swholocron.app

Privacy Policy

Last updated: 29 May 2026

Introduction

Holocron (“we”, “us”, “our”) is a Progressive Web App presenting the complete Star Wars canon streaming catalogue as a chronological visual timeline. This Privacy Policy explains what personal data we collect when you use Holocron, how we use it, and what rights you have over it.

By using Holocron, you agree to the collection and use of data in accordance with this policy. You can use the app's core features — browsing the timeline, filtering content, and reading descriptions — without creating an account or providing any personal data.

Data We Collect

We only collect data that is necessary to provide the features you choose to use.

If you create an account

Email address — used to identify your account and send password-reset emails. We never use your email for newsletters or marketing.
Watch history — which titles, seasons, and episodes you have marked as watched. Stored privately and accessible only to your account.
Comments — personal notes you add to content items. All comments are private — only you can read them. Comment text is stored as plain text (HTML is stripped server-side before storage).

If you consent to analytics

Page views — which pages you visit and in what order, collected via Google Analytics 4. IP addresses are anonymized before transmission.
Device and browser information — browser type, operating system, screen resolution, and language, as reported by Google Analytics. No fingerprinting beyond what GA4 collects.

Analytics are only activated after you explicitly choose “Accept all” in the cookie consent banner. You can withdraw consent at any time from Settings › Legal.

Cookies & Local Storage

Essential cookies (always active)

Authentication session cookie — an httpOnly, Secure, SameSite cookie set by Supabase when you sign in. It contains a session token, not your password. This cookie is required for your logged-in state to persist across page loads. Expires when you sign out or after 1 week of inactivity.

Local storage (essential preferences)

Theme preference (holocron_theme) — stores your chosen visual theme (e.g. Jedi, Sith). Never leaves your device.
Cookie consent choice (holocron_consent) — records whether you accepted or declined analytics cookies. Never leaves your device.
PWA install dismissal (holocron_install_dismissed) — records whether you dismissed the install prompt. Never leaves your device.

Analytics cookies (only if you consent)

Google Analytics 4 — sets _ga and related cookies to distinguish unique visitors and sessions. For details see Google's Privacy Policy.

How We Use Your Data

To operate your account and remember your authentication state across sessions.
To store and retrieve your personal watch history and private comments.
To send password-reset emails when you request them.
To understand how the app is used and improve it (analytics — only with your consent).

We do not use your data for advertising, profiling, or any purpose beyond operating the app.

Data Storage & Security

Account data (email, watch history, comments) is stored in a PostgreSQL database hosted by Supabase. Supabase is SOC 2 Type II certified and stores data in data centres within the European Union (Frankfurt region).

All data at rest is encrypted by Supabase. All data in transit uses TLS 1.2 or higher. Row-Level Security (RLS) policies are applied to all user tables — your watch history and comments are only accessible to your own authenticated session.

Content images are delivered via Cloudinary. Cloudinary is used for image delivery only — no personal data is sent to or stored by Cloudinary.

Third-Party Services

Holocron uses the following third-party services. We do not sell your data to any third party.

Service	Purpose	Data shared
Supabase	Database & authentication	Email, watch history, comments, session tokens
Cloudinary	Image CDN	None (anonymous CDN requests only)
Google Analytics 4	Usage analytics (consent-gated)	Anonymized IP, page views, device info
Vercel	Hosting & edge delivery	IP address (request logs, 30-day retention)

Data Retention

Account data — retained for as long as your account exists. Deleting your account from Settings › Account permanently removes your email address, watch history, and all comments. This action is irreversible.
Analytics data — retained by Google Analytics for 14 months, per our GA4 configuration.
Vercel request logs— retained for approximately 30 days as part of Vercel's standard platform logging.

Your Rights

You have the following rights regarding your personal data:

Access — your watch history and comments are available in the app at any time while logged in.
Correction — you can update your email address from Settings › Account.
Deletion — you can permanently delete your account and all associated data from Settings › Account › Delete Account.
Withdraw analytics consent — change your cookie preference at any time from Settings › Legal › Cookie Preferences.

Changes to This Policy

We may update this Privacy Policy when the app's data practices change. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of Holocron after any update constitutes acceptance of the revised policy.

Contact

Questions about this Privacy Policy? Contact us at privacy@swholocron.app.