Privacy Policy
Last updated: March 2026 (JustWatch affiliate disclosure added)
Introduction
Eris ("we", "us", or "our") operates the website eris.tv (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Service. Eris is operated from Poland and is subject to the General Data Protection Regulation (GDPR) and applicable Polish and EU data protection laws. By using the Service, you agree to the collection and use of information in accordance with this policy.
Information We Collect
We collect the following categories of personal data:
Registration Data: When you create an account, we collect your name, email address, and password (stored as a secure hash — we never store plain-text passwords). You may also provide an optional avatar image, bio, profile accent color, and display preferences.
OAuth Data: If you sign in via Google or Facebook, we receive your name, email address, profile picture URL, and the provider's unique user ID. We do not receive or store your social media passwords.
Behavioral Data: We collect data about your interactions with the Service, including: watch history (episodes marked as watched with timestamps), show/actor/character subscriptions, trivia game scores and answers, show ratings and reviews, trivia pack creation and editing activity, and feature requests you submit.
Payment Data: Payments are processed by Stripe. We store your Stripe customer ID, subscription ID, price ID, payment method type and last four digits, subscription tier, amount, currency, and billing dates. We never store full credit card numbers, CVVs, or complete payment credentials.
Notification Data: If you enable push notifications, we store your Firebase Cloud Messaging (FCM) token and your per-entity notification preferences (email, push, or in-app) and global notification settings (digest day, reminder hours).
Registration Data: When you create an account, we collect your name, email address, and password (stored as a secure hash — we never store plain-text passwords). You may also provide an optional avatar image, bio, profile accent color, and display preferences.
OAuth Data: If you sign in via Google or Facebook, we receive your name, email address, profile picture URL, and the provider's unique user ID. We do not receive or store your social media passwords.
Behavioral Data: We collect data about your interactions with the Service, including: watch history (episodes marked as watched with timestamps), show/actor/character subscriptions, trivia game scores and answers, show ratings and reviews, trivia pack creation and editing activity, and feature requests you submit.
Payment Data: Payments are processed by Stripe. We store your Stripe customer ID, subscription ID, price ID, payment method type and last four digits, subscription tier, amount, currency, and billing dates. We never store full credit card numbers, CVVs, or complete payment credentials.
Notification Data: If you enable push notifications, we store your Firebase Cloud Messaging (FCM) token and your per-entity notification preferences (email, push, or in-app) and global notification settings (digest day, reminder hours).
How We Use Your Information
We use your personal data for the following purposes:
- Service Operation: To provide, maintain, and improve the Service — including episode tracking, subscriptions, personalized recommendations, trivia games, and calendar features.
- Authentication: To create and manage your account, verify your identity, and provide secure access.
- Notifications: To send you episode air date reminders, subscription updates, and other notifications you have opted into, via email, push, or in-app.
- Payments: To process Guardian subscription payments, manage billing, and provide receipts through Stripe.
- Analytics & Improvement: We use Google Analytics 4 to understand usage patterns and improve the Service. GA4 collects anonymized page view and interaction data. IP addresses are anonymized by default. You can control analytics cookies via the cookie settings on our website.
- Security: To detect and prevent fraud, abuse, and unauthorized access.
Third-Party Services
We share data with the following third-party services as necessary to operate the Service:
Stripe — Processes payments for Guardian subscriptions. Receives your email, user ID, and payment tokens. Stripe Privacy Policy.
Firebase Cloud Messaging (Google) — Delivers push notifications to your devices. Receives FCM tokens and notification payloads. Firebase Privacy Policy.
Google OAuth — Provides optional sign-in via Google. Standard OAuth flow — we receive your name, email, and profile picture. Google Privacy Policy.
Facebook OAuth (Meta) — Provides optional sign-in via Facebook. Standard OAuth flow — we receive your name and email. Meta Privacy Policy.
Google reCAPTCHA — Protects the registration form from bots. Processes your IP address and interaction patterns. Google Privacy Policy.
Google AdSense — Displays advertisements to free-tier users. May collect cookies and browsing behavior for ad targeting. Guardians (paid subscribers) do not see ads. Google Ads Privacy.
Sentry — Captures application errors for debugging. May include your user ID and email in error reports when you are authenticated. Sentry Privacy Policy.
Google Analytics 4 — Collects anonymized usage data (page views, interactions, device info) to help us understand how users interact with the Service. IP addresses are anonymized. Google Analytics Privacy. You can opt out via our cookie settings or by installing the Google Analytics Opt-out Browser Add-on.
Services that do not receive your personal data: TVMaze, TheTVDB (data sources for show information), Meilisearch (self-hosted search), Reverb (self-hosted WebSockets).
JustWatch — Displays streaming availability information on show pages via an embedded widget. The widget is loaded from JustWatch's servers and may collect your IP address, country, and browsing behavior within the widget. JustWatch operates as an affiliate partner — we may earn commission when you click through to streaming services. The widget only loads in supported countries and is subject to your advertising cookie preferences. JustWatch Privacy Policy.
Stripe — Processes payments for Guardian subscriptions. Receives your email, user ID, and payment tokens. Stripe Privacy Policy.
Firebase Cloud Messaging (Google) — Delivers push notifications to your devices. Receives FCM tokens and notification payloads. Firebase Privacy Policy.
Google OAuth — Provides optional sign-in via Google. Standard OAuth flow — we receive your name, email, and profile picture. Google Privacy Policy.
Facebook OAuth (Meta) — Provides optional sign-in via Facebook. Standard OAuth flow — we receive your name and email. Meta Privacy Policy.
Google reCAPTCHA — Protects the registration form from bots. Processes your IP address and interaction patterns. Google Privacy Policy.
Google AdSense — Displays advertisements to free-tier users. May collect cookies and browsing behavior for ad targeting. Guardians (paid subscribers) do not see ads. Google Ads Privacy.
Sentry — Captures application errors for debugging. May include your user ID and email in error reports when you are authenticated. Sentry Privacy Policy.
Google Analytics 4 — Collects anonymized usage data (page views, interactions, device info) to help us understand how users interact with the Service. IP addresses are anonymized. Google Analytics Privacy. You can opt out via our cookie settings or by installing the Google Analytics Opt-out Browser Add-on.
Services that do not receive your personal data: TVMaze, TheTVDB (data sources for show information), Meilisearch (self-hosted search), Reverb (self-hosted WebSockets).
JustWatch — Displays streaming availability information on show pages via an embedded widget. The widget is loaded from JustWatch's servers and may collect your IP address, country, and browsing behavior within the widget. JustWatch operates as an affiliate partner — we may earn commission when you click through to streaming services. The widget only loads in supported countries and is subject to your advertising cookie preferences. JustWatch Privacy Policy.
Advertising
Free-tier users may see advertisements served by Google AdSense. These ads may use cookies and similar technologies to serve personalized content based on your browsing behavior across the web. You can manage your Google ad preferences at Google Ad Settings.
Guardian subscribers (paid tier) enjoy a completely ad-free experience. No ad-related cookies or tracking scripts are loaded for Guardians.
JustWatch Affiliate Links — On show detail pages, we display streaming availability via JustWatch. When you click through to a streaming service, we may earn a commission. This is an affiliate relationship — JustWatch provides the widget and streaming data. The widget only loads in supported countries and is subject to your advertising cookie preferences.
Guardian subscribers (paid tier) enjoy a completely ad-free experience. No ad-related cookies or tracking scripts are loaded for Guardians.
JustWatch Affiliate Links — On show detail pages, we display streaming availability via JustWatch. When you click through to a streaming service, we may earn a commission. This is an affiliate relationship — JustWatch provides the widget and streaming data. The widget only loads in supported countries and is subject to your advertising cookie preferences.
Data Retention
We retain your personal data for as long as your account is active or as needed to provide you with the Service. Specific retention periods:
- Account data: Retained until you delete your account.
- Watch history and subscriptions: Retained until you delete your account.
- Trivia scores and game data: Retained until you delete your account.
- Payment records: Retained for 7 years after the last transaction, as required by Polish tax and accounting regulations.
- Error logs (Sentry): Automatically purged after 90 days.
- Server logs: Automatically purged after 30 days.
Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- All data transmitted via HTTPS/TLS encryption
- Passwords stored using bcrypt hashing (never in plain text)
- CSRF protection on all form submissions
- Rate limiting on authentication and API endpoints
- Server-side session management with secure, HTTP-only cookies
- Regular security updates and dependency patching
Your Rights Under GDPR
As a resident of the European Union or European Economic Area, you have the following rights regarding your personal data:
- Right of Access: You may request a copy of the personal data we hold about you.
- Right to Rectification: You may request that we correct inaccurate or incomplete data.
- Right to Erasure: You may request deletion of your personal data ("right to be forgotten"). You can delete your account at any time from your profile settings, or contact us.
- Right to Data Portability: You may export your data in JSON or CSV format from your profile settings at any time.
- Right to Restriction: You may request that we restrict processing of your data in certain circumstances.
- Right to Object: You may object to our processing of your data for specific purposes.
- Right to Lodge a Complaint: You may file a complaint with the UODO (Urząd Ochrony Danych Osobowych — Polish Data Protection Authority) at uodo.gov.pl.
California Residents
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:
- Right to Know: You may request details about the categories and specific pieces of personal data we have collected.
- Right to Delete: You may request deletion of your personal data.
- Right to Opt-Out: You may opt out of the "sale" of personal data. Eris does not sell your personal data to third parties.
Children's Privacy
The Service is not intended for children. You must be at least 16 years old to create an account if you are located in the EU/EEA (as required by GDPR), or at least 13 years old if located outside the EU/EEA. We do not knowingly collect personal data from children under these ages. If we discover that a child under the applicable minimum age has provided us with personal data, we will delete that data promptly. If you believe a child has provided us with their data, please contact us.
International Data Transfers
Our servers are located in Poland (European Union). Your data is primarily stored and processed within the EU. However, some third-party services (Stripe, Google, Firebase) may transfer your data to the United States or other countries. These transfers are protected by appropriate safeguards, including EU Standard Contractual Clauses and adequacy decisions where applicable.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Service or sending an email to your registered address. The "Last updated" date at the top of this page reflects the most recent revision. Your continued use of the Service after changes constitutes acceptance of the updated policy.
Contact Information
If you have questions about this Privacy Policy or wish to exercise your data protection rights, contact us at:
Email: [email protected]
Supervisory Authority: UODO — Urząd Ochrony Danych Osobowych
Email: [email protected]
Supervisory Authority: UODO — Urząd Ochrony Danych Osobowych