Privacy Policy
Effective date: [Launch date] Last updated: [Launch date]
1. About this policy
This Privacy Policy describes how Gambit Digital Solutions Limited (“Gambit”, “we”, “our” or “us”) collects, uses, stores, and shares personal data in connection with the Cinax desktop application (“Cinax”, the “Application”) and the website at cinax.app (the “Website”). It also describes your rights in respect of that personal data.
This policy should be read together with our Terms of Use and Refund Policy, which apply to your use of Cinax and the Website.
If you do not agree with any part of this policy, please do not use Cinax or the Website.
2. Who we are
Gambit Digital Solutions Limited is a private limited company registered in England and Wales (company number 08493639), with its registered office on file with Companies House.
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Gambit Digital Solutions Limited is the data controller for personal data we process, except where this policy expressly states that another party acts as controller.
We are registered with the UK Information Commissioner’s Office (ICO) under registration number ZB184735.
Our contact details for data protection matters are:
- Email: [email protected]
- Postal: Unit 1 Mistry House, Dudley Street, Luton, Beds, LU2 0NT, United Kingdom
3. The personal data we process
The categories of personal data we may process about you depend on how you interact with Cinax and the Website. We have summarised them below.
3.1 The Cinax desktop application
The Application is installed on, and runs on, your own computer. It processes your video files, settings, and preferences locally on your device. We do not have access to those files, file names, folder paths, or any media you process with the Application, and they are not transmitted to us.
The Application stores the following data locally on your device, in a location managed by your operating system:
- Application preferences and configuration (including chosen output folders, naming patterns, and feature toggles).
- A log of file operations you have performed, retained to allow you to undo those operations.
- If you have activated Cinax Pro, your licence key.
You can delete this local data at any time by removing the relevant files from your operating system’s application support folder, or by uninstalling the Application. We do not retain a copy on our systems.
3.2 Online lookups (Cinax Pro features)
Some optional features of Cinax Pro send requests to third-party metadata databases in order to provide functionality you have requested. Specifically:
- When you use the show or movie auto-detect feature, the Application sends the parsed title from your filename to TheTVDB or The Movie Database (TMDB) to retrieve matching metadata.
- When you use anime mode, the Application sends the parsed title to AniDB for the same purpose.
These queries contain only the parsed title and a Cinax-issued API key. They do not include your full filename, folder path, account information, or identifiers we hold about you. Your device’s IP address is necessarily visible to the third-party service as part of the request, in the same way it is for any internet request from your device.
These third parties are independent data controllers in respect of any personal data they process when handling such queries. Their respective privacy notices are available at:
- TheTVDB: https://thetvdb.com/privacy
- The Movie Database: https://www.themoviedb.org/privacy-policy
- AniDB: https://anidb.net/privacy
We have no control over how these third parties process data and we are not responsible for their practices. If you do not wish to use these third-party services, you can use the free tier of Cinax, which does not connect to them.
3.3 Licence validation
If you purchase a Cinax Pro licence, the Application transmits your licence key to a validation service operated by us in order to verify the licence is valid for use. The request contains only the licence key.
Validation logs may include the licence key, an approximate timestamp, and an approximate geographic location derived from the IP address of the request, retained for fraud-prevention and licence-enforcement purposes. We retain these logs for no longer than is necessary for those purposes, and in any event for no longer than 12 months from the date of the request, after which they are deleted or anonymised.
3.4 Crash reporting
The Application includes an optional crash-reporting feature. This feature is disabled by default and will only operate if you explicitly enable it.
When enabled, the Application will send to a third-party crash analytics service (Sentry, operated by Functional Software, Inc.) technical information about unexpected errors. Before transmission, the Application removes file paths, file names, operating system usernames, home directory paths, and other potentially identifying contextual information.
The data that may be transmitted includes:
- The name and version of the Application.
- The operating system family and version.
- A description of the error, including a stack trace with potentially sensitive variables removed.
- A general timestamp.
We use this data solely to identify, diagnose, and fix software faults. Sentry processes this data as our data processor, subject to a data processing agreement and the terms of Sentry’s services. Sentry’s privacy notice is available at https://sentry.io/privacy.
We have selected the European Union region for the storage of crash data. Such data is retained by Sentry in accordance with their retention defaults (typically up to 90 days) after which it is deleted.
You can disable crash reporting at any time within the Application’s settings.
3.5 The Cinax website
When you visit cinax.app, certain limited information is automatically processed:
- Server log data: standard information necessarily generated by the act of accessing the Website (for example, the IP address from which the request originated, the browser type, the requested page, and a timestamp). We use this information for the technical operation, security, and basic statistical analysis of the Website. We retain server log data for no longer than 30 days, except where retention is necessary to investigate a security incident or to comply with a legal obligation.
- Aggregate analytics: we use a cookieless, privacy-oriented analytics service (Cloudflare Web Analytics) to collect aggregate statistical information about Website traffic. This service does not identify individual visitors or set tracking cookies. Cloudflare’s privacy notice is available at https://www.cloudflare.com/privacypolicy/.
The Website does not use cookies for advertising, tracking, or profiling. If you contact us through the Website, we will process the data you provide for the purposes set out in section 3.7.
3.6 Purchases
If you purchase Cinax Pro, the payment is processed by Stripe (Stripe Payments Europe Ltd, an Irish company) acting as the controller for personal data you provide to it during the checkout process, including your name, billing address, email address, and payment instrument details. We do not receive your payment instrument details and we do not store them.
After the payment has completed, Stripe transmits limited information to us, which may include:
- Your name and email address;
- The country and (where applicable) state or region used for tax purposes;
- The amount, currency, and reference of the transaction;
- The associated licence key issued to you.
In respect of this transmitted purchase information, we act as the data controller. We use it to:
- Deliver your licence key to the email address you provided at checkout;
- Provide customer support and process refunds, disputes, or chargebacks;
- Maintain accounting records as required by UK tax legislation;
- Detect and prevent fraud.
We retain purchase records for the period required by UK tax legislation (currently a minimum of six years from the end of the relevant accounting period), after which they are deleted or anonymised.
Stripe’s privacy notice is available at https://stripe.com/privacy.
3.7 Communications with us
If you contact us by email, through a support form, or otherwise, we will process the personal data you provide (typically your email address and the content of your message) in order to respond to your enquiry, provide support, and maintain a record of correspondence for service-quality purposes.
We retain support correspondence for no longer than is necessary for those purposes, and in any event for no longer than 24 months from the date of last contact, except where retention is necessary to deal with an ongoing matter or to comply with a legal or regulatory obligation.
4. Lawful bases for processing
We rely on the following lawful bases under UK GDPR for processing your personal data:
| Purpose | Lawful basis |
|---|---|
| Operating the Application’s local features (with no transmission to us) | Not applicable — no personal data is transmitted to us |
| Routing Pro-tier metadata queries to third-party databases | Performance of a contract (provision of Pro features requested by you) |
| Validating licences and preventing fraud | Legitimate interests (protecting Cinax from licence misuse) |
| Crash reporting | Consent (you opt in within the Application) |
| Operating the Website | Legitimate interests (operating and securing the Website) |
| Processing purchases | Performance of a contract (sale of Cinax Pro to you) |
| Maintaining accounting records | Compliance with a legal obligation (UK tax law) |
| Responding to your communications | Legitimate interests (responding to enquiries directed to us) |
Where we rely on legitimate interests, we have considered and balanced those interests against your interests, rights, and freedoms. You may object to such processing as set out in section 7.
5. Sharing your personal data
We do not sell your personal data to anyone. We share it only with the following categories of recipient, and only to the extent necessary:
- Service providers acting as our processors, who are bound by contractual obligations consistent with UK GDPR (for example, our crash analytics provider, hosting providers, and email service provider).
- Independent controllers where the law or the purpose of the processing requires it (for example, Stripe for the purpose of taking payment, and the third-party metadata databases described in section 3.2).
- Our professional advisers (such as accountants, auditors, and legal advisers) where they reasonably need access to your personal data to provide their professional services to us, and where they are subject to professional duties of confidentiality.
- Public authorities to the extent required by law (for example, in response to a valid legal request from a tax authority, law enforcement agency, or court of competent jurisdiction).
- Acquirers or successors in the event of a sale, merger, reorganisation, or insolvency of Gambit Digital Solutions Limited, subject to appropriate confidentiality and data-protection commitments.
6. International transfers
Some of our service providers (including Stripe and Sentry) operate or store data on infrastructure located outside the United Kingdom and the European Economic Area. Where personal data is transferred outside the UK or EEA, we ensure that an appropriate safeguard recognised by UK GDPR is in place — for example, the UK International Data Transfer Agreement, the European Commission’s Standard Contractual Clauses (where applicable), or an adequacy determination by the UK Information Commissioner.
You can request more information about the specific safeguards in place by contacting us at [email protected].
7. Your rights
Subject to certain conditions and exemptions set out in applicable data protection legislation, you have the following rights in respect of personal data we hold about you:
- The right to be informed about how your personal data is processed (this Policy provides that information).
- The right of access to your personal data.
- The right to rectification of inaccurate personal data.
- The right to erasure (the “right to be forgotten”).
- The right to restrict processing.
- The right to data portability.
- The right to object to processing carried out on the basis of our legitimate interests.
- Where we rely on your consent, the right to withdraw that consent at any time (without affecting the lawfulness of processing carried out before withdrawal).
- The right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. We do not currently carry out any such processing.
To exercise any of these rights, please contact us at [email protected]. We will respond within one month of receipt of your request, although in some circumstances we may extend this period by up to two further months where the request is complex or numerous.
We may need to verify your identity before fulfilling your request, for example by asking you to confirm certain information that you have previously provided to us.
You also have the right to lodge a complaint with the UK Information Commissioner’s Office:
- Online: https://ico.org.uk/make-a-complaint/
- Phone: 0303 123 1113
- Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
8. Security
We take appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include encryption of data in transit, restricted access to systems holding personal data, and selection of reputable service providers with their own security commitments.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your licence key, email account, and any credentials you use to access services associated with Cinax confidential.
9. Children’s data
Cinax and the Website are not directed at children, and we do not knowingly collect personal data from children under 16. If you believe that a child has provided personal data to us, please contact us at [email protected] and we will take appropriate steps to delete it.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we make a change, we will update the “Last updated” date at the top of this policy.
Where the change is material — for example, where we introduce a new category of processing or a new processor — we will notify users by a notice on the Website for a reasonable period, and where appropriate we will also notify affected users by email.
The continued use of Cinax or the Website after the effective date of any change constitutes acceptance of the updated policy.
11. Contact
For any questions, requests, or complaints about this Privacy Policy or our processing of your personal data, please contact us at:
Gambit Digital Solutions Limited Email: [email protected] Registered office: Unit 1 Mistry House, Dudley Street, Luton, Beds, LU2 0NT, United Kingdom Company number: 08493639 (England and Wales) ICO registration: ZB184735
This Privacy Policy should be read together with our Terms of Use and Refund Policy.