Privacy Policy

Last updated: May 17, 2026

Webtor ("we," "our," or "us") values your privacy. This Privacy Policy explains how we handle your personal information when you use our service.

1. Information We Collect

1.1. From everyone who visits Webtor (including anonymous visitors). Even if you never sign in, the act of loading a page necessarily exposes some technical data:

  • Session identifier — a randomly-generated string stored in a first-party cookie named session. Used for CSRF protection, request continuity across pages, and (in hashed form) as the analytics distinct identifier described in §6 below. The raw value never leaves the cookie.
  • Request metadata — your IP address, user agent, requested URL, referrer, and timestamp, recorded in short-lived server access logs and reverse-proxy logs. Used for security, debugging, abuse mitigation, and rate-limiting. Not joined with any account-level data.
  • Streaming performance measurements — when the player runs an automatic bandwidth probe against our edge nodes, we record the destination IP of the node, the measured speed in Mbps, and the request URL. We do not store your source IP in this table. A one-time random session UUID groups the measurements of a single probe run.
  • Analytics page view — see §6.

1.2. If you sign in (Google, Patreon, or magic-link email). Authentication unlocks a richer set of features and the corresponding data:

  • Email address — collected when you sign in with Google, Patreon, or via magic-link. Used solely for authentication and subscription-related communication.
  • Personal library — content you save to your account, including its metadata (titles, file lists). You control what is added and removed.
  • Watch and rating history — when you mark movies or series as watched or rate them, we store a reference to the film identifier (e.g. IMDB id), your rating signal, and the watch timestamp.
  • AI recommendation queries — when you use the AI Discover feature, we process the text you type to generate personalized suggestions and to enforce daily usage limits.
  • Integrations — Stremio addon URLs, WebDAV credentials, embed domains, and streaming-backend API keys you choose to configure on your profile.

2. How We Use Your Information

  • Session identifier & request metadata — to keep you signed in, defend against forgery, route streaming traffic to the closest edge node, rate-limit abusers, and reproduce bug reports. Legal basis: legitimate interest in delivering and securing the service (Art. 6(1)(f)) plus the strictly-necessary-cookie exemption of ePrivacy Art. 5(3).
  • Streaming performance measurements — to choose the right server, surface speed-based suggestions, and detect degraded edges. Legal basis: legitimate interest (Art. 6(1)(f)).
  • Email — to authenticate your account and communicate about your subscription. Legal basis: contract performance (Art. 6(1)(b)).
  • Library, watch history & ratings — to power the "continue watching" feature, to display your watched/rated state across the interface, and to ground AI recommendations in your actual taste. Legal basis: contract performance (Art. 6(1)(b)).
  • AI queries — to generate film suggestions via our AI provider (see §3) and to manage your daily request quota. Legal basis: contract performance for the feature you invoked (Art. 6(1)(b)).
  • Integrations data — to operate the Stremio addon, WebDAV server, embed playback, and external streaming backends you configured. Legal basis: contract performance (Art. 6(1)(b)).
  • Analytics page views — see §6.

3. Data Sharing

We do not sell, rent, or share your email address with third parties, except as required by law.

When you use the AI Discover feature, your recent watch history (film titles, release years, and rating signals — up to 40 entries) along with your query text are sent to Anthropic, PBC, our AI provider, to generate personalized recommendations. No email address, user identifier, IP address, or any other personally identifiable information is included in these requests. Anthropic processes this data under their API data usage policy, which prohibits training on API inputs.

International transfer. Anthropic is established in the United States, so AI Discover requests are transferred outside the European Economic Area. The transfer relies on Anthropic's certification under the EU–US Data Privacy Framework as the lawful basis under GDPR Articles 44–46. Because the payload contains no identifiers, no part of the transfer maps back to an individual user on Anthropic's side.

When data is sent. AI Discover generates personalised suggestion chips automatically whenever you open the Discover page, using your recent watch history and watchlist as input — that initial chip load is the first request to Anthropic and happens before you tap anything. Further interactions (tapping a chip, refreshing the chip set, or typing a free-form query) trigger additional requests. Exception: if you have no watch history and no watchlist entries, a static cold-start set is shown instead and no data is sent to Anthropic. If you would prefer not to use AI Discover at all, simply do not visit the Discover page; nothing on the rest of the site triggers calls to Anthropic.

4. Data Storage, Security & Retention

Your data is stored securely on infrastructure operated by OVH (European Union) and protected against unauthorized access. Watch history, library entries, and AI usage data are associated with your account and are not publicly accessible.

Retention. We keep account-linked data only for as long as your account exists:

  • Profile, library, watch history, ratings, watchlists, integrations — retained while your account is active; removed immediately and irreversibly when you delete the account.
  • AI Discover queries — not stored on our side beyond the duration of the request. Anthropic retains API inputs and outputs for up to 30 days for abuse-detection purposes, then auto-deletes (see their privacy policy).
  • Daily AI quota counters — ephemeral, kept in memory for at most 24 hours and rolled over at UTC midnight; never written to long-term storage.
  • Server access logs — short-lived operational logs containing IP, user agent and requested URL are kept for up to 30 days for debugging and abuse mitigation, then rotated out.
  • Session cookie — the session cookie expires when its server-side record is rotated; in practice this means it is cleared when you sign out or after at most 30 days of inactivity.
  • Streaming performance measurements — destination IP, speed, and request URL of bandwidth probes are kept indefinitely as aggregate routing-quality data. They do not contain your source IP and cannot be tied to a user account.
  • Umami analytics events — retained for up to 12 months and then aggregated/rolled up. See §6 for the identifier used.
  • Blocked content references — when content is removed for violating §3.1 of our Terms of Service, the offending torrent hash and minimal action metadata are retained indefinitely to prevent re-upload. This data is not linked to your account.

5. Data Deletion & Portability

You can delete your account and all associated data (including watch history and AI usage data) at any time from your profile page.

You can also download a machine-readable copy of everything we hold on your account — profile, library, watch history, ratings, watchlists, settings, integrations and (where applicable) vault transactions — via the Download my data button on the profile page. The export is delivered as a single JSON file (GDPR Article 20).

6. Analytics

We use Umami, a privacy-focused, self-hosted analytics tool, to understand how visitors use Webtor (page views, conversion funnels, feature adoption). Umami runs on our own infrastructure; no analytics data leaves it.

How pageviews are attributed. Each pageview is tagged with a pseudonymous identifier derived from your session cookie via a one-way SHA-1 hash (UUID v5). Umami never sees your raw cookie value, your IP address, your email, or any other directly identifying field. The same hashed identifier stays stable for the lifetime of your session cookie, which means that if you start anonymously and later sign in, your earlier anonymous pageviews are attributed to the same browser identity in our analytics. We use this only to understand whole-funnel behaviour (e.g. "how many of yesterday's anonymous Discover visitors signed up?"). We do not use it to profile individuals, retarget you with ads, sell to third parties, or feed it back into any algorithmic ranking shown to users.

Under GDPR, this pseudonymous identifier is still personal data (Recital 26). The legal basis for processing it is our legitimate interest in measuring our own service (Article 6(1)(f)), balanced against the limited intrusion: the data is self-hosted, not sold, not combined with profiling. You can opt out client-side at any time by blocking umami.js through any standard content blocker (uBlock Origin, Privacy Badger, Brave's built-in shields, etc.); the rest of the service continues to work normally.

7. Cookies

We use only strictly-necessary first-party cookies — no tracking, advertising, or profiling cookies are set by Webtor. The following cookies may be present when you use the service:

  • Session and authentication (session, sAccessToken, sFrontToken, st-last-access-token-update) — keep you signed in and protect requests against forgery. Cleared on sign-out.
  • Language preference (lang) — remembers your interface language. Initialised from your browser's Accept-Language header on first visit and updated whenever you switch language manually.
  • Service delivery (INGRESSCOOKIE) — keeps your connection pinned to the same backend server so streaming sessions stay consistent.
  • Bot protection (cf_clearance, set by Cloudflare) — confirms you have passed our automated abuse-protection challenge.

All cookies above qualify for the "strictly necessary" exemption of the ePrivacy Directive (Article 5(3)) and therefore do not require a consent banner. Our analytics provider (Umami) does not use cookies at all.

8. Contact & Your Rights

Under the GDPR (and equivalent local laws), you have the right to access the personal data we hold about you, to rectify inaccurate data, to request deletion, to object to processing, and to receive a portable copy of your data. The first two and the last two can be exercised directly from your profile page (delete account, download my data).

For any other privacy-related request — including data access, rectification, objection, or complaints — contact us at [email protected] or via our support page. We aim to respond within 30 days, as required by GDPR Article 12(3). You also have the right to lodge a complaint with your local data-protection authority.

9. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated revision date.