Privacy Policy / Aviso de Privacidad
Last updated: March 25, 2026
This Privacy Policy (Aviso de Privacidad Integral) describes how we collect, use, disclose, and protect your personal data when you use Binge Senpai. It is designed to comply with Mexico's Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP) and its Regulations, the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the CPRA (CCPA), the EU Artificial Intelligence Act, and other applicable data protection laws.
By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy. Where consent is required by applicable law, we will obtain it before processing your data for the relevant purpose.
1. Data Controller
The data controller (responsable) for your personal data is:
- Legal name: Binge Senpai
- Address: Mexico City, Mexico
- Email: [email protected]
- Website: https://bingesenpai.com
For questions about this Privacy Policy or to exercise your data protection rights, contact us at the email address above.
2. Definitions
In this Privacy Policy:
- "Binge Senpai," "we," "us," or "our" refers to Binge Senpai, the operator of the Service.
- "Service" refers to the Binge Senpai website at https://bingesenpai.com, including the progressive web application (PWA) and native mobile app wrappers.
- "You" or "user" means any individual who accesses or uses the Service, or the legal entity on whose behalf such individual acts.
- "Personal Data" (or "Personal Information" or "datos personales") means any information relating to an identified or identifiable natural person.
- "Sensitive Personal Data" (or "datos personales sensibles") means personal data that touches on the most private areas of the data subject's life or whose misuse could give rise to discrimination or serious risk — including, under Mexican law, health, sexual preferences, religious beliefs, and similar categories.
- "Senpai" refers to our AI-powered chat assistant feature.
- "ARCO Rights" refers to the rights of Access, Rectification, Cancellation, and Opposition under Mexican data protection law.
- "Processing" means any operation performed on personal data, whether automated or manual, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, erasure, or destruction.
3. Personal Data We Collect
3.1 Data You Provide Directly
| Category | Specific Data | When Collected |
|---|---|---|
| Account information | Full name, email address, password (stored as a cryptographic hash — we never store your plaintext password) | Registration |
| Profile data | Avatar image (uploaded photo or graphic). We strip EXIF metadata (GPS coordinates, device identifiers, timestamps) from uploaded images before storage. | Profile editing |
| Library data | Anime and manga tracking entries: watch/read status (planning, watching/reading, completed, paused, dropped), scores (1–10), episode/chapter progress, start and end dates, favorites | Library management |
| Collections data | Names and contents of custom collections, items in system collections (Favorites, Watchlist, Set Aside) | Collection creation and management |
| AI conversation data | Messages you send to and receive from the Senpai AI assistant, conversation titles, starred status. See Section 6 for full details | Chat with Senpai |
| Imported data | Anime/manga tracking history imported from Crunchyroll (JSON format) or MyAnimeList (XML format), including titles, statuses, scores, and custom lists. See Section 10 for full details | Library import |
| Team account data | Team name, team avatar, member email addresses, assigned roles (Admin/Member) | Team creation and member invitations |
| API tokens | Token names, creation dates, last-used timestamps. The token value itself is shown once at creation and stored as a cryptographic hash | API token creation |
| Two-factor authentication (2FA) | Encrypted TOTP shared secret (for authenticator apps), hashed backup recovery codes | 2FA setup |
| Communications | Messages you send to our support email, feedback submitted through the Service | Support contact |
3.2 Data Collected Automatically
| Category | Specific Data | Purpose |
|---|---|---|
| Usage data | IP address, browser type and version, operating system, pages visited, time and date of visit, time spent on pages, referring URL, unique device identifiers | Service operation, security, and improvement |
| Mobile device data | Device type, mobile OS, mobile device unique ID, mobile browser type | Service delivery and optimization |
| Push notification tokens | Apple Push Notification Service (APNS) device tokens, Google Firebase Cloud Messaging (FCM) tokens, browser push subscription endpoints | Delivering notifications you have opted into |
| Bot protection data | Data processed by Cloudflare Turnstile: IP address, TLS session fingerprint, User-Agent string, browser characteristics, interaction patterns (see Section 13) | Bot detection and fraud prevention |
| Security logs | Failed login attempts (IP address, timestamp, attempt count), rate-limiting records | Account security, abuse prevention |
| WebSocket connection data | ActionCable connection metadata (session ID, IP, channel subscriptions) for real-time chat streaming and notifications | Real-time feature delivery |
| Announcement read status | Whether you have viewed admin-published platform announcements | Avoiding duplicate notifications |
4. Sensitive Personal Data
We process certain categories of data that may qualify as sensitive personal data (datos personales sensibles) under Mexican law or special category data under the GDPR:
- NSFW content preferences: When you enable the NSFW content filter to view mature-rated (R-X) anime or manga titles, we record this preference in your browser session. We do not persistently store your NSFW toggle status — it resets when you log out. However, your library entries may include mature-rated titles, which could reveal information about sexual preferences — a protected sensitive data category.
- AI conversation content: In your conversations with the Senpai AI assistant, you may voluntarily share information about health, beliefs, sexuality, or other sensitive topics. We do not solicit this information, but we recognize that freely typed messages could contain it.
Under Mexican law (LFPDPPP Articles 9 and 13): Processing of sensitive personal data requires your express consent. By enabling the NSFW content filter and confirming you are 18 or older through our age verification dialog, you expressly consent to the processing of content preference data that may reveal sexual preferences. You may revoke this consent at any time by disabling the NSFW filter, removing mature-rated titles from your library, and deleting relevant AI conversations.
Under GDPR (Article 9): We process this data on the basis of your explicit consent (Article 9(2)(a)). You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
5. Purposes of Processing
Under Mexican law, we distinguish between primary purposes (necessary for our relationship with you) and secondary purposes (not strictly necessary — you may opt out).
5.1 Primary Purposes (Finalidades Primarias)
These are necessary to provide the Service and cannot be opted out of while maintaining your account:
- Creating and managing your account, including authentication and security
- Providing the core Service: anime and manga library tracking, collections, favorites, calendar, episode progress
- Operating the Senpai AI chat assistant and processing your conversations
- Processing library imports from Crunchyroll and MyAnimeList
- Delivering push notifications you have opted into (new episodes, system alerts)
- Managing team accounts, member invitations, and role assignments
- Enabling API token creation and programmatic access
- Bot protection and fraud prevention via Cloudflare Turnstile
- Enforcing our Terms of Service and protecting the security of the Service
- Responding to your support requests
- Complying with legal obligations
5.2 Secondary Purposes (Finalidades Secundarias)
These enhance your experience but are not strictly necessary. You may opt out of any secondary purpose by contacting us at [email protected] or by using the controls described below:
- Personalized recommendations: Generating "Because You Loved [X]" suggestions and algorithm-based similar titles using embedding similarity, based on your library history and scores. Opt out: contact us to disable personalized recommendations for your account.
- Personalized appeals: AI-generated "Why you should watch this" messages tailored to your library and taste profile. Opt out: same as above.
- Service improvement analytics: Analyzing aggregate usage patterns to improve features and user experience. Opt out: contact us. Note: we do not use third-party analytics services.
- Platform announcements: Informing you about new features, improvements, and updates to the Service. Opt out: contact us to unsubscribe from non-essential communications.
If you do not express your opposition to secondary purposes within 5 business days of first receiving this notice, Mexican law allows us to consider consent granted for those purposes. You retain the right to opt out at any time thereafter.
5.3 Legal Bases (GDPR)
For users in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal bases for processing are:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and core Service delivery | Performance of a contract (Art. 6(1)(b)) |
| AI chat assistant operation | Performance of a contract (Art. 6(1)(b)) |
| Security, bot protection, and rate limiting | Legitimate interests (Art. 6(1)(f)) — protecting the Service and users from abuse |
| Personalized recommendations and appeals | Legitimate interests (Art. 6(1)(f)) — enhancing user experience. You have the right to object under Art. 21 |
| Push notifications | Consent (Art. 6(1)(a)) — via OS permission dialog |
| NSFW content preference processing | Explicit consent (Art. 9(2)(a)) |
| Essential cookies | Legitimate interests / strictly necessary exemption under ePrivacy Directive |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
6. AI Chat Assistant (Senpai) and Automated Processing
6.1 Nature of the AI Assistant
Senpai is an artificial intelligence system, not a human. When you use the "Chat with Senpai" feature, you are interacting with an AI chatbot. This disclosure is provided in compliance with the EU AI Act Article 50(1), which requires that users be clearly informed when they are interacting with an AI system.
Senpai is powered by Claude, a large language model created by Anthropic, PBC (San Francisco, United States), accessed through OpenRouter, Inc. (United States) as an API intermediary.
6.2 Data Processing Chain
When you send a message to Senpai, your data flows through the following chain:
- Binge Senpai (controller) — Your message is sent from your browser via WebSocket to our servers. The full conversation history is stored in our database.
- OpenRouter, Inc. (processor) — Your message and relevant conversation context are transmitted to OpenRouter's API. OpenRouter acts as a routing intermediary and does not persistently store prompt or response content — only operational metadata for billing and abuse prevention.
- Anthropic, PBC (sub-processor) — OpenRouter forwards the request to Anthropic's Claude API. Anthropic retains API inputs and outputs for a maximum of 30 days for trust and safety purposes (abuse monitoring), then automatically deletes them. Anthropic does not use API data to train its models.
6.3 What Senpai Can Access
During a conversation, Senpai has access to tools that allow it to:
- Search our anime and manga database (by title, genre, theme, or semantic meaning)
- View your library entries, favorites, and profile statistics
- Add or modify entries in your library (status, score, progress)
- Look up characters, voice actors, staff, and studios
- Retrieve episode lists, synopses, and recommendations
- Search the web for additional context
Senpai cannot access your password, 2FA secrets, API tokens, email content, or data from other users' private accounts.
6.4 Conversation Data Storage and Limits
- Full conversation history is stored on our servers until you delete it.
- You can star, rename, and delete individual conversations at any time from the conversation sidebar.
- Each conversation has a token limit: a warning appears at approximately 30,000 tokens, and input is disabled at approximately 40,000 tokens. You may start a new conversation at any time.
- Deleted conversations are permanently removed from our database. Copies at sub-processors (Anthropic) are automatically purged within their stated retention period (up to 30 days).
6.5 AI-Generated Content
The following content on the Service is generated by AI systems and is labeled as such:
- Personalized appeals ("Why you should watch this") — generated based on your library history
- Review summaries — AI-generated summaries of community reviews
- Recommendation explanations — summaries of why users recommend one title based on another
- Senpai responses — all chat messages from Senpai
AI-generated content may contain inaccuracies. It is provided for informational and entertainment purposes and should not be relied upon as factual without independent verification.
7. Profiling and Automated Decision-Making
We use automated processing of your personal data to analyze and predict your preferences (profiling) in the following ways:
| Profiling Activity | Data Used | Logic Involved | Impact on You |
|---|---|---|---|
| Embedding-based recommendations ("Similar Anime") | Synopsis text of anime/manga in your library and the catalog | Mathematical similarity between text embeddings (vector representations of synopses). Shown as a match percentage | You see suggested titles ranked by thematic similarity. No content is hidden or restricted based on this profiling |
| Personalized appeals | Your library entries (titles, scores, statuses) | AI language model analyzes your taste profile and generates a natural-language explanation of why a title may appeal to you | You see a personalized "Why you should watch this" message on detail pages. No content is hidden or restricted |
| "Because You Loved [X]" recommendations | Your highest-rated completed anime | Community recommendation data filtered by your top-rated titles | Personalized carousel on the dashboard |
| Semantic search | Your search queries | Embedding similarity between your query and anime/manga synopses, matching by meaning rather than exact keywords | Search results ranked by thematic relevance |
No decisions with legal or similarly significant effects are made solely by automated means. Profiling is used only to personalize content discovery — it does not affect your access to the Service, account standing, pricing, or any rights.
Right to object: Under GDPR Article 21, you have the right to object to profiling based on legitimate interests at any time. Under Mexican law (LFPDPPP), you may exercise your right of opposition (Oposición) to any secondary-purpose processing. To opt out, contact us at [email protected].
8. Push Notifications and Device Tokens
If you choose to enable push notifications, we collect and process:
- Browser push subscriptions: An endpoint URL and cryptographic keys generated by your browser when you grant notification permission.
- Apple Push Notification Service (APNS) tokens: A device-specific token issued by Apple, collected if you use the Binge Senpai iOS app.
- Firebase Cloud Messaging (FCM) tokens: A device-specific token issued by Google, collected if you use the Binge Senpai Android app.
Device tokens are associated with your user account and used solely to deliver notifications you have opted into (such as new episode alerts and system notifications).
Your consent and how to revoke it:
- Browser: You grant consent via the browser permission dialog. Revoke by going to your browser's site settings for bingesenpai.com and blocking notifications.
- iOS: Go to Settings → Notifications → Binge Senpai → toggle off.
- Android: Go to Settings → Apps → Binge Senpai → Notifications → toggle off.
When you revoke notification permission, we retain your token record but mark it inactive. Tokens are deleted upon account deletion.
Third-party processors: Notification delivery involves Apple Inc. (for APNS) and Google LLC (for FCM), both located in the United States. These companies process device tokens and notification payloads in accordance with their respective privacy policies.
9. Cookies and Local Storage
We use cookies and similar technologies to operate the Service. We do not use any advertising, analytics, or third-party tracking cookies.
9.1 Cookies We Use
| Cookie | Type | Duration | Purpose | Classification |
|---|---|---|---|---|
| Session cookie | First-party | Session (or persistent if "Remember me" selected) | User authentication — keeps you logged in | Strictly necessary |
| CSRF token | First-party | Session | Cross-site request forgery protection | Strictly necessary |
| Content filter preference | First-party | Session | Remembers your SFW/NSFW display preference | Strictly necessary (user-initiated, session-only) |
| Language preference | First-party | Session | Remembers your title display language (Romaji, English, or Native) | Strictly necessary (explicit user choice) |
| Theme preference | First-party | Session / User setting | Remembers dark/light/system theme choice | Strictly necessary (explicit user choice) |
| Cookie notice acceptance | First-party | Persistent (1 year) | Records that you have seen and accepted the cookie notice | Strictly necessary |
All cookies listed above are classified as strictly necessary for the operation of the Service or are set only in direct response to an explicit action you take (setting a preference). Under the EU ePrivacy Directive, strictly necessary cookies do not require prior consent. We do not use any non-essential cookies.
9.2 Cloudflare Cookies
Cloudflare Turnstile, our bot protection service, may set its own cookies for the purpose of distinguishing human users from automated bots. These are strictly necessary for security. See Section 13 for details.
9.3 PWA Local Storage
If you install Binge Senpai as a Progressive Web App (PWA), the service worker may cache page assets (HTML, CSS, images) on your device to improve loading performance. This cached data remains on your device and can be cleared by uninstalling the PWA or clearing your browser's storage for bingesenpai.com.
Managing cookies: You can configure your browser to refuse cookies or alert you when cookies are being sent. If you disable essential cookies, some features of the Service (such as staying logged in) may not function properly.
10. Data Import and Export
10.1 Library Import
You may import your anime and manga tracking history from:
- Crunchyroll: JSON export files (v5 format), generated using the Binge Senpai Chrome Extension or Crunchyroll's export tool.
- MyAnimeList: XML export files generated by MyAnimeList's built-in export feature.
When you upload an import file:
- The file is processed on our servers to match entries against our database using a multi-step matching process (URL matching, title matching, and similarity matching).
- For multi-season series, entries may be automatically split into per-season library entries.
- You choose a conflict resolution strategy before import: skip existing entries, overwrite with imported data, or smart merge (keeping higher progress and preserving scores).
- Custom lists from Crunchyroll exports are imported as Collections.
- Imported data becomes part of your Binge Senpai library and is subject to this Privacy Policy.
- Original import files are deleted from our servers after processing.
Chrome Extension: If you use the Binge Senpai Chrome Extension to export Crunchyroll data, the extension accesses your Crunchyroll account data locally in your browser. The extension does not transmit your Crunchyroll credentials to us. The extension's data handling is governed by its own privacy disclosure in the Chrome Web Store listing, consistent with Chrome Web Store's User Data policy.
Chrome Web Store Limited Use Disclosure: Binge Senpai's use and transfer to any other app of information received from browser APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. The extension only uses collected data (account information, session cookies, and watch history) to generate a local export file. No data is transmitted to any server other than the user's own streaming service. No data is sold, transferred to third parties, or used for advertising.
We are not responsible for the accuracy or completeness of data imported from third-party platforms. We recommend reviewing your imported library after the process completes.
10.2 Data Export (Portability)
You have the right to receive your personal data in a structured, commonly used, machine-readable format (GDPR Article 20; LFPDPPP data portability right under the 2025 reform). To request an export of your data, contact us at [email protected]. We will provide your data within the timeframes described in Section 16.
11. Team Accounts
If you create or join a Team account:
- Team administrators can view the names, email addresses, and roles of all team members.
- When a team member is invited by email, the inviter's name and the team name are disclosed to the invitee in the invitation email.
- Accepting an invitation discloses your name and email to the team's administrators.
- Team ownership transfers disclose account information between the transferor and transferee.
- Each team member's personal library, AI conversations, and favorites remain private to their individual account unless they choose to share them.
When you join a team, you consent to the disclosure of your name and email address to the team's administrators. You may leave a team at any time, which revokes this access (though historical records of your membership may be retained for audit purposes).
12. API Access
You may create API tokens to access Binge Senpai programmatically. When you do:
- We store the token name and creation date. The token value is displayed once at creation — we store only a cryptographic hash and cannot recover the plaintext token.
- We record the last-used timestamp each time the token is used, for your security monitoring.
- API tokens grant the same access as your authenticated session. You are responsible for keeping tokens secure.
- You may revoke (delete) any token at any time from your account settings. Revocation is immediate and permanent.
13. Bot Protection (Cloudflare Turnstile)
We use Cloudflare Turnstile (including invisible mode) to protect the Service from bots and automated abuse during registration, login, and other security-sensitive actions.
When Turnstile operates, Cloudflare processes:
- Your IP address
- TLS session fingerprint
- User-Agent string and browser characteristics
- Interaction patterns (mouse movements, timing)
For this processing, Cloudflare acts as a data processor on our behalf for the purpose of bot detection, and as an independent data controller for its own limited service improvement purposes, as described in the Cloudflare Turnstile Privacy Addendum.
Cloudflare is a participant in the EU–U.S. Data Privacy Framework.
14. Security Measures
We implement commercially reasonable security measures to protect your personal data, including:
- Password security: Passwords are stored using one-way cryptographic hashing. We never store or have access to your plaintext password.
- Two-factor authentication (2FA): Optional TOTP-based 2FA via authenticator apps (Google Authenticator, Authy, etc.). TOTP secrets are encrypted at rest. Backup codes are stored as cryptographic hashes. All 2FA data is permanently deleted upon account deletion.
- Rate limiting: Login and registration attempts are limited to 10 per 3-minute window to prevent brute-force attacks.
- HTTPS encryption: All data transmitted between your device and our servers is encrypted using TLS.
- CSRF protection: Cross-site request forgery tokens on all state-changing requests.
No method of electronic transmission or storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security. If you discover a security vulnerability, please report it to [email protected].
15. Data Retention
We retain your personal data only as long as necessary for the purposes described in this Privacy Policy. When retention periods expire, we securely delete or anonymize the data.
| Data Category | Retention Period |
|---|---|
| Account information | Duration of your account plus up to 24 months after closure |
| Library data, collections, and favorites | Duration of your account. Deleted with your account |
| AI conversation data (on our servers) | Until you delete the conversation, or until account deletion |
| AI conversation data (at Anthropic) | Up to 30 days (automatically purged by Anthropic) |
| AI conversation data (at OpenRouter) | Operational metadata only; no prompt/response content retained |
| Import files | Deleted after processing is complete |
| Push notification tokens | Duration of your account. Deleted with your account |
| Usage data and server logs | Up to 24 months from collection |
| Security logs (failed logins, rate limits) | Up to 24 months for security monitoring |
| Support correspondence | Up to 24 months from ticket closure |
| API tokens | Until revoked by you, or until account deletion |
| 2FA secrets and backup codes | Until you disable 2FA, or until account deletion |
We may retain data beyond these periods when required by law (such as financial records for tax authorities), necessary to establish, exercise, or defend legal claims, or when residual copies exist in encrypted backups scheduled for routine deletion.
When data is deleted, it is removed from active systems. Residual copies in encrypted backups are overwritten through our routine backup rotation cycle and are not restored except for disaster recovery.
16. Your Rights
16.1 Rights Under Mexican Law (ARCO Rights — LFPDPPP)
If you are in Mexico, you have the following ARCO rights:
- Acceso (Access): Request confirmation of whether we process your personal data and obtain a copy.
- Rectificación (Rectification): Request correction of inaccurate or incomplete personal data.
- Cancelación (Cancellation/Deletion): Request deletion of your personal data when it is no longer necessary for the stated purposes.
- Oposición (Opposition): Object to the processing of your personal data for specific purposes, particularly secondary purposes.
- Data portability: Request your data in a portable, machine-readable format (2025 LFPDPPP reform).
- Revocation of consent: Revoke previously granted consent at any time.
- Object to automated decisions: Object to decisions made solely through automated processing that produce legal effects or significantly affect you (2025 LFPDPPP reform).
How to submit an ARCO request:
Send an email to [email protected] including:
- Your full name and email address associated with your account
- A copy of an official identification document (to verify your identity)
- A clear description of the right you are exercising and the specific personal data involved
- Any documents supporting your request (if applicable)
Response times: We will acknowledge your request within 20 business days and, if approved, implement it within an additional 15 business days, in accordance with LFPDPPP Article 32.
Regulatory authority: If you are unsatisfied with our response, you may file a complaint with Mexico's Secretaría de Anticorrupción y Buen Gobierno (SABG), which assumed data protection enforcement responsibilities following the dissolution of INAI under the March 2025 constitutional reform. Contact: https://www.gob.mx/anticorrupcion.
16.2 Rights Under GDPR (EEA, UK, Switzerland)
If you are in the European Economic Area, United Kingdom, or Switzerland, you have the following rights:
- Access (Art. 15) — Request a copy of your personal data and information about how it is processed.
- Rectification (Art. 16) — Request correction of inaccurate data.
- Erasure (Art. 17) — Request deletion ("right to be forgotten") when data is no longer necessary, you withdraw consent, or you object to processing.
- Restriction of processing (Art. 18) — Request that we limit processing in certain circumstances.
- Data portability (Art. 20) — Receive your data in a structured, commonly used, machine-readable format.
- Object to processing (Art. 21) — Object to processing based on legitimate interests, including profiling. We will cease processing unless we demonstrate compelling legitimate grounds. You may object to profiling at any time.
- Withdraw consent (Art. 7(3)) — Withdraw consent at any time without affecting prior lawful processing.
- Not be subject to automated decisions (Art. 22) — Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Note: Our automated profiling (recommendations, appeals) does not produce such effects.
To exercise these rights, contact [email protected]. We will respond within one month (extendable by two months for complex requests). You also have the right to lodge a complaint with your local data protection supervisory authority.
16.3 Rights Under CCPA (California, USA)
If you are a California resident, you have the following rights under the CCPA/CPRA:
- Right to know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it.
- Right to delete: Request deletion of your personal information, subject to certain exceptions.
- Right to correct: Request correction of inaccurate personal information.
- Right to opt out of sale/sharing: We do not sell your personal information and do not share it for cross-context behavioral advertising.
- Right to limit use of sensitive personal information: You may direct us to limit processing of sensitive personal information to what is necessary for the Service.
- Right to opt out of automated decision-making technology (ADMT): Under the CCPA's ADMT regulations effective January 1, 2026, you have the right to opt out of profiling used for behavioral advertising or decisions with significant effects. Our profiling is used only for content recommendations within the Service.
- Non-discrimination: We will not discriminate against you for exercising any of these rights.
To exercise these rights, contact [email protected]. We will verify your identity and respond within 45 days.
"Do Not Sell or Share My Personal Information": We do not sell or share personal information. If this changes, we will provide a conspicuous opt-out link on the Service.
17. International Data Transfers
Binge Senpai is operated from Mexico with servers hosted in the United States. Your personal data may be transferred to and processed in countries other than your own through the following processors:
| Recipient | Country | Role | Data Transferred | Privacy Policy |
|---|---|---|---|---|
| OpenRouter, Inc. | United States | Processor | AI conversation prompts and context | openrouter.ai/privacy |
| Anthropic, PBC | United States | Sub-processor | AI conversation prompts and context (via OpenRouter) | anthropic.com/privacy |
| Cloudflare, Inc. | United States (global CDN) | Processor + independent controller | IP, TLS fingerprint, User-Agent, browser data (Turnstile) | Turnstile Privacy Addendum |
| Apple Inc. (APNS) | United States | Processor | Device tokens, notification payloads | apple.com/legal/privacy |
| Google LLC (FCM) | United States | Processor | Device tokens, notification payloads | policies.google.com/privacy |
Under Mexican law (LFPDPPP Articles 36–37): Transfers to third-party controllers (transferencias) require your consent unless an exception applies. Transmissions to our processors (remisiones) do not require your consent but are governed by written data processing agreements that require the processor to observe the same obligations under this Privacy Policy. By using the Service, you acknowledge that your data will be processed in the countries listed above.
Under GDPR: For transfers outside the EEA, we rely on the EU–U.S. Data Privacy Framework (for participating recipients), Standard Contractual Clauses (SCCs) approved by the European Commission, or other appropriate safeguards as required by Chapter V of the GDPR. Cloudflare is a participant in the EU–U.S. Data Privacy Framework. You may request a copy of the relevant transfer safeguards by contacting us.
18. Data Sharing
Beyond the processors listed in Section 17, we may share your personal data in these situations:
- With other users: If you use public features of the Service (such as public collections or public profiles, if and when implemented), information you choose to make public may be visible to other users.
- Within teams: As described in Section 11, team administrators can view member names, emails, and roles.
- Business transfers: In connection with a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you before your data becomes subject to a different privacy policy.
- Legal requirements: We may disclose your data if required by law, court order, or government request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, prevent fraud, or respond to a government request.
- With your consent: We may share your data for other purposes with your explicit consent.
We do not sell your personal data. We do not share your personal data with third parties for their own marketing purposes.
19. Children's Privacy and Age Restrictions
Binge Senpai operates a two-tier age system:
19.1 General Minimum Age: 18
The Service is not directed at anyone under the age of 18. We do not knowingly collect personal data from anyone under 18. This age minimum reflects both Mexican civil law (where individuals under 18 are minors requiring parental/guardian consent) and the nature of our Service, which includes AI chat features and access to content databases that may contain mature material.
If you are a parent or guardian and believe your child under 18 has provided us with personal data, please contact us at [email protected]. We will take steps to delete that information from our servers.
19.2 NSFW Content: 18+
Access to mature-rated content (rated R-X) requires affirmatively confirming that you are 18 or older through an age verification dialog. Enabling the NSFW filter constitutes your declaration that you meet this age requirement.
19.3 COPPA Compliance (United States)
Although the Service is not directed at children under 13, we comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will promptly delete it and terminate the associated account.
20. Links to Other Websites
The Service contains links to third-party websites and services, including anime streaming platforms, external databases (MyAnimeList, AniList), YouTube video embeds, and other external resources. We have no control over the content, privacy policies, or practices of these third-party services. We encourage you to review the privacy policy of every external site you visit.
21. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.
How we notify you:
- We will post the updated Privacy Policy on this page with a new "Last updated" date.
- For material changes (new categories of data collected, new processors, changes to your rights), we will notify you by email and/or a prominent in-app announcement at least 15 days before the changes take effect.
- For minor changes (clarifications, formatting), updated posting on this page is sufficient notice.
Continued use of the Service after the effective date of changes constitutes acceptance of the updated policy. If you disagree with the changes, you may delete your account.
22. Contact Us
If you have questions about this Privacy Policy, want to exercise your rights, or need to report a privacy concern:
- Email: [email protected]
- Location: Mexico City, Mexico
We aim to respond to all inquiries within 20 business days (Mexico) or one month (GDPR), whichever is shorter.