Cinemak
Sign in Download

Legal

Privacy Policy

Last updated: 2026-05-20

This Privacy Policy explains what personal data Mistral JS ("we", "us") collects when you use Cinemak — the desktop application, the website at cinemak.app, the web app at app.cinemak.app, and Cinemak Cloud (together, the "Service") — why we collect it, and how you can exercise your rights over it.

1. The short version

  • The desktop app records and edits your videos locally on your Mac. Your recordings are not uploaded anywhere unless you choose to share them through Cinemak Cloud.
  • We collect the minimum we need to provide accounts, process payments, and host shared videos.
  • We do not sell your data. We do not run third-party advertising trackers.
  • You can delete your account and your hosted videos at any time.

2. Data we collect

Account data

When you create an account we store your email address. We authenticate you by sending a one-time numeric code to that address — we do not store passwords. Sessions are kept active through secure HTTP cookies.

Payment data

Payments are processed by Stripe. Stripe collects and handles your payment-card details directly; we receive only a customer ID, a transaction ID, and the metadata we need to grant the right plan (for example, that you bought a Pro Lifetime licence on a given date). See the Stripe Privacy Policy for details.

Recordings and uploaded content

Videos you record with the desktop app live on your device. They are sent to our servers only if you explicitly upload them to Cinemak Cloud. Hosted videos are stored on Cloudflare R2 and served from Cloudflare's network. Viewer-engagement data on a video you have shared (view counts, watch duration, reactions, comments) is associated with your account.

Device data

The desktop app may store an anonymous installation identifier and your licence key locally so it can verify your plan and serve updates. This information is sent to our servers only when you sign in or when the app checks for an update.

Operational and security data

Like every web service, our servers receive standard request data — IP address, user agent, request path, timestamp — which we use to operate the Service, prevent abuse, and debug issues. We rely on Cloudflare for hosting, DNS, and bot protection (including Cloudflare Turnstile on sensitive forms).

What we do not collect

  • We do not run third-party advertising or behavioural-tracking scripts.
  • The desktop app does not phone home with telemetry about what you record.
  • We do not access the contents of your local recordings.

3. Why we use your data

  • Provide the Service: authenticate you, deliver licences, host the videos you upload, serve shared links.
  • Take payment: process purchases, manage subscriptions, send invoices and receipts.
  • Communicate: send transactional emails — sign-in codes, payment confirmations, important changes to the Service. We do not send marketing email without your explicit opt-in.
  • Operate and secure: detect abuse, debug, deliver software updates.
  • Comply with the law: respond to lawful requests, meet our accounting and tax obligations.

4. Legal bases (EU / EEA / UK users)

We process personal data on the following legal bases:

  • Performance of a contract — to provide the Service you have signed up for.
  • Legal obligation — to keep invoicing and tax records.
  • Legitimate interest — to keep the Service secure, prevent abuse, and improve reliability.
  • Consent — where required by law (for example, marketing email if we ever send any).

5. How long we keep your data

We keep account data for as long as your account is active. If you delete your account, we delete or anonymize associated personal data within 30 days, except where we are required to retain it (for example, invoices for accounting purposes, which are kept for the period required by applicable tax law).

Hosted videos are deleted when you delete them, when you delete your account, or when your Cloud subscription has been inactive for an extended period and we have notified you.

6. Sub-processors we rely on

We use a small set of trusted infrastructure providers:

  • Cloudflare — hosting, DNS, R2 storage, email routing, bot protection.
  • Stripe — payment processing and billing.

Each provider is bound by its own privacy commitments. We share with them only what is needed to provide their part of the Service.

7. International transfers

Our infrastructure is global. Data may be processed in countries outside your own, including the United States. When data leaves the EU / EEA, we rely on appropriate safeguards, such as the European Commission's standard contractual clauses.

8. Your rights

Depending on where you live, you may have the right to:

  • access the personal data we hold about you;
  • correct it if it is inaccurate;
  • delete it;
  • restrict or object to certain processing;
  • port it to another service;
  • lodge a complaint with your local data-protection authority.

To exercise any of these rights, email nettah.safi@gmail.com. We will respond within the time required by applicable law.

9. Cookies

We use a small number of strictly necessary cookies to keep you signed in and to protect against abuse (for example, the session cookie prefixed cinemak). We do not use cookies for advertising or cross-site tracking.

10. Children

The Service is not directed at children under 13 (or the equivalent minimum age in your country). We do not knowingly collect personal data from children.

11. Changes to this Policy

We may update this Policy from time to time. When we make material changes we will update the "Last updated" date and, where appropriate, notify you by email.

12. Contact

For any privacy question, write to nettah.safi@gmail.com.