Privacy Policy
Last updated: April 7, 2026 · Effective: April 14, 2026
This Privacy Policy describes how Whiteflame Media LLC ("Whiteflame", "we", "our" or "us") collects, uses, shares and protects personal information when you visit whiteflame.net, use our applications, or otherwise interact with our curated short-film platform (collectively, the "Service"). By accessing the Service, you acknowledge that you have read and understood this Policy.
§ One — Who we areAbout us
Whiteflame Media LLC is a California limited liability company registered with the California Secretary of State under Entity No. 5826094, EIN 87-5103264, with its principal place of business at 1999 Harrison Street, Suite 1800, Oakland, CA 94612, United States. For the purposes of the EU/UK GDPR, Whiteflame Media LLC acts as the data controller of the personal data processed via the Service, unless expressly stated otherwise.
§ Two — What we collectThe information we keep
We only collect what we genuinely need to run the Service. The categories below describe the information we process:
- Account data: email address, display name, password (hashed), language and country preference, and — if you open a filmmaker or brand channel — the channel name, verification documents and a business contact.
- Profile data: optional avatar, bio, followed channels, watch lists, saved films and comments.
- Content data: films, captions, descriptions, thumbnails and press kits you upload as a filmmaker or brand channel.
- Usage data: which films you played, how long you watched them, where you stopped and what you searched for. This is what helps our human editors understand what the weekly program should look like.
- Device and log data: IP address, browser type and version, operating system, device identifiers, referring URL, timestamps and crash reports.
- Approximate location: derived from your IP address at the country/region level. We do not request precise GPS coordinates.
- Communications: messages you send to the editors, survey responses and similar correspondence.
We do not collect payment card data from viewers — watching on Whiteflame is free and there is no paid subscription. Filmmakers who contribute to the running costs are billed outside the consumer Service; related invoicing data is handled by our payment processors and is never stored in full on our servers.
§ Three — How we use itWhy we process your data
We use personal information for the following purposes:
- To operate, maintain and secure the Service, including authentication, abuse prevention and debugging.
- To prepare the weekly program, the permanent archive and editorial recommendations.
- To communicate with you about updates, security notices, policy changes and optional editorial newsletters.
- To verify filmmaker channels and enforce the Terms of Service.
- To comply with legal obligations, respond to lawful requests and protect the rights and safety of our users, our staff and the public.
- To generate aggregated, non-identifiable analytics about how the Service is used.
§ Four — Legal basesEEA and UK users
Where the EU/UK GDPR applies we rely on the following legal bases:
| Processing | Legal basis |
|---|---|
| Providing the Service, account administration | Contractual necessity (Art. 6(1)(b)) |
| Security, fraud prevention, debugging | Legitimate interests (Art. 6(1)(f)) |
| Editorial analytics and weekly program preparation | Consent (Art. 6(1)(a)) where required |
| Editorial newsletter and announcements | Consent, withdrawable at any time |
| Legal and regulatory compliance | Legal obligation (Art. 6(1)(c)) |
§ Five — SharingWho sees your data
We do not sell personal data. We share information only in the following circumstances:
- Service providers who process data on our behalf under strict contractual controls — hosting (Amazon Web Services EMEA and US-West-2), content delivery (Cloudflare, Inc.), transactional email (Postmark), error tracking (Sentry), product analytics (PostHog Inc.) and customer support (Front App, Inc.).
- Other users, but only for information you have made public, such as your display name, avatar, public comments and channel page.
- Authorities, when we are legally required to do so or to protect the rights, property or safety of Whiteflame, its users or the public.
- In a corporate transaction, such as a merger, acquisition or sale of assets, subject to appropriate confidentiality protections and notice where required.
§ Six — TransfersInternational data movement
Whiteflame is headquartered in the United States and our primary servers are located in the US and the European Union. When personal data leaves the EEA or the UK, we rely on Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum and, where applicable, adequacy decisions. A copy of the relevant transfer mechanism is available on request from privacy@whiteflame.net.
§ Seven — RetentionHow long we keep things
We keep personal data only as long as needed for the purposes described in this Policy. Account data is retained for as long as you keep your account plus up to 90 days for backups. Usage logs are retained for a maximum of 14 months. Trust & safety records (such as strikes for policy violations) may be kept for up to 36 months.
§ Eight — Your rightsWhat you can ask of us
Depending on where you live you may have the right to: access your personal data; correct inaccurate data; delete data; restrict or object to processing; port your data; and withdraw consent at any time. California residents additionally have the rights described in the CCPA/CPRA, including the right to know, delete, correct and limit the use of sensitive personal information, and the right not to receive discriminatory treatment for exercising those rights.
To exercise any of these rights please write to privacy@whiteflame.net or use the forms on our data deletion page. We will respond within 30 days (45 days for California residents where permitted).
§ Nine — ChildrenAge limits
The Service is not directed to children under the age of 13 (or under 16 in the EEA and the UK). We do not knowingly collect personal data from such children. If you believe a child has provided us with information please contact us and we will delete the data.
§ Ten — SecurityHow we protect data
We apply industry-standard technical and organisational measures: TLS 1.3 in transit, AES-256 at rest, role-based access control, single sign-on for staff, mandatory two-factor authentication, regular penetration testing and annual SOC 2 Type II audits. No system is perfectly secure — if we detect a breach that affects you we will notify you in line with applicable law.
§ Eleven — Third partiesExternal links
The Service may contain links to third-party websites (for example, a filmmaker's own website linked from their channel). We are not responsible for the practices of those third parties and recommend you read their own privacy notices.
§ Twelve — ChangesUpdates to this policy
We may update this Policy from time to time. Material changes will be announced on this page with a new effective date and, where appropriate, via email. Your continued use of the Service after the update constitutes acceptance of the new Policy.
§ Thirteen — ContactHow to reach us
Data Protection Officer — Whiteflame Media LLC
1999 Harrison Street, Suite 1800, Oakland, CA 94612, United States
Email: privacy@whiteflame.net
EU representative (Art. 27 GDPR): Ember EU Data Representation B.V., Leidsestraat 108, 1017 PG Amsterdam, Netherlands.