templaitemanager.com, apps.templaitemanager.com, every brand site built on the platform, and every mobile app packaged from those sites unless a specific brand overrides it with its own policy.Templaitemanager is a website + mobile app platform operated by Gen On Demand LLC ("we", "us", "our"). We build brand-specific community, cinema and commerce sites and package them into installable web + native apps.
Data controller for platform-level data: Gen On Demand LLC, contactable at apps@genondemand.com. For any brand hosted on our platform that publishes its own privacy policy, that brand is the controller for its own user data and we act as a data processor on its behalf.
This policy applies to:
templaitemanager.com and its subdomains (apps.templaitemanager.com, etc.)lionwithamic.com, johncenacinema.com) — as a baseline that individual brands may replace with a brand-specific policy at /privacy/It does not apply to third-party sites we link to (see section 23), payment processors that show you their own checkout, or third-party stores you download our apps from.
localStorage, a device identifier stored by the app (persistent per install)We do not intentionally collect sensitive personal information (race, religion, health, biometrics, precise geolocation, sexual orientation, government IDs). If you voluntarily include this in content you post, it becomes part of that content and is governed by our normal use + retention rules.
| Purpose | What it means |
|---|---|
| Deliver the service | Show you the pages, chat rooms, videos, bookings, and features you request. Sync your favorites, votes, and progress across devices. |
| Authenticate you | Log you in, keep you logged in, protect your account, prevent takeover. |
| Personalize | Show your name, your color, your favorites; surface content relevant to lobbies you joined. |
| Communicate with you | Send transactional emails (welcome, receipts, password reset), respond to your support messages, deliver in-app notifications you opted into. |
| Improve the platform | Understand which features are used, where errors occur, how long pages take to render, and use that to fix bugs and prioritize work. |
| Security + integrity | Detect spam, abuse, fraud, bot activity, account takeover, and enforce Terms of Service. |
| Legal + compliance | Respond to lawful requests, defend or bring legal claims, and comply with tax, export, and consumer-protection laws. |
| Business operations | Aggregate usage data (never identifying you individually) to inform product decisions, investor reports, and platform capacity planning. |
We do not use your personal information to train third-party AI models. We do not sell your personal information (see section 18). We do not use your content for advertising outside the platform.
For users in the European Economic Area, United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR / UK-GDPR / Swiss FADP:
| Basis | When we use it |
|---|---|
| Contract (Art. 6(1)(b)) | Providing you the service you signed up for — accounts, chat, bookings, media playback. |
| Legitimate interest (Art. 6(1)(f)) | Fraud + abuse detection, product analytics, security logging, sending service-related emails. |
| Consent (Art. 6(1)(a)) | Non-essential cookies, marketing emails, push notifications, precise location if we ever ask for it. |
| Legal obligation (Art. 6(1)(c)) | Tax records, responding to lawful requests, complying with retention obligations. |
| Vital interest (Art. 6(1)(d)) | Rare — protecting life or safety in emergencies. |
You can withdraw consent at any time (section 27); withdrawing consent does not affect the lawfulness of processing done before withdrawal.
| Category | Providers | What they process |
|---|---|---|
| Hosting + CDN | Hetzner / Contabo / OVH / Cloudflare | All page and API traffic |
| Database | Airtable | Account records, chat messages, membership tiers, bookings, favorites, shares |
| Workflow automation | n8n (self-hosted) | Business logic between endpoints and Airtable |
| Auth (optional) | Google / Apple / Facebook (OAuth) | Login identity verification when you use social sign-in |
| Payments | Stripe / Apple / Google Play Billing | Payment tokens, transaction records |
| Email delivery | Zoho / SendGrid / Postmark | Transactional + password reset emails |
| Push notifications | Firebase Cloud Messaging (FCM) / Apple Push (APNS) | Device tokens + notification payloads (never sensitive data) |
| Video playback | YouTube (embed) | Video ID + playback events — YouTube's own privacy policy applies to what they collect from the embed |
| App analytics | Play Console + App Store Connect built-in analytics only — no third-party SDK | Install / crash / retention aggregates |
The specific list per brand may vary. Where we act as a processor for a brand, that brand chooses its own sub-processors and lists them in its brand-specific policy.
| Category | Retention |
|---|---|
| Account records | For as long as your account is active. Deleted within 30 days of account deletion, except records we are legally required to keep. |
| Chat + community posts | Kept as long as the brand's community is live, unless you delete them earlier. Anonymized on account deletion (username stripped, content retained if it is part of a public thread). |
| Bookings + payments | 7 years (tax + consumer-protection compliance). |
| Server access logs | 90 days. |
| Crash + diagnostic logs | 30 days. |
| Marketing consent records | 3 years after last activity. |
| Support tickets | 2 years after resolution. |
Aggregated / de-identified data (that can no longer identify you) may be retained indefinitely.
We use the following technical + organizational safeguards:
No perfect security No online service can guarantee absolute security. If we ever suffer a security incident affecting your data, we will notify you and the relevant authorities as required by law (typically within 72 hours for EU/UK residents under GDPR).
Our servers are located in the European Union and the United States. If you access the service from another region, your data will be transferred to and processed in those locations. Where the transfer is from the EEA / UK / Switzerland to a country without an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (SCCs) or the UK International Data Transfer Addendum.
You can request a copy of the relevant transfer safeguards by contacting apps@genondemand.com.
If you are a resident of a US state with a comprehensive privacy law, you have the right to:
How to exercise: email apps@genondemand.com from the email on your account, or use the in-app "Delete my account" flow (Settings → Privacy). We respond within 45 days (extendable once by 45 days).
Authorized agents may submit requests on your behalf with your verifiable written authorization.
California "Shine the Light" (Civ. Code § 1798.83): we do not disclose personal information to third parties for their direct marketing purposes.
If you are located in the EEA, UK, or Switzerland you have the following rights:
Exercise these rights by emailing apps@genondemand.com. We respond within 30 days (extendable by 60 days for complex requests).
apps@genondemand.com.Our platform is not directed to children under 13 (or under 16 in some jurisdictions). We do not knowingly collect personal information from children under those ages. If we learn we have collected data from a child under the applicable age, we will delete it promptly.
If you are a parent or guardian and believe we have collected data from your child, contact apps@genondemand.com and we will remove it.
Some brands hosted on the platform may be intended for a younger audience. Those brands provide additional protections in their own brand-specific privacy policy.
We respect the Global Privacy Control (GPC) signal for users in jurisdictions where it is legally recognized (California, Colorado, Connecticut). When we receive a GPC signal, we treat it as an opt-out of "sale" and "sharing" — although we do not sell or share personal information in that sense anyway.
Because there is no industry consensus on Do Not Track (DNT), we do not currently respond to DNT signals differently.
No sale We do not sell your personal information for money. We do not "share" it for cross-context behavioral advertising as defined under California law. We do not rent, trade, or barter personal information.
If we ever change this position, we will update this policy, notify existing users, and provide an opt-out before any sale or sharing begins.
The core platform does not show third-party advertisements. Some hosted brands may show sponsored content or run their own ad programs — those are governed by that brand's policy.
We do not use tracking pixels or advertising SDKs from Meta, Google Ads, TikTok, or similar networks in our apps.
We use only first-party analytics (usage counts + performance metrics stored in our own database) and the built-in aggregate analytics that Google Play Console and Apple App Store Connect provide to any developer. We do not use Google Analytics, Meta Pixel, Mixpanel, or similar third-party analytics services.
Aggregate analytics do not personally identify you.
If you enable notifications, we may send you:
You can turn off notifications from your device Settings or in the app's Settings → Notifications. Transactional notifications required to deliver a service you requested (e.g. a payment receipt) will still be sent.
Content you post in public lobbies, threads, or profile pages is visible to other users of that brand. Do not post anything you wouldn't want public. You are responsible for the content you upload; see our Terms of Service for detail.
You can delete your own content at any time. Deleted content is removed from public view immediately and purged from backups within 30 days, except where retention is legally required.
Our platform contains links to third-party websites (YouTube, social media, brand-partner sites). We are not responsible for their content or privacy practices. Their policies apply once you leave our platform.
We do not use automated decision-making that produces legal or similarly significant effects on you. We do use automated systems to:
You can request human review of any account action taken against you (see section 25).
First: email us at apps@genondemand.com. We take complaints seriously and try to resolve them promptly.
If you are not satisfied with our response, you can contact your local privacy regulator:
We may update this policy from time to time to reflect changes in our practices, new features, or legal requirements. When we do:
Questions, requests, or complaints:
apps@genondemand.comsupport@genondemand.comFor EU / UK data-protection requests, mark your message "GDPR Request" and we will route it to the responsible team.
We aim to respond within 30 days (or 45 days for US state privacy requests, extendable once by the same period for complex cases).