Privacy Policy

Last updated: 13 June 2026

This policy explains what personal data Screendm collects, why we collect it, who we share it with, and the rights you have over it. It covers both this public website (including the launch waitlist) and the Screendm platform once you create an account.

Screendm is currently in a private testing phase. We collect as little as we can to run the service and to learn from your feedback, and we do not sell your data or use it for advertising.

Who we are

Screendm is a service operated by Screen Origins Limited, a company registered in England and Wales (company number 13745377), with its registered office at 128 City Road, London, EC1V 2NX, United Kingdom. Screen Origins Limited is the data controller responsible for your personal data.

For anything to do with your data or this policy, contact us at info@screendm.co.uk.

The data we collect

On the public website and waitlist

If you join the launch waitlist, we collect your email address and the time you signed up. To protect the form from bots we briefly hold a one-way cryptographic hash of your IP address (not the address itself) for about an hour, then it is discarded. On the public website we use no cookies, no analytics, and no behavioural tracking.

When you use the Screendm platform

We collect:

  • Account details: your email address and a password (stored only as a secure hash by our authentication provider).
  • Profile details: the information you choose to add, such as your display name, handle, discipline, university or institution, short bio, and avatar image.
  • Content you create: posts, projects, comments, messages, crew credits, community activity, reactions, favourites, and reports you submit.
  • Limited technical data: a temporary hashed IP address used for rate limiting (held briefly, never stored in the clear), basic error diagnostics if something goes wrong, and cookieless usage analytics described below.
  • Your choices: your settings, and whether you opted in to receive product update emails.

How we use it, and our lawful basis

Under UK GDPR we must have a lawful basis for each use. Ours are:

  • Running your account and showing your content (creating your profile, publishing your posts, delivering your messages, operating communities and the feed). Basis: performance of our contract with you, namely these terms of use.
  • Keeping the platform safe (rate limiting, spam and abuse prevention, moderation, error monitoring, and security). Basis: our legitimate interests in protecting the service and its users.
  • Understanding how the product is used, so we can improve it during this testing phase. Basis: our legitimate interests in developing the service. This is cookieless and never used for advertising.
  • AI features (described below). Basis: our legitimate interests in providing and improving helpful automated features such as tag suggestions and content moderation.
  • Waitlist and product update emails. Basis: your consent, which you give by joining the waitlist or ticking the updates box, and which you can withdraw at any time.

AI features

Some features use a large language model provided by Anthropic (the Claude API). When you use these features, the relevant text is sent to Anthropic to produce a result and then returned to the platform. This includes automatic tag suggestions, content normalisation, and the scoring that helps us triage reports.

Anthropic acts as our data processor for this. Under Anthropic's commercial API terms, the text we send is used only to provide the feature and is not used to train AI models. Anthropic is based in the United States, so this involves a transfer outside the UK, which we cover with the safeguard described below.

Analytics

Inside the signed-in platform we use PostHog for privacy-focused, cookieless product analytics, to understand which features are used so we can improve them. It stores nothing on your device, no cookies and no local storage. Events are linked to your account so we can understand usage, but we do not build advertising profiles and we do not share them with advertisers. PostHog is our data processor and our PostHog project is hosted in the European Union. This analytics never runs on the public website.

Cookies

The only cookies we set are the strictly necessary ones that keep you logged in when you use the platform. We do not use advertising, marketing, or tracking cookies anywhere, which is why you will not see a cookie banner.

Who we share it with

We do not sell your data and we do not share it for advertising. We use a small number of service providers who process data on our behalf, under contract and only for the purposes below:

  • Supabase:database, sign-in, and file storage (your account, profile, content, and uploads). Hosted in the European Union.
  • Vercel:application hosting and server logs. United States.
  • Resend:sending emails such as verification and notifications. United States.
  • Upstash:temporary hashed-IP rate limiting. Outside the UK.
  • Anthropic:the AI features described above. United States.
  • PostHog:cookieless in-app analytics. European Union.
  • Sentry:error monitoring so we can fix faults. United States.

We may also disclose data if we are required to by law, or to protect the safety of people using Screendm.

Sending data outside the UK

Some of our providers are based outside the UK, as noted above. Where data is stored in the European Union, the UK recognises it as having equivalent protection, so no extra safeguard is needed. Where data goes to the United States or elsewhere, we rely on the UK International Data Transfer Addendum to the European Commission Standard Contractual Clauses as the appropriate safeguard.

How long we keep it

  • Your account and content are kept for as long as your account exists. We do not delete accounts for inactivity. You can delete your account at any time from your settings, with a choice to delete everything or to anonymise your content so it stays but is no longer linked to you. Deletion is immediate: your data is removed from the live service straight away. Copies held in our hosting provider's routine backups are overwritten within 30 days.
  • Hashed IP data for rate limiting is held for about an hour and then discarded.
  • Data export links you request remain valid for seven days.
  • Waitlist emails are kept until we email you about launch, or for up to 90 days after launch if you do not create an account.
  • End of the testing phase. Screendm is a private test. If we end the testing phase and you have not moved to the live service or asked us to keep your data, we will delete your test account and its content within 30 days.

Your rights

Under UK GDPR you have the right to:

  • access the personal data we hold about you;
  • have it corrected if it is wrong;
  • have it deleted;
  • receive it in a portable format;
  • object to, or ask us to restrict, our processing of it;
  • withdraw your consent at any time, where consent is the basis we rely on.

You can edit your profile, export your data, and delete or anonymise your account directly in your settings at any time. For anything else, email info@screendm.co.uk and we will respond within one month.

Children

Screendm is intended for people aged 16 and over. It is not directed at children under 16, and we do not knowingly collect their data. If you believe a child under 16 has created an account, please tell us and we will remove it.

Complaints

If you are unhappy with how we have handled your data, please contact us first at info@screendm.co.uk so we can put it right. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

Changes to this policy

We may update this policy as Screendm develops. We will post any update here and change the date at the top. If a change is significant, we will take reasonable steps to let you know.

← Back to Screendm