pular para o conteúdo

last updated: july 2026

privacy policy

passport is built by people who hate dark patterns. here's the deal, in plain words: everything about you as a person — your library, your email, your identity — is never for sale, never shared, never used to train ai. what we do publish and license is anonymous statistics about taste: big-picture numbers like “fans of x also read y,” never traceable to anyone, with hard rules in section 5.

1. what we collect

  • account info — your email address, display name, username, and avatar (either from your oauth provider or uploaded by you).
  • authentication — oauth tokens from google, discord, or apple. we never see or store your password.
  • media library data — what you add to your library, ratings, reviews, favorites, lists, and notes.
  • usage data — basic analytics like page views and which features get used. no cross-site tracking.
  • imports — when you connect an account or upload a file (steam, letterboxd, apple music, anilist, and others), the data is processed and stored as library entries on your account.

2. how we use it

  • to run the service — your library, profile, achievements, and compatibility scores.
  • to improve passport based on what people actually use.
  • to produce aggregate taste statistics — big-picture numbers like “people who love outer wilds also read sci-fi.” hard rules in section 5.
  • we do not sell or share your individual data — your library, your reviews, your email, your identity — with anyone, for any purpose, ever.
  • we do not show ads.
  • we do not use your library, reviews, or ratings to train ai — and we never license them to anyone who would.

3. where data is stored

  • supabase — our postgresql database and authentication infrastructure (us-west, oregon, usa).
  • hetzner — application hosting (hillsboro, oregon, usa).
  • cloudflare — dns and cdn (global edge network).

passport is operated from the united states and your data is stored and processed there. if you're in the eu, uk, or elsewhere, you consent to that transfer; we rely on standard contractual clauses and equivalent safeguards where they apply.

4. third-party services

  • authentication — google, discord, apple (oauth).
  • media data — igdb/twitch, tmdb, watchmode, anilist, myanimelist, musicbrainz, the cover art archive, apple music, the itunes search api, wikidata, google books, openlibrary, and hardcover.
  • hosting — hetzner, supabase, cloudflare.
  • email — resend, for transactional mail and the weekly digest.
  • analytics — posthog, for privacy-friendly product analytics. no cross-site tracking.
  • ai processing— when you import from a screenshot, we send that image to anthropic (claude) to read the titles in it, and we use anthropic to screen profile text and images for abuse. these are one-off processing calls — your data isn't used to train any ai model, theirs included.
  • bot protection — we use cloudflare turnstile on the sign-up and sign-in forms to block automated abuse. turnstile runs invisibly in your browser and may collect technical data (ip, user agent, basic browser signals) per the cloudflare turnstile privacy addendum.

5. aggregate statistics

passport sits on something rare: a picture of how taste connects across games, movies & tv, books, and music. we publish research built on that picture — trend reports, “fans of x also love y” numbers — and we may license those statistics to studios, publishers, journalists, and researchers.

the hard rules, none of them negotiable:

  • aggregates only. a statistic is a count or a percentage across a group of people. it never contains your name, username, email, library, reviews, or anything traceable to you.
  • minimum crowd of 100. no statistic is published or licensed unless it describes at least 100 people. below that, the number doesn't exist for the outside world.
  • hidden entries stay out. anything you mark hidden never enters any statistic.
  • private libraries stay out. if your library is set to private, it doesn't enter our statistics at all.
  • no individual records, ever. nobody can buy, license, or request data about a single person. there is no such product, and there won't be.
  • de-identified means de-identified. we keep our statistics de-identified, we never try to re-identify anyone from them, and every license we sign forbids the licensee from trying. this is our formal commitment under laws like the ccpa.
  • you can opt out entirely. email us and we'll exclude your library from all published or licensed statistics. a settings toggle for this is coming.

to be clear about the boundary: browsing public passports on the site is the service itself and follows each person's visibility settings. “statistics” means the de-identified numbers described here — those are the only thing passport may license externally.

6. data sharing

we never sell or share individual-level data with anyone, for any purpose. the infrastructure providers above process data on our behalf, not for their own use. the only thing passport may publish or license externally is the aggregate statistics described in section 5 — anonymous numbers with a 100-person floor.

7. data retention

we keep your data while your account is active. when you delete your account, your passport, library, and associated data are removed from our database, and any copies in our encrypted backups cycle out within 7 days. we may keep minimal records longer where security or law requires it.

8. security

we protect your data with encryption in transit and at rest, strict access controls, and standard security headers. no system is perfectly secure, but we treat your data as if it were our own. if we ever discover a breach that affects you, we'll notify you and the relevant authorities as required by law.

9. your rights

  • you can request a full export of your data — email us and we'll send it over.
  • you can delete your account and all associated data at any time from your settings.
  • you can email us at support@passportdex.com for anything privacy-related.
  • if you're in the eu or uk: we process your data to run the service (contract) and to produce anonymous aggregate statistics (legitimate interest). you object to the latter by emailing us — we'll exclude your library from all statistics.

depending on where you live — for example the eu/uk under gdpr, or california under ccpa — you have the right to access the data we hold about you, get a copy of it, correct it, delete it, and object to or restrict certain processing. we don't sell or share your personal information, so there's nothing to opt out of there. aggregate statistics (section 5) are de-identified and contain no personal information. to exercise any of these, email support@passportdex.com and we'll respond within 30 days. you also have the right to complain to your local data protection authority.

10. cookies

supabase auth uses cookies to keep you signed in, and posthog sets a first-party analytics cookie to count your visits across page loads. we don't set third-party or cross-site tracking cookies.

11. children

passport is not intended for users under 13. if you believe a child has created an account, email us and we'll remove it.

12. changes

we may update this policy from time to time. the “last updated” date at the top of this page reflects the most recent change.

13. who we are

passport is operated by Passport App LLC, 30 N Gould St Ste N, Sheridan, WY 82801, USA. for the purposes of gdpr and similar laws, Passport App LLC is the data controller of the personal data described in this policy.

14. contact

questions, concerns, or data requests? email support@passportdex.com.

legal notices: legal@passportdex.com.

point of contact under the eu digital services act (for authorities and users): legal@passportdex.com

previous versions: june 2026