Legal

Privacy Policy

Last updated: May 17, 2026. This page explains how MIKIAT handles personal data for account, anime tracking, recommendation, and AI features.

Controller And Contact

MIKIAT is operated by the owner of this deployment. Before production, replace this paragraph with the controller's legal name, postal address, and a working privacy contact email. GDPR transparency rules require users to know who controls their data and how to exercise their rights.

Data We Collect

  • Account data: display name, email address, hashed password, role, email verification status, and account timestamps.
  • Anime data: watchlist entries, watched episodes, ratings, notes, public profile setting, personality results, and saved insights.
  • Security and account recovery data: verification tokens, reset tokens, and expiry timestamps. Tokens are stored in hashed form.
  • Usage data: daily AI request counters used to enforce feature limits.
  • Technical data: the authentication cookie required to keep you signed in, plus browser theme/personality preferences stored locally on your device.

Why We Use It

  • To create and secure your account, verify your email, let you sign in, and reset your password.
  • To provide the watchlist, public profile, recommendations, search, and insight features.
  • To prevent abuse, enforce daily AI limits, debug operational issues, and keep the service reliable.
  • To send essential transactional emails such as verification and password reset messages.

Legal Bases

  • Contract: account creation, login, watchlist storage, public profile controls, and core product features.
  • Legitimate interests: security, abuse prevention, service diagnostics, and basic operational analytics such as AI usage limits.
  • Consent: optional non-essential cookies or analytics, if they are added later. MIKIAT currently does not require a marketing cookie banner for the necessary auth cookie.
  • Legal obligation: records or disclosures required by applicable law.

Service Providers

  • Database hosting stores account and watchlist data.
  • SMTP email infrastructure sends verification and password reset emails.
  • Google Gemini may process prompts and generated context for AI-powered features.
  • AniList/Jikan or similar anime data providers may receive search/detail requests needed to show anime metadata.
  • Hosting providers may process request metadata such as IP address and user agent in server logs.

Your Rights

  • Access a copy of your personal data.
  • Correct inaccurate profile data.
  • Delete your account and associated personal data, subject to lawful retention needs.
  • Restrict or object to processing where GDPR allows it.
  • Receive portable data where the right to portability applies.
  • Withdraw consent where processing is based on consent, without affecting earlier lawful processing.
  • Complain to your local data protection authority.

Retention

  • Account and watchlist data are kept while your account exists.
  • Email verification tokens expire after 24 hours. Password reset tokens expire after 1 hour.
  • Authentication cookies expire after 7 days or when you log out.
  • Deleted account data should be removed or anonymized unless limited retention is required for legal, security, or backup reasons.

Public Profiles

Public profiles are private by default. If you enable the public profile option, other people with the link can view the profile data and anime list exposed by the public profile page. You can turn this off from your dashboard.

International Transfers

Some providers used by the app may process data outside the European Economic Area. Before production, confirm each provider's region, data processing agreement, transfer mechanism, and subprocessors.

Read The RulesManage Profile