Privacy
Couch is a free family app for picking what to watch together. We don't run ads, we don't sell data, and we don't share your activity with anyone outside the small list of services named below. Your couch isn't anyone's data.
1. What this covers
This policy explains what Couch (the website at couchtonight.app, the iOS app, the Android app, and the installable PWA) collects, why we collect it, and the third parties involved. By using Couch you agree to this policy alongside the Terms of Service.
2. The short version
| What | Where it lives | Who sees it |
|---|---|---|
| Your account (email, display name, auth method) | Firebase (Google Cloud) | You + Couch |
| Your family code, members, votes, queue, watchparties, pick'em picks | Firestore (Google Cloud) | You + your family + Couch |
| Movie/show metadata (titles, posters, runtimes, where-to-watch) | Fetched from TMDB | TMDB sees your IP at fetch time |
| Watch history sync (optional) | Trakt (your account) | Trakt — only if you explicitly connect |
| Crash + error reports (PII removed before send) | Sentry | Couch only |
| Push notifications | Firebase Cloud Messaging + Apple Push / web-push providers | Apple / Google for delivery |
| Anything we sell to advertisers or data brokers | — | Never |
| Location, contacts, browsing history outside Couch | — | Never collected |
3. Account data
To save your progress across devices and sync with the people on your couch, Couch creates an account. Depending on which sign-in method you choose, the data we receive is:
- Email link: your email address.
- Phone: your phone number.
- Sign in with Google: Google sends us your email address, display name, and a stable user ID. Google sees that you signed into Couch.
- Sign in with Apple: Apple sends us a stable user ID and (if you allow it) your email — or a private relay address that forwards to your real email. Apple sees that you signed into Couch.
You pick the display name shown to your family. We don't collect age, address, payment info, government ID, contact lists, or precise location.
4. Family data
Couch is built around small shared spaces called families. When you join one, your votes, mood tags, vetoes, watchparty reactions, RSVPs, queue items, and pick'em picks are visible to other members of that family. That's the whole point of the product.
Family data lives in Google Cloud Firestore in the United States and is gated by per-family security rules so other Couch users (outside your family) can't read it.
Photos in post-watchparty albums
If your family creates an album for a watchparty, the photos you upload are stored in Google Cloud Storage scoped to your family. Only family members see them. We never use your photos for training, advertising, or any purpose outside your family's album.
5. Third-party services we use
Firebase (Google Cloud)
Firebase Authentication, Firestore, Cloud Functions, Cloud Storage, Cloud Messaging, and Hosting power Couch's backend. Google processes your account credentials, family data, files, and push notification tokens on our behalf as a data processor. See Firebase Privacy.
The Movie Database (TMDB)
Movie and TV metadata (titles, descriptions, posters, runtimes, where-to-watch availability) come from TMDB's public API. When Couch fetches metadata, your device's IP address and a TMDB API key are sent to TMDB. We don't share your account info, your votes, or who's on your couch with TMDB. See TMDB Privacy Policy.
Trakt (optional)
If you choose to connect Trakt, Couch uses OAuth to read your watch history so we can show what you've already seen. The Trakt connection is opt-in, scoped to read-only history, and you can disconnect at any time from Account → Sync. We don't share Couch family data with Trakt. See Trakt Privacy.
Sentry (crash + error reports)
When Couch crashes or hits an unexpected error, we send a diagnostic report to Sentry. Before sending, we strip the user ID, email, family codes, and any tokens from the URL. The report contains the JavaScript stack trace, the page URL (with sensitive parameters redacted), and the browser/OS string. We use these reports to fix bugs. We do not use Sentry for analytics, behavioral tracking, or session replay. See Sentry Privacy.
Push notification delivery
Push notifications about watchparties, intent matches, vetoes, and similar events are delivered by Firebase Cloud Messaging (which uses Apple Push Notification service on iOS and Google Cloud Messaging on Android). To deliver a notification, the platform receives a notification token associated with your device — not the contents of your account. You can turn notifications off entirely in your device settings or per-event in Account → Notifications.
6. What we don't do
- We don't show ads.
- We don't sell, rent, or trade your data with anyone.
- We don't track you across other apps or websites.
- We don't use third-party analytics, fingerprinting, advertising SDKs, or session-replay tools.
- We don't use your data, photos, or messages to train AI models.
- We don't cooperate with data brokers.
7. Children
Couch is intended for general audiences, not specifically for children under 13. The app includes a "Kids on the couch tonight" mode that hides titles above a chosen age tier from the matches list — that's a content filter, not a separate kid account. Account creation requires you to be the legal age of majority in your region (or a parent/guardian acting on a child's behalf).
If you believe a child under 13 has created an account without parental consent, contact us at support@couchtonight.app and we'll delete the account.
8. Your choices
See your data
Open Couch → Account. Most of what we have about you is visible there: your email, display name, the families you belong to, your queue, your watch history (if Trakt is connected), and your notification preferences.
Delete your account
Account → Delete account. Self-serve, no waiting. We immediately mark your account as deleted, remove your name from family rosters, and a scheduled job permanently removes your data within 30 days. Family data you helped create (votes, watchparty reactions, etc.) stays in the family's history because other members rely on it — but it's no longer associated with your name.
Sign out
Account → Sign out. Your data stays put; you can sign back in anytime.
Disconnect Trakt
Account → Sync → Disconnect Trakt. We delete the OAuth token immediately; Trakt's own data is unaffected (manage that in Trakt's settings).
Turn off push notifications
Account → Notifications. Granular per-event, or all-off in your device's notification settings.
9. Security
Couch uses HTTPS everywhere. Family data is gated by Firestore security rules so only authenticated members of your family can read or write it. Sign-in is handled by Firebase Authentication; passwords (when applicable) are never stored by Couch — only by Firebase using industry-standard hashing. Sentry receives diagnostics with PII stripped before send.
No system is perfectly secure. If you discover a vulnerability, please email security@couchtonight.app and we'll respond promptly. Please do not exploit it or share it publicly until we've had a chance to fix it.
10. Where data lives
Couch's backend runs on Google Cloud servers in the United States. If you use Couch from outside the US, your data is transferred to and processed in the US. By using Couch you consent to this transfer.
11. How long we keep data
Account and family data is kept for as long as your account exists. When you delete your account, we erase your personal data within 30 days (some backups may persist for an additional 30 days before rolling off). Trakt OAuth tokens are deleted immediately on disconnect. Sentry crash reports are retained for 90 days.
12. Changes to this policy
If we change anything material, we'll update the "Last updated" date at the top and, when the change is significant, surface a notice in the app the next time you open it. The current version is always at couchtonight.app/privacy.
13. Contact
Questions, requests, or complaints: support@couchtonight.app.