Privacy Policy
Last updated: April 15, 2026 · Effective: April 22, 2026.
This Privacy Policy describes how AICM Media Group LLC (“AICMonitor”, “we”, “our” or “us”) collects, uses, shares and protects personal information when you visit aicmonitor.net, read our weekly bulletin, or otherwise interact with our editorial observatory of independent cinema (collectively, the “Service”). By accessing the Service, you acknowledge that you have read and understood this Policy.
§ 1Who we are
AICM Media Group LLC is a California limited liability company registered with the California Secretary of State under Entity No. 6138495, with its principal place of business at 11601 Wilshire Boulevard, Suite 1100, Los Angeles, CA 90025, United States. For the purposes of the EU/UK GDPR, AICM Media Group LLC acts as the data controller of the personal data processed via the Service, unless expressly stated otherwise.
§ 2What we collect
We only collect what we genuinely need to publish the Service. The categories below describe the information we process:
- Account and subscription data: email address, display name, password (hashed), language and region preference, and — if you register as a filmmaker or studio — the film title, verification documents and a production contact.
- Reader profile: optional avatar, bio, programs followed, reading lists and any comments you post to essays.
- Content data: films, captions, descriptions, stills and press kits you submit as a filmmaker or studio.
- Usage data: which essays you open, how long you read them, which films you play and where you stopped. This is what shapes the Friday bulletin.
- Device and log data: IP address, browser type and version, operating system, device identifiers, referring URL, timestamps and crash reports.
- Approximate location: derived from your IP address at the country/region level. We do not request precise GPS coordinates.
- Correspondence: messages you send to our desk, survey responses and similar correspondence.
We do not collect payment card data from readers — the bulletin is free and there is no paid subscription. Brand partners who sign paid publishing agreements are billed outside the reader Service; related invoicing data is handled by our payment processors and is never stored in full on our servers.
§ 3How we use your information
We use personal information for the following purposes:
- To operate, maintain and secure the Service, including authentication, abuse prevention and debugging.
- To assemble and personalise the weekly bulletin, recommendations and search results.
- To communicate with you about updates, security notices, policy changes and optional editorial news.
- To verify filmmaker and studio channels and to enforce the Terms of Service.
- To comply with legal obligations, respond to lawful requests and protect the rights and safety of our readers, our staff and the public.
- To generate aggregated, non-identifiable analytics about how the Service is used.
§ 4Legal bases (EEA/UK readers)
Where the EU/UK GDPR applies we rely on the following legal bases:
| Processing | Legal basis |
|---|---|
| Providing the Service, account administration | Contractual necessity (Art. 6(1)(b)) |
| Security, fraud prevention, debugging | Legitimate interests (Art. 6(1)(f)) |
| Personalised recommendations, optional analytics | Consent (Art. 6(1)(a)) where required |
| Bulletin and editorial emails | Consent, withdrawable at any time |
| Legal and regulatory compliance | Legal obligation (Art. 6(1)(c)) |
§ 5Sharing of information
We do not sell personal data. We share information only in the following circumstances:
- Service providers who process data on our behalf under strict contractual controls — hosting (Amazon Web Services US-West-2 and EU-West-1), content delivery (Cloudflare, Inc.), transactional email (Postmark), error tracking (Sentry), product analytics (PostHog Inc.) and reader support (Front App, Inc.).
- Other readers, but only for information you have made public, such as your display name, avatar and public comments.
- Authorities, when we are legally required to do so or to protect the rights, property or safety of AICMonitor, its readers or the public.
- In a corporate transaction, such as a merger, acquisition or sale of assets, subject to appropriate confidentiality protections and notice where required.
§ 6International data transfers
AICMonitor is headquartered in the United States and our primary servers are located in the United States and the European Union. When personal data leaves the EEA or the UK, we rely on Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum and, where applicable, adequacy decisions. A copy of the relevant transfer mechanism is available on request from privacy@aicmonitor.net.
§ 7Retention
We keep personal data only as long as needed for the purposes described in this Policy. Account data is retained for as long as you keep your account plus up to 90 days for backups. Usage logs are retained for a maximum of 14 months. Trust & safety records (such as strikes for policy violations) may be kept for up to 36 months.
§ 8Your rights
Depending on where you live you may have the right to: access your personal data; correct inaccurate data; delete data; restrict or object to processing; port your data; and withdraw consent at any time. California residents additionally have the rights described in the CCPA/CPRA, including the right to know, delete, correct and limit the use of sensitive personal information, and the right not to be discriminated against for exercising those rights.
To exercise any of these rights please write to privacy@aicmonitor.net or use the forms on our data deletion page. We will respond within 30 days (45 days for California residents where permitted).
§ 9Children
The Service is not directed to children under the age of 13 (or under 16 in the EEA and the UK). We do not knowingly collect personal data from such children. If you believe a child has provided us with information please contact us and we will delete the data.
§ 10Security
We apply industry-standard technical and organisational measures: TLS 1.3 in transit, AES-256 at rest, role-based access control, single sign-on for staff, mandatory two-factor authentication, regular penetration testing and annual SOC 2 Type II audits. No system is perfectly secure — if we detect a breach that affects you we will notify you in line with applicable law.
§ 11Third-party services
The Service may contain links to third-party websites (for example, a filmmaker’s own portfolio linked from an essay). We are not responsible for the practices of those third parties and recommend you read their own privacy notices.
§ 12Changes to this Policy
We may update this Policy from time to time. Material changes will be announced on this page with a new effective date and, where appropriate, via email. Your continued use of the Service after the update constitutes acceptance of the new Policy.
§ 13Contact
Data Protection Officer — AICM Media Group LLC
11601 Wilshire Boulevard, Suite 1100, Los Angeles, CA 90025, United States
Email: privacy@aicmonitor.net
EU representative (Art. 27 GDPR): CE-Europe Data Representation B.V., Herengracht 282, 1016 BX Amsterdam, Netherlands.