe a person under 18 has registered, please write to integrations@filmconnector.app.

We use cookies and similar technologies to make the service work, to remember your preferences, and (with your consent) to understand how the platform is used. Cookies fall into three categories:

• Strictly necessary cookies — required for the site to work (authentication, security, session management). These do not require your consent.
• Preference cookies — remember your billing toggle (monthly/annual), language, theme. Set with consent.
• Analytics cookies — help us understand which features are used and where users hit friction. Set only with consent and easy to opt out of.

We do not use advertising cookies. We do not run third-party advertising on the platform.

A separate Cookie Policy documents the specific cookies we set, their purpose, and their expiry. The cookie consent banner you see on your first visit is the legal point of consent — you can revisit your choices any time via the "Cookie preferences" link in the footer.

In Phase 1 of FilmConnector (the period this policy is published in), we do not process your data with AI for decision-making purposes.

When AI features ship in Phase 2 (target 2027), the following commitments apply:

• AI features process only the data you choose to submit to them (a synopsis, a project description, a list of festivals you are considering).
• We do not use your project content to train third-party foundation models without explicit, separate consent.
• We do not make solely automated decisions about you that produce legal effects or similarly significantly affect you. Suggestions and rankings the AI produces are recommendations — you remain the decision-maker on every submission.
• You can opt out of AI features at any time in your account settings, and your project will continue to function with the manual workflow.
• AI inputs and outputs follow the retention schedule in Section 9.

This section will be updated when Phase 2 ships, and the change will be communicated in advance.

We may update this policy as our service evolves, as the law changes, or as we add new subprocessors or features. When we do:

• The new version will be published on this page with a revised "Last updated" date.
• Material changes (new categories of data, new lawful bases, new countries of processing, substantive changes to retention) will be announced by email to active subscribers at least 30 days before they take effect.
• Continued use of FilmConnector after a material change indicates acceptance, but you can always cancel and exercise your erasure rights if you disagree.

A history of versions is kept internally for compliance purposes. Older versions are available on request.

For any privacy question, request, or concern:

We aim to reply within five working days for general questions and within one month (extendable by two months for complex cases, with prior notice) for formal Data Subject Requests.