Privacy Policy

1. Introduction

Welcome to Million Dollar Film Club ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and make donations through our platform.

By using our website and services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide to us when you:

• Make a donation: First name, last name, email address, and payment information (processed securely by Stripe)
• Contact us: Name, email address, and message content
• Share with friends: Email addresses of friends you wish to invite (with your consent)

2.2 Automatically Collected Information

When you visit our website, we automatically collect certain information:

• Device information: Browser type, operating system, device type
• Usage data: Pages viewed, time spent on pages, referral sources
• IP address: For security, fraud prevention, and analytics
• Cookies: Small data files stored on your device (see Section 6)

2.3 Payment Information

We do not store your credit card information. All payment processing is handled securely by Stripe, a PCI DSS Level 1 compliant payment processor. Stripe's privacy policy can be found at https://stripe.com/privacy.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Process donations: To facilitate your donations and maintain transaction records
• Communication: To send donation confirmations, updates about the project, and respond to your inquiries
• Leaderboard and statistics: To display aggregated donation data and referral information (using first name and last initial only)
• Referral program: To send invitation emails to friends you've designated
• Analytics: To understand how users interact with our website and improve our services
• Security: To detect, prevent, and address fraud, abuse, and security issues
• Legal compliance: To comply with legal obligations and enforce our terms

4. How We Share Your Information

We may share your information in the following circumstances:

4.1 Service Providers

• Stripe: Payment processing (see Stripe's privacy policy)
• Firebase/Google Cloud: Database and hosting services
• Resend: Email delivery service
• Vercel: Website hosting and infrastructure

These service providers have access to your information only to perform tasks on our behalf and are obligated to protect your information.

4.2 Public Information

Your first name and last initial may be displayed publicly on our leaderboard if you participate in our referral program. The amount of your donation and referral count may also be displayed. Your full name, email address, and other personal information are never displayed publicly.

4.3 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, or government regulations).

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. Specifically:

• Donation records: Retained for 7 years for tax and accounting purposes
• Contact form messages: Retained for 2 years or until resolved
• Analytics data: Retained for 26 months

You may request deletion of your personal information at any time (see Section 8).

6. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience on our website. Cookies are small data files stored on your device that help us:

• Remember your preferences and settings
• Track referral links and attribute donations correctly
• Analyze website usage and performance
• Prevent fraud and improve security

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our website.

7. Data Security

We implement industry-standard security measures to protect your personal information, including:

• SSL/TLS encryption for data transmission
• Secure cloud storage with Firebase
• PCI DSS compliant payment processing via Stripe
• Regular security audits and updates
• Access controls and authentication
• Rate limiting and bot protection

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your information.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

8.1 General Rights

• Access: Request a copy of your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information (subject to legal requirements)
• Opt-out: Unsubscribe from marketing emails at any time

8.2 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information
• Right to non-discrimination for exercising CCPA rights

Note: We do not sell your personal information to third parties.

8.3 European Residents (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including:

• Right to access, rectify, or erase your personal data
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

8.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@milliondollarfilmclub.com. We will respond to your request within 30 days.

9. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we discover that we have collected information from a child under 18, we will delete it immediately.

If you believe we have inadvertently collected information from a child, please contact us immediately.

10. Third-Party Websites

Our website may contain links to third-party websites (such as PROOF Film Festival, American Cinematheque, etc.). We are not responsible for the privacy practices of these websites. We encourage you to review their privacy policies before providing any personal information.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using our services, you consent to the transfer of your information to the United States and other countries where our service providers operate.

We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date at the top of this policy
• Sending an email notification (for significant changes)

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: